哪些是內部稽核需要關注之資訊科技議題?除考量企業所屬產業特性、規模大小及面臨之內外在風險外,透過借鏡海外經驗,以瞭解先進國家對於相關議題之分析,掌握趨勢、關注熱門議題。Deloitte UK自2012年開始,每年透過問卷調查方式,以瞭解英國當地針對資訊科技稽核議題之發展趨勢。而根據Deloitte UK發布之《Riding the wave 2023 Hot Topics for IT Internal Audit》顯示,2023年前十大議題整理如下:
排名Rank |
英國各行業 Across UK sectors |
金融服務行業 Financial Services |
1 |
Cyber Security |
Cyber Security |
2 |
Digital Transformation and Change (數位轉型和變革) |
Digital Transformation and Change (數位轉型和變革) |
3 |
Data Management and Governance |
Cloud Hosted Environments |
4 |
Cloud Hosted Environments |
Operational and IT Resilience |
5 |
Operational and IT Resilience |
Data Management and Governance |
6 |
Business Critical IT Controls |
Third-Party Risk Management |
7 |
Third-Party Risk Management |
IT Strategy and Governance |
8 |
IT Strategy and Governance |
Identity and Access Management/Privileged Access |
9 |
Identity and Access Management/Privileged Access |
Business Critical IT Controls (企業營運關鍵IT控制) |
10 |
Digital Risk: Artificial Intelligence (數位風險:人工智慧) |
Payments (支付) |
表1 - 2023資訊科技內部稽核熱門議題IT Internal Audit Hot Topics 2023
「資訊安全」在過去近十年中持續位居榜首,而「雲端」、「數位轉型」、「第三方風險」、「營運和IT韌性」仍皆屬持續關注議題。
(資料來源:勤業眾信風險諮詢服務/ 吳志洋執行副總經理、許懷文協理
https://www2.deloitte.com/tw/tc/pages/risk/articles/internal-audit-new-wave-of-technology.html)