COVID-19 has reorganised the risk landscape for across companies with IT governance now as the top risk for 2021, says one research and advisory company.
In Gartner’s recent 2021 Audit Plan Hot Spots report, various interviews and surveys conducted across its global network of client organisations had revealed that the pandemic is giving rise to new sets of risks while exacerbating longstanding vulnerabilities.
The report stated that as the post-pandemic aftermath sets in, investments in these governance areas will be critical and this also comes as governance professionals had also analysed that COVID-19 cannot be an excuse to sideline needed governance improvements.
“While the pandemic has created new challenges for audit executives to grapple with, what’s most notable is how the current environment has accelerated existing risk trends,” Leslee McKnight, research director for the Gartner audit practice said.
“The volatility and interconnectedness of the two most important risks, IT and data governance, also shines a light on the importance for firms to rethink their risk governance. Audit leaders should apply dynamic risk governance in order to rethink their approach to designing risk management roles and responsibilities.”
The report revealed the abrupt work-from-home mandates have accelerated digital roadmaps, causing many organisations to vault years forward in the space of a few weeks.
This move has spurred the rapid adoption of new technologies both on the employee and customer side, presenting new challenges to productivity, consumer preferences and guarding against security vulnerabilities.
Audit, compliance and legal leaders will need to assess how new technology adoption may be hobbling their IT departments’ plans, with IT support incident requests doubling in early 2020 to support a huge increase in work-from-home employees.
Additionally, managing access rights for many more remote workers presents new risks such as “privileged user abuse,” which is something to take note of and expected to climb over the next 12 to 24 months, according to the executive survey.
Data governance will continue to be key post-pandemic and companies are expected to collect more sensitive personal information from employees and customers than ever before.
“Yet, data governance practices are regressing, with fewer dedicated resources to data privacy than in previous years,” the report stated.
“Growth in software-as-a-service (SaaS) and delays to upgrading legacy systems have created work environments where data is distributed across disparate platforms, software and servers. Such complexities continue to test audit executives, with only 45 per cent expressing high confidence in their ability to manage data governance risk.”
Furthermore, cyber vulnerabilities are also especially acute this year, due to the rapid organisational changes needed to protect employees and serve customers in the midst of a pandemic.
“Despite increased cybersecurity spending, only 24 per cent of organisations routinely follow cybersecurity best practices, this will result in cyberattacks that are expected to cost organisations $6 trillion annually by 2021,” the survey analysed.
Ms McKnight added that the pandemic is forcing many audit and risk executives to address their organisation’s deficiencies in the most critical areas.
“Inadequate data governance and IT security practices will have even steeper consequences in the current environment than pre-pandemic, particularly when considering the types of data many organisations feel compelled to collect as a result of new health and safety measures,” she said.