Your Challenge:
Impending audits intimidate CIOs and business executives – and for good reason.
A failed audit can result in punitive fines and injunctions that disrupt continuing operations until violations are resolved.
These highly visible failures are best prevented through auditor-enterprise collaboration and pragmatic audit management.
Our Advice:
Critical Insight
Shift the audit paradigm: auditors need to be enabled, not resisted.
Auditors provide a value-added service that you are paying for. Establishing an effective relationship and enabling the audit team can ensure you get value from the engagement. However, you must also be vigilant in mitigating the risk of damaging findings
.
Impact and Result
Effective audit management means acting with kindness to establish an effective relationship and taking vigilant, calculated steps to reduce the risk of adverse findings.
Clarify the audit scope and prepare documentation in advance.
Start off on a positive note and enable the auditor.
Manage audit logistics to minimize business disruption.
Dispute unwarranted findings.
Continuously improve your auditability.
1. Survive an Impending Audit. Razor thin margin for error, high stakes.
Impending audits intimidate CIOs and business executives – and for good reason. A failed audit can result in punitive fines and injunctions that disrupt continuing operations until violations are resolved.
These highly visible failures are best prevented through auditor-enterprise collaboration and pragmatic audit management.
A failed audit puts your organization at risk of:
Punitive Fines: If your organization is being audited by a legal regulator, non-compliance can result in fines. Severe non-compliance can cost millions of dollars.
Punitive Injunctions: Take credit card payments? Not anymore. Failing to comply with PCI can result in the revocation of credit card processing capability, costing your organization millions of dollars in lost
revenue.
Poor Perception of IT: Unless non-compliance has been previously disclosed to the business, IT (and often the CIO) will be deemed responsible for failure to comply. People can lose their jobs.
Exposure to Personal Liability: A system breach will leave you vulnerable to loss of goodwill, civil negligence litigation, or even criminal suits that could result in jail time.
Mandated Changes: Changes driven by an adverse audit opinion often cannot be deferred. Mandated process changes and IT system enhancements can be disruptive to your daily operations and
expensive. Shift the audit paradigm: auditors need to be enabled, not resisted.
Auditors provide a value-added service that you are paying for. Establishing an effective relationship and enabling the audit team can ensure you get value from the engagement. However, you must also be
vigilant in mitigating the risk of damaging findings. More than 88% of organizations with revenues exceeding $100 million conduct an annual IT audit and 68% of organizations with revenues less than $100
million conduct an annual IT audit.
Source: “From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan.” Protiviti’s IT Audit Benchmarking Survey, 2013.
66% of IT security executives stated that audit, compliance, and enforcement activities are increasing; 63% say new privacy and data protection regulatory requirements are affecting their organizations.
Source: Ponemon Institute. “Future State of IT Security.” February 2012.
The average cost of compliance is $3,259,570; the average cost of non-compliance is $9,368,351
Source: Ponemon Institute. “The True Cost of Compliance.” January 2011.
93% of business leaders believe executive management, such as the CIO, should be involved in the IT audit risk assessment process.
Source: “From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan.” Protiviti’s IT Audit Benchmarking Survey, 2013.
Over 30% of compliance executives do not measure the effectiveness of their compliance programs.
Source: “In Focus Compliance Trends Survey 2013.” Deloitte and Compliance Week. 2013.
88% of global financial executives find managing regulatory change challenging for their business.
Source: “Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape.” 2013.
Most respondents of an AIIM records survey feel that audit costs, legal costs, court costs, fines and damages could be reduced by 25% with best practice records management.
Source: “Records Management Strategies – Plotting the Changes.” AIIM. 2011.
79% of executives surveyed plan to increase the number of non-financial audits they conduct to ensure that emerging threats - i.e. cyber security - are being addressed.
Source: “Risk in Review: Re-evaluating how your company addresses risk.” PwC, March 2014.
26% of financial executives said managing external auditors was the most challenging aspect of managing regulatory change; the top rated option.
Source: “Robert Half Financial Services Global Report: Navigating Change in an Evolving Regulatory Landscape.” 2013. This is a good one to use.
This is a good one to use.
This would be a good one to use.