Ransomware and the long-term effects of the pandemic on markets and organisations are the top issues for auditors in 2022, said Gartner recently.
The Gartner 2022 Audit Plan Hot Spots report also identified evolving societal expectations for enterprises, such as environmental, social and governance (ESG) risks, and operational resilience as top risk areas for 2022.
Audit concerns about other digital and IT risks, such as data and analytics and IT governance also reflect the increased importance of digital capabilities in the wake of the pandemic and the need for rigorous assurance over associated risks.
Many of the 12 top issues for auditors — such as economic uncertainty, workforce management, and business continuity — relate to the ongoing effects of the pandemic.
The 2022 audit plan hot spots that Gartner identify are as follows.
• Data and Analytics Governance
• Digital Business Transformation
• IT Governance
• Third Parties
• Business Continuity and Organizational Resilience
• Environmental, Social and Governance (ESG)
• Supply Chain
• Strategy Execution
• Workforce Management
• Retention and Recruitment
• Economic Uncertainty
“Ransomware is resulting in revenue and data loss, compromised data, reputational damage, significant operational disruption and more,” said Zachary Ginsburg, research director for the Gartner Audit and Risk practice. “Regardless of their size or revenue, organisations should assume they will be targeted with ransomware, and they should examine their prevention, detection, mitigation, response and recovery measures.”
Gartner recommends five initial steps for auditors to provide assurance over their organizations’ efforts to mitigate risk from ransomware attacks:
• Evaluate Employee Security Training
• Assess External Relationships for Ransomware Support Services
• Review Ransomware Attack Response Plans
• Assess Data Storage Policies
• Review Service Provider Ransomware Attack Communication Protocols
Diverse risk landscape
Although ransomware should be a key concern for auditors in 2022, there are a lot of pressing risks covered within the 12 hot spots that must not be left unaddressed, Gartner warned.
Global business operations continue to be disrupted by supply chain issues, shortages, and other ongoing market effects from the pandemic-era economy, said Ginsburg.
“These include fierce competition between organisations for talent, greatly increased shipping prices and times, and shortages of key goods such as semiconductors,” he pointed out.
ESG matters have also taken on a new momentum in recent times with enterprises making public commitments in this area, and social and investor activism reaching new levels of intensity, Ginsburg observed.
This is creating risks for companies that are not meeting the expectations of investors, regulators, consumers, prospective and current employees, and others, he added.
“2022 looks like a year that will feature an especially diverse array of unpredictable and highly impactful risks,” said Ginsburg. “Audit will need increase its capacity to assess such risks and provide related assurance over them to keep up with a highly turbulent risk landscape.”