Cyberthreats and IT governance are top risk areas for companies’ audit plans next year, according to marketing and research firm Gartner. The drivers of cyberthreats have evolved as a result of new geopolitical conflicts and the heightened prospect of state-sponsored attacks,” according to Leslee McKnight, VP, Gartner Legal
Gartner says that while most chief auditors indicate they plan to address cybersecurity next year, only 42% expressed a high level of confidence in their ability to provide adequate assurance in this area.
The top risk focus areas identified:
- IT Governance
- Data Governance
- Third-Party Risk Management
- Organizational Resilience
- Environmental, Social and Governance (ESG)
- Supply Chain
- Macroeconomic Volatility
- Workforce Management
- Cost Pressures
- Climate Degradation
Three key themes drove the risks this year including a “renationalization of resources” and a “triple squeeze” of growing cost pressures, supply chain risks and labor scarcity. The final theme, the need to “rethink organizational resilience,” is unique as its own distinct risk area and a driver of a multitude of other risks, according to Gartner.
“The ability to withstand crises and disruptions may become more critical next year, and many organizations still take a limited view of resilience, mostly focused on business continuity and IT disaster recovery. This narrow view of resilience fails to account for additional risks impacting resilience including greatly increased economic volatility and impacts from climate degradation.”
“Rethinking resilience is a key theme that underlies a diverse set of risks facing organizations in 2023, including economic volatility, climate degradation and third-party risk management,” said McKnight.