Article

2020 Hot Topics for IT Internal Audit in Financial Services

Staying Relevant

October 2019

We are pleased to issue our latest paper on the information technology hot topics for Internal Audit functions in financial services.

As in previous years, this is based on our survey across UK financial services organisations and our discussions over the past 12 months with Chief Internal Auditors and Heads of IT Audit, who have openly shared their areas of focus and the organisational challenges in relation to their firms’ technology control environment.

We provide a view of their planning priorities, covering both why each topic is relevant and of particular focus to the organisations we surveyed, and also what Internal Audit functions may consider, or seek to do differently, in order to address the associated risks.

We anticipate an increased internal audit focus in 2020 on digital, disruptive technologies, as well as continued emphasis on cyber, strategic change and third party risk. Operational resilience has emerged as a key area, following recent regulatory and business focus. This is a topic which encompasses other high-impact domains, such as cyber and technology resilience, crisis management, incident response and recovery.

Section 4 of this publication focuses on the areas of focus for IT audit plans (the hot topics) and, provides insights on “what and how to audit”.

Section 2 details our view on some of the aspects that will influence the future shape of Internal Audit functions. We have captured these thoughts under the strap-line staying relevant, where we explore this challenge in an ever changing social, corporate and technology environment. Specifically, it offers our views on the benefits and challenges of “automation”, the use of data-driven auditing and digital technologies to deliver efficiencies and boost the influence and value they offer the business.

IT Internal Audit Hot Topics through the years: 2012-2020

Below is a comparison of the top 10 IT internal audit hot topics over the past nine years as identified through our annual survey of Heads of IT Internal Audit in the financial services sector.

The continued presence of cyber security and transformation/change at the top of our list, particularly in the past 4-5 years cannot be ignored as well as the recent emergence of the new technologies enabling digital business models and transformation initiatives across FS organisations.

Topics which appear in more than two years have been colour-coded to help illustrate their movement in the top 10 over time.

In the graph below, the size of the bubble reflects the ranking in this year’s list, while the horizontal axis shows the threat environment - internal or external to the organisation. The vertical axis classifies the topics across the spectrum of existing/known, new and emerging risks.

Did you find this useful?