Story image

New digital world causing concern for IT auditor recruitment

13 Feb 2019

Technologies such as AI are reshaping the future of IT auditors, but auditors are largely optimistic about the future, according to new research from global tech association ISACA. 

In the ‘Future of IT Audit: Research Brief’, the results of a survey of more than 2,400 IT auditors worldwide, 92% of IT auditors responded that they are optimistic about how technology will impact them professionally over the next five years. 

Nearly 8 in 10 say their IT audit team has the technical skills and training to keep up with the technology changes affecting them.

Additional good news is that IT auditors are increasingly involved in major tech projects 35% say they are brought in during the planning phase of such projects, 44% say they have a significant impact on major tech projects in their organisations, and nearly half (47%) say IT auditors will be significantly more involved in these projects in the next three to five years.

Among the new technologies that IT auditors most want to learn more about are:

  • Predictive analytics (53%)
  • Artificial intelligence (51%)
  • Blockchain (48%)
  • Machine learning (45%)
  • Robotic process automation (45%)

Those who obtain this knowledge are likely to be in high demand, according to people seeking to hire IT auditors. 

More than two-thirds (67%) say they have difficulty recruiting auditors with the required technical skills, and 64% say the technical skills gap is having an impact on performing IT audits with a high degree of confidence. 

President and chief recruiting officer of an audit and GRC search firm Todd Weinman is seeing this reflected in his clients’ priorities. 

“The one unmistakable trend I am seeing is a return to the more technical auditor,” says Weinmann. 

“With the heightened attention to cybersecurity risks, companies realise they need IT audit talent with deeper technical understanding.”

To help IT auditors acquire the skills needed for the future, ISACA has launched a Transforming IT Audit website, with resources on AI, blockchain, IoT and more. 

“ISACA was founded 50 years ago to help individuals navigate an entirely new career: electronic data processing audit,” said ISACA board chair Rob Clyde. 

“Five decades later, our mission continues to be to help auditors thrive in a technology-driven world, by equipping them with new skills at a faster pace than ever before. Auditors are optimistic about the future of the profession, and we at ISACA are excited for the innovations to come.”

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.