As organizations continue to collect customer and employee data, chief audit executives (CAEs) are increasingly concerned about how to govern and protect it, according to Gartner.
According to Gartner’s annual Audit Plan Hot Spots Report, data governance has risen to the top spot of CAEs’ audit concerns, up from second place in last year’s report, replacing cybersecurity preparedness.
Increased regulatory scrutiny has pushed governance risks, along with related data management challenges such as third-party ecosystems, cyber vulnerabilities and data privacy, as major concerns for audit departments.
“Despite the strategic importance of data, organizations have been slow to adopt data governance frameworks, putting them at risk of large fines, of poor strategic decision making and of misallocation of critical resources,” said Malcolm Murray, vice president for the Gartner Audit practice. “Data management failures have drawn regulator and public scrutiny, leading to increased regulatory burdens and pressure on organizations and their use of data.”
Nearly 80% of executives agree companies will lose competitive advantage if they do not effectively utilize data, and 49% say data can be used to decrease expenses and create new avenues for innovation. More than half of organizations, however, lack a formal data governance framework and a dedicated budget.
As CAEs audit their data management practices, audit teams should pay special attention to security controls around data assets, data migration plans and backups for critical data assets, the research and consulting firm said.
To ensure compliance with regulations such as Europe’s GDPR, organizations should also review their controls and rules around collection and retention, and ensure deletion policies exist, Gartner added.