SlideShare a Scribd company logo

CAEs speak out: Cybersecurity seen as key threat to growth

Grant Thornton LLP
Grant Thornton LLP

Financial services CAEs see cybersecurity as the top threat to growth, with 71% ranking it as the issue most likely to significantly impact their organizations' strategies. While concerns about regulatory risks have decreased slightly, cybersecurity risks are amplified by increased use of mobile technology and third-party relationships. CAEs indicate that cybersecurity must be addressed on an enterprise-wide basis due to operational, regulatory, and reputational risks. Optimizing compliance activities, improving talent quality, and effectively using data analytics and GRC tools are keys to enhancing risk management and delivering greater value.

Business
1 of 8
Download to read offline
CAEs speak out: Cybersecurity seen as key threat to growth Financial Services: Governance, Risk and Compliance Survey 2015
2 CAEs speak out: Cybersecurity seen as key threat to growth 1 The survey was administered online from November to December 2014. A total of 114 internal audit professionals in the financial services industry responded, representing a range of public and private companies of all sizes across the United States. Respondents perform internal audit functions under varying titles, including CAE, vice president and director; however, for the purpose of this survey, we will refer to all respondents as CAEs. Visit grantthornton.com/caesurvey for more information. Introduction In Grant Thornton LLP’s fifth annual survey of chief audit executives (CAEs), financial services CAEs revealed that they see considerable room for improvement when it comes to their risk management functions.1 Although they operate in a heavily regulated industry and are highly attuned to managing risk, almost two-thirds of financial services CAEs indicated that their risk management functions would benefit from enhancements. In addition, almost one-quarter of respondents said their risk framework is either ineffectively used or has yet to be implemented. Only 15% of CAEs report being fully satisfied with their framework, saying it is rigorously enforced and used comprehensively (Figure 1). 15% 13% 4% 6% 62% A framework is in place, rigorously enforced and used comprehensively A framework is in place but not rigorously enforced nor used comprehensively A framework is planned but not implemented We do not have a formal framework or methodology in place A framework is in place but areas for enhancement and improvement exist Figure 1: In your opinion, how mature is your organization’s risk management function?* *Financial services companies only. ++6+4++DNot surprisingly, in light of numerous high-profile and reputation-damaging data breaches, financial services CAEs are especially concerned about data privacy and security. This area ranked highest (71%) among issues that could have the most significant impact on their organizations’ growth strategies, a notable increase from 48% in the 2014 survey. Participants from the largest entities — those with managed assets of over $50 billion — are even more concerned with privacy, with 74% of those respondents ranking it as the biggest threat to future growth. When asked what type of risk assessments their departments are conducting, 66% of financial services CAEs named data security as the top area, although enterprise-wide risk assessments continue to represent the most prevalent type, as reported by 75% of respondents. Other top responses included technology (63%) and fraud risk assessments (63%).
3  CAEs speak out: Cybersecurity seen as key threat to growth Given the industry’s strong ties to data security, these findings are not surprising, according to Jack Katz, global leader and national managing partner in Grant Thornton's Financial Services practice. “For the financial services industry, cybersecurity is a critical risk that must be addressed on an enterprise basis, as the threat of cybercrime raises not only operational and regulatory risks but significant reputational risk exposure as well,” says Katz. The increasing use of mobile technology and third-party relationships further amplifies the data security risks facing the industry, notes Katz. “Financial services companies have focused their technology strategies largely on customer service and convenience, which have increased their cybersecurity exposure. At the same time, as firms have become more and more technologically interconnected to various vendors and other third parties, extended data supply chains have expanded their vulnerability to cybercrime.” As anxiety about cybersecurity has risen, concerns about regulatory risks have lessened somewhat, with 38% of CAEs citing this area as having a significant impact on growth, compared to 51% last year. Nonetheless, regulatory risks were still the second-highest concern as ranked by respondents. Risks related to third parties and vendors came in third, up to 34% from 22% in 2014. Rounding out the highest-concern risk areas were execution of strategy (30%) and business continuity. Managing the compliance burden Although the financial services industry continues to face the challenges of a fluid and uncertain regulatory environment, our survey suggests that the effort dedicated to compliance has not risen. Thirty percent of CAEs, compared to 54% last year, reported that meeting compliance requirements constitutes up to 25% of their workload. Moreover, 67% said this does not represent an increased effort over last year. That said, while the rate of increase in cost may be slowing, the industry is still dealing with significant compliance costs. Optimizing those costs, therefore, remains a priority. Again this year, CAEs said that regulatory requirements add costs and distract the internal audit function from other activities. Increased costs remain the biggest impact of regulations, according to 72% of respondents, while the inability to devote resources to higher-value activities was cited by 42%. On the other hand, 38% said regulation had improved governance and the rigor of testing (Figure 2). When it comes to meeting regulatory requirements, financial services CAEs report that an ongoing challenge facing their organizations is a dearth of talent and lack of alignment among processes, operations and technology. “Meeting compliance obligations remains a pain point for companies in a variety of sectors,” explains Warren Stippich, partner and Grant Thornton national Governance, Risk and Compliance practice leader. “There are continued compliance requirements in highly regulated industries, such as financial services, combined with more scrutiny from the PCAOB [Public Company Accounting Oversight Board] regarding the work that is done around internal controls. With finite budgets and resource constraints, internal auditors must look toward optimizing all aspects of the work they do, including compliance activities,” Stippich says. Increased cost Unable to devote resources to higher-value activities Improving our governance and rigor of testing Little to no impact Other Figure 2: Impact of regulation on organizations* 71.7% 11.7% 0% 41.7% 38.3% *Financial services companies only. Respondents were able to select more than one answer. Responses do not add up to 100% due to rounding.
4  CAEs speak out: Cybersecurity seen as key threat to growth One-to-many takes root One path to optimizing compliance is the one-to-many approach, which allows companies to test once but report on multiple regulatory requirements while remediating any regulatory gaps. This lets organizations streamline compliance testing, meet more regulatory requirements, and provide a sustainable framework for long-term compliance management without repeating the same testing activities for different mandates. An example would be testing logical security and using those test results to satisfy multiple regulatory requirements, such as those associated with the Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard and the International Organization for Standardization. Two-thirds of financial services CAEs said their organizations have had success with a one-to-many approach. Furthermore, 18% said they can potentially apply the principles to up to 75% of their testing, and 41% said they can use the approach for up to 50% of their testing (Figure 3). Technology usage: A mixed bag CAEs in the financial services industry and in our overall survey indicated that they’re eager to improve the efficiency of the internal audit function, ranking this as their top goal for the coming year. However, some see limited value in implementing or updating governance, risk and compliance (GRC) tools. The following are responses from audit executives in the financial services industry: • More than half (54%) said that investing in GRC technology is one way they are enhancing or are planning to enhance their approach to risk management (Figure 4). 0% 1–25% 26–50% 51–75% 76–100% Figure 3: What percentage of your control testing do you think is possible to test once and use the results across mul- tiple compliance requirements?* *Financial services companies only. 0% 41% 41% 0% 18% Figure 4: What steps are you taking or planning to take to enhance your approach to risk management?* Increased focus on risk management Refining existing ERM approach Investing in governance, risk and compliance technology Integrating with operations and business strategy Better analytics and risk-modeling Implementing ERM initiatives Conducting a third-party risk assessment None Other 67% 29% 21% 6% 6.40.0%% 0% 51% 49% 54% 54% *Financial services companies only. Respondents were able to select more than one answer.
5 CAEs speak out: Cybersecurity seen as key threat to growth Internal audit function management and administration Centralized management and reporting of audit plans and results ERM Other compliance or regulatory testing (PCI DSS, FCPA, HIPAA) SOX testing Other • Only 10% disagreed with the assertion that their organizations effectively use GRC-specific technology. This is down from 23% last year, suggesting that CAEs are pleased with the progress made in this area. In addition, 45% agreed that their organizations are effectively leveraging a GRC tool, up from 36% last year. • CAEs whose departments use GRC technology indicated that they’re using it primarily for internal audit function management and administration, followed by centralized management and reporting of audit plans and results, enterprise-wide risk management, and other compliance or regulatory testing (Figure 5). • Despite some positive signs regarding GRC technology, 90% of respondents, up from 84% last year, said they don’t plan to implement a GRC tool in the next 12 months, which could suggest that some CAEs see limited value in implementing or updating the technology. Nonusers cited the cost and time required to deploy the technology as the top implementation challenge, followed by the difficulty of maintaining and supporting the technology. As these findings suggest, even if the benefits are considerable, some organizations, especially smaller ones, may find that they either cannot marshal the resources needed to adopt GRC technology, or they cannot realize an adequate return on investment. Some have found that spreadsheets are equally efficient and more cost-effective for their purposes. Data analytics: An aid to risk management Usage of data analytics to enhance the internal audit function also seems to be mixed. Consider the following: • More than half (53%) of financial services CAEs said they are not using data analytics or business intelligence tools to enhance the internal audit function, up from 39% last year. Slightly less than half (47%) of respondents said they are using data analytics, down from 61% in the 2014 survey. • Users of data analytics cited a more efficient internal audit process as the top benefit, which is consistent with the goal of optimizing compliance monitoring activities. Other benefits included the ability to quickly identify patterns, trends and relationships; and greater population testing coverage (Figure 6). “Although many large financial institutions, in particular, rely on advanced analytics, there are opportunities to do more,” says Nigel Smith, national Financial Services Advisory practice leader. “Effective use of advanced analytics can enable financial organizations to gain added benefits from the data they’re gathering and assembling as they comply with new regulations. Using advanced analytics, they can leverage those data assets to anticipate emerging risks and make more appropriate risk mitigation decisions.” Figure 6: What are the top benefits you achieve from using data analytics? Respondents selected top 3, with 1 being the highest. *Financial services companies only. Respondents were able to select more than one answer. Figure 5: Our organization uses GRC/internal audit technology tools primarily for the following functions:* 75% 0% 25% 20% 40% 40% More efficient internal audit processes Quickly identify patterns, trends and relationships Greater population testing coverage 1 2 3
6 CAEs speak out: Cybersecurity seen as key threat to growth Priorities, priorities As financial services CAEs look ahead, they’re focused on priorities — not just their own as internal audit professionals but also those of various stakeholders. Asked about the areas in which they are most frequently asked to deliver value, CAEs identified the following: (1) mitigating risk, (2) identifying improvement opportunities and (3) stronger compliance efforts in other areas. The priorities of financial services CAEs are not that out of alignment with those of their stakeholders. Without existing constraints, they identified the following as areas where they believe they could add the most value: (1) identifying improvement opportunities, (2) increasing efficiency and (3) mitigating risk/stronger corporate governance. Talent, compliance optimization key to delivering value Asked about barriers to delivering the greatest value, 51% of financial services CAEs cited talent quality or capacity, followed by budget constraints (Figure 7). The ability to attract talented internal auditors, in particular, is a significant challenge, but one that CAEs may be able to address by using a different approach. “With the internal audit function requiring a greater range of skills and more nontraditional types of skills — such as information technology expertise — CAEs may need to focus more on recruiting professionals with skills in these high-priority areas and complement that with co-sourcing arrangements,” says Smith. “For instance, by recruiting auditors who have an IT background, CAEs can enhance their department’s ability to understand and address cybersecurity risks.” In addition, the ongoing quest for greater efficiency can be addressed by taking the necessary steps to optimize compliance activities. This may include improving visibility into financial controls, better allocation of compliance resources (including talent and skill considerations), and greater responsiveness to regulatory demands and remediation needs. If CAEs can help their organizations develop a sustainable process for long-term compliance management, internal auditors should be able to increase their focus on facilitating the value-added operational improvements they view as a priority and strength. “It’s important that compliance optimization improvements be made in a way that makes them flexible and sustainable over the long term,” notes Smith. “The greatest successes occur when organizations view risk management and compliance effectiveness as a strategic necessity for the business, rather than just reacting to the latest regulatory challenges with tactical, manually intensive solutions.” Figure 7: What are the barriers to delivering the greatest value?* Talent quality or capacity Budget constraints Focus heavily weighted to compliance (regulatory compliance, financial controls compliance, SOX compliance and other compliance) Organizational politics Perception of internal audit within the organization 51% 42% 33% 44% 42% Wrongful acts most likely to result from financial institution cyberattacks:2 *Financial services companies only. Respondents were able to select more than one answer. 2 Survey, New York Department of Financial Services, 2013. 46% Account takeovers 18% Identity theft 15% Telecommunications network disruptions 9.3% Data integrity breaches
7 CAEs speak out: Cybersecurity seen as key threat to growth Cybersecurity: Suggested actions for CAEs Prepare for potential attacks and regularly test those preparations. The financial services industry’s dependence on IT, its interconnectedness, and the rapid growth and evolution of cyberthreats demand the attention of every organization’s board and senior management. Address exposure stemming from third-party and vendor relationships. The extended data supply chain created by such associations is a common path for hackers to gain access to IT systems. In addition to establishing risk management practices related to those third- party arrangements, financial institutions need to consider vendors’ risk management practices and controls. Focus on people and processes, in addition to technological solutions. Keep in mind that successfully addressing cyberrisks is not simply a matter of finding a technological fix for potential problems. It also involves people and processes. Shore up cyberrisk exposure by fully utilizing key resources available to businesses. These include Executive Order 13636, Improving Critical Infrastructure Cybersecurity, and the supporting standards from the National Institute of Standards and Technology, the FBI’s InfraGard program, the U.S. Computer Emergency Readiness Team and the U.S. Secret Service Electronic Crimes Task Force. Be alert to warning signals and identify potential vulnerabilities across the entire business ecosystem when assessing potential cyberrisks from third-party and vendor relationships. Ensure the board and senior management dedicate adequate attention to cyberrisks, including gaining an understanding of the institution’s inherent cybersecurity risks, according to the Federal Financial Institutions Examination Council. It is also essential to have routine discussions about cybersecurity issues; regularly monitor threats and vulnerabilities; create and maintain a dynamic control environment; manage third-party connections; and develop and test business continuity and disaster recovery plans by incorporating cyberincident scenarios.
About Grant Thornton LLP Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. In the United States, Grant Thornton has revenue in excess of $1.3 billion and operates 57 offices with more than 500 partners and 6,000 employees. Grant Thornton works with a broad range of dynamic publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. This content is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information about the issues discussed, contact a Grant Thornton LLP professional. “Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL), and/or refers to the brand under which the GTIL member firms provide audit, tax and advisory services to their clients, as the context requires. GTIL and each of its member firms are separate legal entities and are not a worldwide partnership. GTIL does not provide services to clients. Services are delivered by the member firms in their respective countries. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. In the United States, visit grantthornton.com for details. © 2015 Grant Thornton LLP  |  All rights reserved  |  U.S. member firm of Grant Thornton International Ltd Connect with us grantthornton.com @grantthorntonus linkd.in/grantthorntonus

Recommended

Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Chief Audit Executive Survey
Chief Audit Executive SurveyChief Audit Executive Survey
Chief Audit Executive Surveywstippich
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey resultsGrant Thornton LLP
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportDaryl Resnick
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixFixNix Inc.,
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 

Recommended

Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Chief Audit Executive Survey
Chief Audit Executive SurveyChief Audit Executive Survey
Chief Audit Executive Surveywstippich
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey resultsGrant Thornton LLP
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportDaryl Resnick
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixFixNix Inc.,
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding Profits201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding ProfitsSteven Callahan
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
Envisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingEnvisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingGov BizCouncil
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportTomas Imrich
 
Vc us v4.0
Vc us v4.0Vc us v4.0
Vc us v4.0FixNix Inc.,
 
Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)brijesh singh
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresWNS Global Services
 
Memo to CEOs
Memo to CEOsMemo to CEOs
Memo to CEOsKeith Darcy
 
LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014LexisNexis Software Division
 
Strategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey resultsStrategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey resultsGrant Thornton LLP
 
Third-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential DataThird-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential DataGrant Thornton LLP
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeGrant Thornton LLP
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionGrant Thornton LLP
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingGrant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Grant Thornton LLP
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public healthGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 

More Related Content

What's hot

201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding Profits201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding ProfitsSteven Callahan
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Envisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingEnvisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingGov BizCouncil
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportTomas Imrich
 
Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)brijesh singh
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresWNS Global Services
 
LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014LexisNexis Software Division
 
Strategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey resultsStrategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey resultsGrant Thornton LLP
 
Third-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential DataThird-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential DataGrant Thornton LLP
 

What's hot (15)

201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding Profits201206 Tech Decisions: Finding Profits
201206 Tech Decisions: Finding Profits
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Envisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingEnvisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information Sharing
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
 
Vc us v4.0
Vc us v4.0Vc us v4.0
Vc us v4.0
 
Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)Outsourcing security survey0706 (1)
Outsourcing security survey0706 (1)
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance Requires
 
Memo to CEOs
Memo to CEOsMemo to CEOs
Memo to CEOs
 
LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014LexisNexis Survey of Law Firm File Sharing in 2014
LexisNexis Survey of Law Firm File Sharing in 2014
 
Strategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey resultsStrategically leveraging compliance activities: 2014 CAE Survey results
Strategically leveraging compliance activities: 2014 CAE Survey results
 
Third-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential DataThird-Party Relationships and Your Confidential Data
Third-Party Relationships and Your Confidential Data
 

Viewers also liked

Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeGrant Thornton LLP
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionGrant Thornton LLP
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingGrant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Grant Thornton LLP
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public healthGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesGrant Thornton LLP
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneGrant Thornton LLP
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Grant Thornton LLP
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational changeGrant Thornton LLP
 
CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsGrant Thornton LLP
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Grant Thornton LLP
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelGrant Thornton LLP
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Grant Thornton LLP
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Financial executive compensation survey 2015
Financial executive compensation survey 2015Financial executive compensation survey 2015
Financial executive compensation survey 2015Grant Thornton LLP
 

Viewers also liked (20)

Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business income
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance function
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturing
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public health
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset threshold
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomes
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger tone
 
SALT energy savings
SALT energy savingsSALT energy savings
SALT energy savings
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax process
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational change
 
CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insights
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting model
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Financial executive compensation survey 2015
Financial executive compensation survey 2015Financial executive compensation survey 2015
Financial executive compensation survey 2015
 

Similar to CAEs speak out: Cybersecurity seen as key threat to growth

The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights Deloitte United States
 
Adding internal audit value: Strategically leveraging compliance activities
Adding internal audit value: Strategically leveraging compliance activitiesAdding internal audit value: Strategically leveraging compliance activities
Adding internal audit value: Strategically leveraging compliance activitiesGrant Thornton LLP
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureAccenture Operations
 
EAI Compliance Infographic
EAI Compliance InfographicEAI Compliance Infographic
EAI Compliance InfographicIdeba
 
Compliance at a Crossroads: One Step Forward, Two Steps Back?
Compliance at a Crossroads: One Step Forward, Two Steps Back?Compliance at a Crossroads: One Step Forward, Two Steps Back?
Compliance at a Crossroads: One Step Forward, Two Steps Back?Accenture Insurance
 
CostofCompliance_2016.compressed
CostofCompliance_2016.compressedCostofCompliance_2016.compressed
CostofCompliance_2016.compressedConor Coughlan
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management studyLapman Lee ✔
 
The 2018 Deloitte Global Outsourcing Survey Presentation
The 2018 Deloitte Global Outsourcing Survey PresentationThe 2018 Deloitte Global Outsourcing Survey Presentation
The 2018 Deloitte Global Outsourcing Survey PresentationDeloitte United States
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey Linedata
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureAccenture Operations
 
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...accenture
 
State of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - NimonikState of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - NimonikNimonik
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
Accenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture Insurance
 
State of the CSO 2015
State of the CSO 2015State of the CSO 2015
State of the CSO 2015IDG
 

Similar to CAEs speak out: Cybersecurity seen as key threat to growth (20)

The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights
 
Adding internal audit value: Strategically leveraging compliance activities
Adding internal audit value: Strategically leveraging compliance activitiesAdding internal audit value: Strategically leveraging compliance activities
Adding internal audit value: Strategically leveraging compliance activities
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | Accenture
 
EAI Compliance Infographic
EAI Compliance InfographicEAI Compliance Infographic
EAI Compliance Infographic
 
EAI Compliance Infographic
EAI Compliance InfographicEAI Compliance Infographic
EAI Compliance Infographic
 
Compliance at a Crossroads: One Step Forward, Two Steps Back?
Compliance at a Crossroads: One Step Forward, Two Steps Back?Compliance at a Crossroads: One Step Forward, Two Steps Back?
Compliance at a Crossroads: One Step Forward, Two Steps Back?
 
CostofCompliance_2016.compressed
CostofCompliance_2016.compressedCostofCompliance_2016.compressed
CostofCompliance_2016.compressed
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
 
The 2018 Deloitte Global Outsourcing Survey Presentation
The 2018 Deloitte Global Outsourcing Survey PresentationThe 2018 Deloitte Global Outsourcing Survey Presentation
The 2018 Deloitte Global Outsourcing Survey Presentation
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey
 
FCR Report 2017
FCR Report 2017FCR Report 2017
FCR Report 2017
 
The Changing Role of Compliance | Accenture
The Changing Role of Compliance | AccentureThe Changing Role of Compliance | Accenture
The Changing Role of Compliance | Accenture
 
F3 final sudarshan.pptx
F3 final sudarshan.pptxF3 final sudarshan.pptx
F3 final sudarshan.pptx
 
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
 
State of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - NimonikState of Compliance 2021 at Mid-Market Firms - Nimonik
State of Compliance 2021 at Mid-Market Firms - Nimonik
 
My slides
My slidesMy slides
My slides
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforce
 
Accenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance Report
 
State of the CSO 2015
State of the CSO 2015State of the CSO 2015
State of the CSO 2015
 

More from Grant Thornton LLP

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017Grant Thornton LLP
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Grant Thornton LLP
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonGrant Thornton LLP
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagementGrant Thornton LLP
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020Grant Thornton LLP
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonGrant Thornton LLP
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookGrant Thornton LLP
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry Grant Thornton LLP
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementGrant Thornton LLP
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration Grant Thornton LLP
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsGrant Thornton LLP
 

More from Grant Thornton LLP (20)

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs Guide
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant Thornton
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant Thornton
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 Outlook
 
ForwardThinking Q1 2017
ForwardThinking Q1 2017ForwardThinking Q1 2017
ForwardThinking Q1 2017
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset management
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. elections
 

Recently uploaded

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524najka9823
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCRashishs7044
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 

Recently uploaded (20)

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 

CAEs speak out: Cybersecurity seen as key threat to growth

  • 1. CAEs speak out: Cybersecurity seen as key threat to growth Financial Services: Governance, Risk and Compliance Survey 2015
  • 2. 2 CAEs speak out: Cybersecurity seen as key threat to growth 1 The survey was administered online from November to December 2014. A total of 114 internal audit professionals in the financial services industry responded, representing a range of public and private companies of all sizes across the United States. Respondents perform internal audit functions under varying titles, including CAE, vice president and director; however, for the purpose of this survey, we will refer to all respondents as CAEs. Visit grantthornton.com/caesurvey for more information. Introduction In Grant Thornton LLP’s fifth annual survey of chief audit executives (CAEs), financial services CAEs revealed that they see considerable room for improvement when it comes to their risk management functions.1 Although they operate in a heavily regulated industry and are highly attuned to managing risk, almost two-thirds of financial services CAEs indicated that their risk management functions would benefit from enhancements. In addition, almost one-quarter of respondents said their risk framework is either ineffectively used or has yet to be implemented. Only 15% of CAEs report being fully satisfied with their framework, saying it is rigorously enforced and used comprehensively (Figure 1). 15% 13% 4% 6% 62% A framework is in place, rigorously enforced and used comprehensively A framework is in place but not rigorously enforced nor used comprehensively A framework is planned but not implemented We do not have a formal framework or methodology in place A framework is in place but areas for enhancement and improvement exist Figure 1: In your opinion, how mature is your organization’s risk management function?* *Financial services companies only. ++6+4++DNot surprisingly, in light of numerous high-profile and reputation-damaging data breaches, financial services CAEs are especially concerned about data privacy and security. This area ranked highest (71%) among issues that could have the most significant impact on their organizations’ growth strategies, a notable increase from 48% in the 2014 survey. Participants from the largest entities — those with managed assets of over $50 billion — are even more concerned with privacy, with 74% of those respondents ranking it as the biggest threat to future growth. When asked what type of risk assessments their departments are conducting, 66% of financial services CAEs named data security as the top area, although enterprise-wide risk assessments continue to represent the most prevalent type, as reported by 75% of respondents. Other top responses included technology (63%) and fraud risk assessments (63%).
  • 3. 3  CAEs speak out: Cybersecurity seen as key threat to growth Given the industry’s strong ties to data security, these findings are not surprising, according to Jack Katz, global leader and national managing partner in Grant Thornton's Financial Services practice. “For the financial services industry, cybersecurity is a critical risk that must be addressed on an enterprise basis, as the threat of cybercrime raises not only operational and regulatory risks but significant reputational risk exposure as well,” says Katz. The increasing use of mobile technology and third-party relationships further amplifies the data security risks facing the industry, notes Katz. “Financial services companies have focused their technology strategies largely on customer service and convenience, which have increased their cybersecurity exposure. At the same time, as firms have become more and more technologically interconnected to various vendors and other third parties, extended data supply chains have expanded their vulnerability to cybercrime.” As anxiety about cybersecurity has risen, concerns about regulatory risks have lessened somewhat, with 38% of CAEs citing this area as having a significant impact on growth, compared to 51% last year. Nonetheless, regulatory risks were still the second-highest concern as ranked by respondents. Risks related to third parties and vendors came in third, up to 34% from 22% in 2014. Rounding out the highest-concern risk areas were execution of strategy (30%) and business continuity. Managing the compliance burden Although the financial services industry continues to face the challenges of a fluid and uncertain regulatory environment, our survey suggests that the effort dedicated to compliance has not risen. Thirty percent of CAEs, compared to 54% last year, reported that meeting compliance requirements constitutes up to 25% of their workload. Moreover, 67% said this does not represent an increased effort over last year. That said, while the rate of increase in cost may be slowing, the industry is still dealing with significant compliance costs. Optimizing those costs, therefore, remains a priority. Again this year, CAEs said that regulatory requirements add costs and distract the internal audit function from other activities. Increased costs remain the biggest impact of regulations, according to 72% of respondents, while the inability to devote resources to higher-value activities was cited by 42%. On the other hand, 38% said regulation had improved governance and the rigor of testing (Figure 2). When it comes to meeting regulatory requirements, financial services CAEs report that an ongoing challenge facing their organizations is a dearth of talent and lack of alignment among processes, operations and technology. “Meeting compliance obligations remains a pain point for companies in a variety of sectors,” explains Warren Stippich, partner and Grant Thornton national Governance, Risk and Compliance practice leader. “There are continued compliance requirements in highly regulated industries, such as financial services, combined with more scrutiny from the PCAOB [Public Company Accounting Oversight Board] regarding the work that is done around internal controls. With finite budgets and resource constraints, internal auditors must look toward optimizing all aspects of the work they do, including compliance activities,” Stippich says. Increased cost Unable to devote resources to higher-value activities Improving our governance and rigor of testing Little to no impact Other Figure 2: Impact of regulation on organizations* 71.7% 11.7% 0% 41.7% 38.3% *Financial services companies only. Respondents were able to select more than one answer. Responses do not add up to 100% due to rounding.
  • 4. 4  CAEs speak out: Cybersecurity seen as key threat to growth One-to-many takes root One path to optimizing compliance is the one-to-many approach, which allows companies to test once but report on multiple regulatory requirements while remediating any regulatory gaps. This lets organizations streamline compliance testing, meet more regulatory requirements, and provide a sustainable framework for long-term compliance management without repeating the same testing activities for different mandates. An example would be testing logical security and using those test results to satisfy multiple regulatory requirements, such as those associated with the Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard and the International Organization for Standardization. Two-thirds of financial services CAEs said their organizations have had success with a one-to-many approach. Furthermore, 18% said they can potentially apply the principles to up to 75% of their testing, and 41% said they can use the approach for up to 50% of their testing (Figure 3). Technology usage: A mixed bag CAEs in the financial services industry and in our overall survey indicated that they’re eager to improve the efficiency of the internal audit function, ranking this as their top goal for the coming year. However, some see limited value in implementing or updating governance, risk and compliance (GRC) tools. The following are responses from audit executives in the financial services industry: • More than half (54%) said that investing in GRC technology is one way they are enhancing or are planning to enhance their approach to risk management (Figure 4). 0% 1–25% 26–50% 51–75% 76–100% Figure 3: What percentage of your control testing do you think is possible to test once and use the results across mul- tiple compliance requirements?* *Financial services companies only. 0% 41% 41% 0% 18% Figure 4: What steps are you taking or planning to take to enhance your approach to risk management?* Increased focus on risk management Refining existing ERM approach Investing in governance, risk and compliance technology Integrating with operations and business strategy Better analytics and risk-modeling Implementing ERM initiatives Conducting a third-party risk assessment None Other 67% 29% 21% 6% 6.40.0%% 0% 51% 49% 54% 54% *Financial services companies only. Respondents were able to select more than one answer.
  • 5. 5 CAEs speak out: Cybersecurity seen as key threat to growth Internal audit function management and administration Centralized management and reporting of audit plans and results ERM Other compliance or regulatory testing (PCI DSS, FCPA, HIPAA) SOX testing Other • Only 10% disagreed with the assertion that their organizations effectively use GRC-specific technology. This is down from 23% last year, suggesting that CAEs are pleased with the progress made in this area. In addition, 45% agreed that their organizations are effectively leveraging a GRC tool, up from 36% last year. • CAEs whose departments use GRC technology indicated that they’re using it primarily for internal audit function management and administration, followed by centralized management and reporting of audit plans and results, enterprise-wide risk management, and other compliance or regulatory testing (Figure 5). • Despite some positive signs regarding GRC technology, 90% of respondents, up from 84% last year, said they don’t plan to implement a GRC tool in the next 12 months, which could suggest that some CAEs see limited value in implementing or updating the technology. Nonusers cited the cost and time required to deploy the technology as the top implementation challenge, followed by the difficulty of maintaining and supporting the technology. As these findings suggest, even if the benefits are considerable, some organizations, especially smaller ones, may find that they either cannot marshal the resources needed to adopt GRC technology, or they cannot realize an adequate return on investment. Some have found that spreadsheets are equally efficient and more cost-effective for their purposes. Data analytics: An aid to risk management Usage of data analytics to enhance the internal audit function also seems to be mixed. Consider the following: • More than half (53%) of financial services CAEs said they are not using data analytics or business intelligence tools to enhance the internal audit function, up from 39% last year. Slightly less than half (47%) of respondents said they are using data analytics, down from 61% in the 2014 survey. • Users of data analytics cited a more efficient internal audit process as the top benefit, which is consistent with the goal of optimizing compliance monitoring activities. Other benefits included the ability to quickly identify patterns, trends and relationships; and greater population testing coverage (Figure 6). “Although many large financial institutions, in particular, rely on advanced analytics, there are opportunities to do more,” says Nigel Smith, national Financial Services Advisory practice leader. “Effective use of advanced analytics can enable financial organizations to gain added benefits from the data they’re gathering and assembling as they comply with new regulations. Using advanced analytics, they can leverage those data assets to anticipate emerging risks and make more appropriate risk mitigation decisions.” Figure 6: What are the top benefits you achieve from using data analytics? Respondents selected top 3, with 1 being the highest. *Financial services companies only. Respondents were able to select more than one answer. Figure 5: Our organization uses GRC/internal audit technology tools primarily for the following functions:* 75% 0% 25% 20% 40% 40% More efficient internal audit processes Quickly identify patterns, trends and relationships Greater population testing coverage 1 2 3
  • 6. 6 CAEs speak out: Cybersecurity seen as key threat to growth Priorities, priorities As financial services CAEs look ahead, they’re focused on priorities — not just their own as internal audit professionals but also those of various stakeholders. Asked about the areas in which they are most frequently asked to deliver value, CAEs identified the following: (1) mitigating risk, (2) identifying improvement opportunities and (3) stronger compliance efforts in other areas. The priorities of financial services CAEs are not that out of alignment with those of their stakeholders. Without existing constraints, they identified the following as areas where they believe they could add the most value: (1) identifying improvement opportunities, (2) increasing efficiency and (3) mitigating risk/stronger corporate governance. Talent, compliance optimization key to delivering value Asked about barriers to delivering the greatest value, 51% of financial services CAEs cited talent quality or capacity, followed by budget constraints (Figure 7). The ability to attract talented internal auditors, in particular, is a significant challenge, but one that CAEs may be able to address by using a different approach. “With the internal audit function requiring a greater range of skills and more nontraditional types of skills — such as information technology expertise — CAEs may need to focus more on recruiting professionals with skills in these high-priority areas and complement that with co-sourcing arrangements,” says Smith. “For instance, by recruiting auditors who have an IT background, CAEs can enhance their department’s ability to understand and address cybersecurity risks.” In addition, the ongoing quest for greater efficiency can be addressed by taking the necessary steps to optimize compliance activities. This may include improving visibility into financial controls, better allocation of compliance resources (including talent and skill considerations), and greater responsiveness to regulatory demands and remediation needs. If CAEs can help their organizations develop a sustainable process for long-term compliance management, internal auditors should be able to increase their focus on facilitating the value-added operational improvements they view as a priority and strength. “It’s important that compliance optimization improvements be made in a way that makes them flexible and sustainable over the long term,” notes Smith. “The greatest successes occur when organizations view risk management and compliance effectiveness as a strategic necessity for the business, rather than just reacting to the latest regulatory challenges with tactical, manually intensive solutions.” Figure 7: What are the barriers to delivering the greatest value?* Talent quality or capacity Budget constraints Focus heavily weighted to compliance (regulatory compliance, financial controls compliance, SOX compliance and other compliance) Organizational politics Perception of internal audit within the organization 51% 42% 33% 44% 42% Wrongful acts most likely to result from financial institution cyberattacks:2 *Financial services companies only. Respondents were able to select more than one answer. 2 Survey, New York Department of Financial Services, 2013. 46% Account takeovers 18% Identity theft 15% Telecommunications network disruptions 9.3% Data integrity breaches
  • 7. 7 CAEs speak out: Cybersecurity seen as key threat to growth Cybersecurity: Suggested actions for CAEs Prepare for potential attacks and regularly test those preparations. The financial services industry’s dependence on IT, its interconnectedness, and the rapid growth and evolution of cyberthreats demand the attention of every organization’s board and senior management. Address exposure stemming from third-party and vendor relationships. The extended data supply chain created by such associations is a common path for hackers to gain access to IT systems. In addition to establishing risk management practices related to those third- party arrangements, financial institutions need to consider vendors’ risk management practices and controls. Focus on people and processes, in addition to technological solutions. Keep in mind that successfully addressing cyberrisks is not simply a matter of finding a technological fix for potential problems. It also involves people and processes. Shore up cyberrisk exposure by fully utilizing key resources available to businesses. These include Executive Order 13636, Improving Critical Infrastructure Cybersecurity, and the supporting standards from the National Institute of Standards and Technology, the FBI’s InfraGard program, the U.S. Computer Emergency Readiness Team and the U.S. Secret Service Electronic Crimes Task Force. Be alert to warning signals and identify potential vulnerabilities across the entire business ecosystem when assessing potential cyberrisks from third-party and vendor relationships. Ensure the board and senior management dedicate adequate attention to cyberrisks, including gaining an understanding of the institution’s inherent cybersecurity risks, according to the Federal Financial Institutions Examination Council. It is also essential to have routine discussions about cybersecurity issues; regularly monitor threats and vulnerabilities; create and maintain a dynamic control environment; manage third-party connections; and develop and test business continuity and disaster recovery plans by incorporating cyberincident scenarios.
  • 8. About Grant Thornton LLP Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. In the United States, Grant Thornton has revenue in excess of $1.3 billion and operates 57 offices with more than 500 partners and 6,000 employees. Grant Thornton works with a broad range of dynamic publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. This content is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information about the issues discussed, contact a Grant Thornton LLP professional. “Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL), and/or refers to the brand under which the GTIL member firms provide audit, tax and advisory services to their clients, as the context requires. GTIL and each of its member firms are separate legal entities and are not a worldwide partnership. GTIL does not provide services to clients. Services are delivered by the member firms in their respective countries. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. In the United States, visit grantthornton.com for details. © 2015 Grant Thornton LLP  |  All rights reserved  |  U.S. member firm of Grant Thornton International Ltd Connect with us grantthornton.com @grantthorntonus linkd.in/grantthorntonus