Survey results find companies challenged by variety of technology issues, including security, governance and social media
Despite ongoing efforts to address information technology issues, companies continue to come up short in their IT audit functions, according to a new survey from global consulting firm Protiviti (www.protiviti.com). The study reveals that a large percentage of organizations are not planning and instituting the IT audit coverage necessary to assure critical IT operations, evaluate risk and provide a secure, available IT environment.
Now in its third edition, Protiviti’s latest IT audit benchmarking study, titled From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan, analyzes the primary technology-related challenges companies face from the internal audit perspective, and identifies trends in the ways organizations evaluate their approach to IT audit functions and capabilities. The survey report can serve as a helpful guide to internal audit functions, audit committees and boards of directors as they build their annual audit plans.
“In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment,” said Brian Christensen, Protiviti executive vice president of global internal audit. “Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”
Top Technology Challenges
According to the 469 respondents who participated in Protiviti’s 2014 IT Audit Benchmarking Survey, including chief audit executives, IT audit directors, IT audit managers, and other auditing professionals, the top technology-related challenges facing organizations are:
- IT security (including data security, cyber security, and mobile security; this result was the number one challenge for the second consecutive year)
- IT governance
- Lack of ERP implementations, development, and knowledge
- Social media
- Vendor management
- Cloud computing
- Emerging technology and infrastructure changes
- Big data and analytics
- PCI compliance
The recurring challenge of IT security points to the need for security teams to tap their organization’s internal audit team’s expertise to develop more efficient, sustainable compliance programs. In a report titled Engage Audit Professionals for Better Security
Assessment Outcomes (June 26, 2013), Forrester Research, Inc. writes about the benefits of audit and security working together to address security compliance: “There are simple ways for security and audit professionals to coordinate more closely in ways that will help both sides achieve their goals… When done correctly, the audit function becomes a powerful advocate for the security team, helping highlight the strength of the program when appropriate and helping justify more investments when there are gaps to fill.”
Companies’ IT Audit Practices Still Fall Short
Analysis of Protiviti’s survey results also provides important insights into how effectively organizations are improving their IT audit programs and practices, and some notable findings suggest there is a need for dramatic improvement. These include:
A large number of companies fail to devote adequate resources to IT audit and, as a result, are not able to fully assess potential risks. Also, 42 percent of organizations reported that they rely on outside resources to augment their IT audit departments because they lack the appropriate internal resources.
Many internal audit functions are not performing IT audit risk assessments regularly, and even many of the companies that do perform these assessments need to do so more frequently. Of concern, one-third of companies with less than $100 million in revenue do not conduct any type of IT audit risk assessment, which presents countless potential hazards for their respective businesses.
Also a cause for concern is the increase from 2012 to 2013 in the number of IT audit directors who report to the CIO. Even though the overall number of organizations with this reporting relationship is relatively low, allowing the IT department to audit itself is a potential recipe for disaster because independence and objectivity of assessments are lost.
“Although there are areas that clearly need attention, it’s a good sign that more companies are working to implement IT governance policies and procedures,” said David Brand, a Protiviti managing director and leader of the firm’s IT Audit practice. “We have seen an uptick in the number of companies that are evaluating IT governance as part of their audit process.”
Survey Resources – Webinar, Report, Video and Podcast
A webinar exploring the survey results will be held today at 10:00 a.m. PST. Joining Brand for the one-hour webinar will be another Protiviti managing director, Jonathan Bronson, and guest speaker Forrester Research, Inc. Senior Analyst Renee Murphy. To register for the complimentary webinar, please visit http://www.protiviti.com/webinars.
The survey report From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan is available for download at www.protiviti.com/ITauditsurvey, along with a short video about the survey results. Additionally, Brand has recorded a podcast discussing the survey findings, which is available at www.protiviti.com/podcasts.
The 2014 IT Audit Benchmarking Survey was conducted in the second and third quarters of 2013. Eighty-four percent of the responses were from companies in North America, with the rest spread among Europe, Asia-Pacific, the Middle East and Africa. Sixty-two percent of the participants’ companies had annual revenues of $1billion or greater. The types of organizations participating in the survey were:
- Public – 50%
- Private – 26%
- Not-for-profit – 12%
- Government – 11%
- Other – 1%
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE 1000® and FORTUNE Global 500® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
The FIVE ways to ensure cyber security this 2021
Web hosting experts Fasthosts give their top five tips for keeping customers secure in 2021
The pandemic has allowed the UK’s e-commerce sector to hit a record number of online sales in 13 years1. So, with more online shoppers than ever before, how can we promise customers online security for a better 2021?
Web hosting experts Fasthosts.co.uk have comprised a list of top tips which will optimise user experience, ensure online security, and protect websites from unauthorised access as we enter the new year.
Fasthosts has pulled together the top five tips for ensuring cyber security and how you can implement them in 2021.
Limit User Access and Restrict Admin Privileges
Ensure cyber security by simply limiting those who can access sensitive information. The more users with the capacity to enter off-limits areas, the greater the likely hood of a cyber-criminal breaching your system.
Through limiting user access, you’re immediately reducing the risk of an online assault on your web space. A hierarchal structure means only those who necessitate access to personal, password, and payment data have the permissions to go ahead and do so.
The framework for a restricted admin website can be as intricate as necessary depending on your needs, but it can also be as simple as creating two different site formats which split up administrators and standard users.
Abide by Best Practice Security Standards
When protecting customer data it’s crucial that you adhere to universal security standards and attain all up-to-date certifications.
Encrypting data transferred between servers is one of the first steps in creating a secure online environment. Secure Sockets Layer (SSL) is a protocol that codes information through 256-bit encryption, making it all but impossible to translate should it be intercepted by a malignant third party. SSL certification also presents your website as legitimacy by proving its safety with a padlock in the address bar and the letters ‘https://’ at the beginning rather than ‘http://’.
If you’re processing payments, you should be following the standards laid out by the Payment Card Industry (PCI). The PCI offers advice on the areas that require particular care, including sensitive authentication data (CAV2, CVC2, CVV2, CID, PINs, PIN blocks, and magnetic stripe data) and a user’s financial information (card number, cardholder name, expiration data, and service code).
You’ll need to complete a self-assessment exam to double-check what level of compliance you’re currently working at and how you can further improve online security.
Constantly Monitor User Activity
Establishing a system that allows you to keep tabs on activity and rapidly respond to suspicious on-site movements is one of the most effective ways of preserving cyber security. By enforcing a framework like this- often referred to as cyber monitoring – it becomes easier to uncover security weak spots, identify common user practices which don’t raise concern, and identify the behaviours of malicious intent.
It’s important to perform regular testing across all of your protective systems. This makes sure your site isn’t open to a to silent attack and puts your security methods into practice.
Encouraging a Strong Password is Crucial
It doesn’t matter how flashy or intricate your security software is, if a user is using a feeble password, your system is left open for opportunist hackers to invade. Passwords that are most easily guessed often include predictable patterns or personal information such as names, birthdays, childhood pets, or popular sports teams.
By making it compulsory to sign up with a more encrypted password, ideally containing at least one random number, capital letter and special character, you’re doing all you can as a responsible website owner to ensure the safety of both your users and customers. Similarly, encouraging users to often update their password helps reduce the potential of hackers accessing sensitive information.
If users are opposed by having to remember a complex password, offer a password manager that keeps track of any changes.
Implement a 2 Factor Authentication
Implement a two-factor authentication. Even if an unwelcome user somehow guesses a user’s password, the intrusion is made very difficult with the additional protective layer.
Two-factor authentication is really simple to use, you send a user a randomised code as an SMS or notification after they’ve entered their correct password. Only after entering the code when prompted will they then be permitted to access the site. Enabling two-factor authentication requires very little effort on a user’s part, but it’s a double-barrelled security measure that makes ensuring the safety of personal and payment data a lot more efficient.
Cyber security is crucial in delivering a reliable website, whether for your customers or administrators. For the full article please visit https://www.fasthosts.co.uk/blog/five-ways-to-ensure-cyber-security-in-2021/
Holding Cloud To Account, How Cloud Adds Up In Financial Services
By Dom Poloniecki, General Manager, Western Europe and Sub-Saharan Africa at Nutanix
Cloud computing and the deployment of increasingly cloud-native technologies is happening across every industry vertical. Even in industries where a degree of previous inertia existed such as legal and finance, the drive to cloud flexibility and scalability has become a primary driver for the technology fabric that firms in these markets run on.
As traditionalist operations in the legal trade start to undergo increasing levels of digital transformation, the weighty behemoth systems running financial institutions are also now being carefully and strategically replaced by more efficient, more flexible and more cost effective cloud installations. Now a proud owner of its sub-sector label and hashtag, FinTech is the new financial IT… and FinTech was born on the cloud.
As part of the Third Annual Enterprise Cloud Index report by Nutanix, a specific analysis of the 3,400 IT decision-makers questioned is now dedicated to examining how financial services organisations are using cloud technologies. Looking at the key data points related to Financial Services, we can start to understand the implementation, workload separation and (in most cases still, as of 2020) the migration issues that these firms are experiencing.
In the world of Financial Services cloud computing, the importance of an integrated and intelligently managed hybrid framework can not be overstated. Financial operations can of course draw upon the resource backbone of public cloud for their foundational operational technology requirements. However, they often still need to run a carefully deployed private cloud footprint commensurate with the privacy and security needs of any organisation operating in the financial sector.
The central importance of hybrid
Hybrid cloud and the use of Hyperconverged Infrastructure (HCI) is therefore a key cornerstone for Financial Services hybrid cloud development. This is the route to a cohesively managed hybrid cloud environment, where workloads are optimised according to the security, performance and compliance needs arising from the use case of the data and applications at hand.
The Nutanix Enterprise Cloud Index findings back this reality up and show that the majority (86%) of financial services respondents identify hybrid private/public cloud as the ideal IT operating model for their organisation. So much momentum is there now in this space that financial services companies are running more applications in private clouds than most other industries polled. Their reported usage of private cloud (39%) outpaces all other industries except for IT, tech and telecoms (40%).
As a further validating and driving factor here, HCI is the lower substrate technology behind the big public cloud offerings from Amazon, Google and Microsoft. So HCI and the wider hybrid approach is no longer perceived as ‘just’ a route to cost savings, which perhaps it was as recently as half a decade ago; it now represents an important enabling and facilitating technology to reduce complexity and increase scalability. In the hybrid cloud world where cost is no longer the main driver for cloud implementation, we can say that we have moved on to a point where we identify the ability to ‘achieve business outcomes’ as the primary driver.
HCI for modernised financial challengers
Given the growth of so-called ‘challenger banks’ shaking up financial services with new online services, extended customer loyalty offers driven through dedicated mobile banking applications and other fast-moving business models, traditional financial institutions have realised that they need to become altogether more agile.
Adopting hybrid cloud in Financial Services allows even older and more established firms to build scalable and easily managed private clouds as part of a hybrid cloud model. This scalability can be engineered for rapid growth when and where it happens, but it is also scalability that enables financial organisations to rein in compute resources serving banking products that have proved to be end-of-life and ultimately laid dormant or retired.
It’s important to remember that, as powerful as it is, cloud can still be a complex consideration, especially when aggressively deployed in an essentially hybrid mix of public and private cloud instances. The Enterprise Cloud Index found that for every aggressive hybrid design being deployed, there is an equally aggressive drive to deploy Hyperconverged Infrastructure (HCI).
This is because HCI helps accelerate cloud adoption by sharply reducing the time it takes to build the software-defined infrastructure necessary to support private cloud. It also supports the rapid capacity expansion that enables the scalability benefits of cloud technology. Nearly 50% of the financial sector respondents said they’ve either fully deployed HCI or are in the process of doing so. Another 38% said they will be deploying HCI within the next 12 to 24 months.
It is difficult not to mention the impact and legacy of 2020 and the global pandemic on the financial services technology market space. More than three quarters (78%) of financial services respondents said Covid-19 has caused IT to be viewed more strategically in their organisations. In addition, 50% of financial services respondents said they increased their investment in hybrid cloud as a direct result of the pandemic.
Choice: from the bank teller to the backbone
The key point we keep coming back to here is choice. As financial institutions will be working to offer corporate and individual customers the widest choice of products and services, so too will they need to gain choice of operational compute fabric in the shape of the cloud deployments that they do actually make. More specifically, it’s about these Financial Services businesses having the flexibility to concentrate on the delivery of strategic business outcomes quickly, easily and – crucially – without the need to keep within the limitations of a particular supporting IT model.
As previous Nutanix surveys have shown, companies consistently express a desire for the ability to run workloads in the infrastructure best suited to them, based on a variety of criteria. Be that wanting to enhance security; rapidly on-board new apps during takeovers and acquisitions; reach new markets with different compliance needs and so on.
Over the next five years, financial services organisations expect a significant drop of 13 percentage points in their use of non-cloud-enabled datacentre technology, taking them down to less than 1% penetration. As in almost all aspects of life, some products, tools and processes that we took as standard parts of the way the world works are eventually superseded.
Nobody uses a ‘flatbed slider’ paper-slip credit card reader anymore to take a payment – and nobody will use non-cloud financial services IT functions in the very near future. There may be a few archaic legacy hangers-on, but they’ll be nothing more than the exception that proves the rule. Hybrid cloud for our Financial Services’ future? That’ll do nicely.
First of a kind Virtual Coffee Machine app with social meeting moments to support workforce wellbeing in a remote workplace
Powell Software’s first in a series of wellbeing technology innovations help remote employees socially connect with colleagues and keep the workplace culture alive
As the third UK lockdown continues and many countries worldwide face severe restrictions, Powell Software, a global organisation creating digital solutions and tools for the digital workplace, has launched the first of its kind Virtual Coffee Machine, an application within Microsoft Teams to ensure employees stay better connected, positively engaged and take regular breaks while working from home.
With employee wellbeing at the top of the global workforce agenda for 2021, Powell’s Virtual Coffee Machine app positively connects employees through virtual chats to maintain a culture of togetherness, even when apart.
Replacing the absence of the in-person coffee catch up, HR can swiftly set up a Virtual Coffee Machine break within any Teams channel, encouraging employees to take regular short breaks while inspiring networking and socialising between colleagues.
Matthieu Silbermann, Chief Product Officer at Powell Software said: “The effects of the Pandemic have reshaped the Digital Workplace and research has found that three quarters of employers intend to shift some employees to remote work permanently. However, with one in five remote employees naming loneliness as their top complaint regarding work from home, reinforcing togetherness needs to be a top priority.”
Take a virtual coffee
HR can set up a Virtual Coffee Machine meeting within any Teams channel defining time, frequency and date, and number of people. The app then uses an algorithm that collects data from employees registered in Powell Teams, automatically comparing outlook calendars and generating meeting invites based on the criteria of the meeting. For example, if the Virtual Coffee Machine meeting criteria was set at a maximum of five people and ten people are available to join then two meeting invitations would be sent.
Virtual Coffee Machine consciously avoids one to one or full team meetings, focusing on creating intimate, short social breaks where employees can take time out to engage with colleagues in a positive digital space. Colleagues can also ‘travel’ to differently located virtual offices across their organisation to meet colleagues for a coffee break in different virtual buildings.
Employees are unaware of who else will join the group until the event, to encourage different team members to meet, chat and get to know each other. The app automatically books an agenda and also suggests ice breakers like ‘what was the last film you saw or book’?
If a team member does not want to or cannot join a Virtual Coffee Meeting, they simply decline the meeting invitation.
Silbermann continues: “Powell Software is passionate about connecting employees to their organisation and to each other, ensuring that they have a positive and stimulating experience at work, every day. Remote workers need to be connected, they need to feel part of the company, the culture and feel able to socialise in the hybrid or remote workplace.
“Powell’s new Virtual Coffee Machine app is all about the employee. We all miss the little social moments at the office, whether they be at the coffee machine or the cold water fountain. Coffee Machine allows us to progressively see our workplaces positively come to life again in a virtual way, promoting connectivity, collaboration and employee wellbeing. It’s part of a bigger goal and series of initiatives to bring the virtual building to life.”
Why You Should Take On Debt To Stop Dilution
By Blair Silverberg, CEO of Capital Imagine an exciting space dominated by two major companies, each growing and developing at...
Audi aims to sell one million cars in China in 2023
BEIJING (Reuters) – German premium automaker Audi aims to sell 1 million vehicles in China in 2023, versus 726,000 vehicles...
Netflix forecasts an end to borrowing binge, shares surge
By Lisa Richwine and Eva Mathews (Reuters) – Netflix Inc said on Tuesday its global subscriber rolls crossed 200 million...
MGM Resorts drops takeover plan for Ladbrokes-owner Entain
By Tanishaa Nadkar (Reuters) – Casino operator MGM Resorts International on Tuesday ditched plans to buy Ladbrokes owner Entain after...
Mike Ashley’s Frasers ups stake in Hugo Boss to over 15%
(Reuters) – Mike Ashley-led Frasers said on Tuesday it has increased its stake in German luxury fashion house Hugo Boss...
Sterling rises above $1.37 for first time since 2018; UK inflation rises
By Elizabeth Howcroft LONDON (Reuters) – A combination of heightened risk appetite in global markets and UK-specific optimism lifted the...
Euro sinks amid broader risk rally against dollar
By Ritvik Carvalho LONDON (Reuters) – The euro struggled to join a broader risk rally against the dollar on Wednesday...
Britain to publish new weekly consumer spending data
LONDON (Reuters) – Britain’s statistics office said it would publish new weekly consumer spending data from Thursday, based on credit...
Mercedes unveils electric compact SUV in bid to outdo Tesla
By Nick Carey (Reuters) – Daimler AG’s Mercedes-Benz on Wednesday unveiled the EQA, a new electric compact SUV as part...
England soccer star Rashford nets younger buyers for Burberry
By Sarah Young LONDON (Reuters) – Burberry stuck to its full-year goals on Wednesday after a media campaign fronted by...