Gartner: Auditors Eye Ransomware and Long-Term Economic Effects from COVID-19
November 9, 2021
Ransomware and the long-term effects of COVID-19 on markets and
organizations are key items to cover in 2022 audit plans, according to
Gartner, Inc. The Gartner 2022 Audit Plan Hot Spots report also
identified evolving societal expectations for enterprises, such as
environmental, social and governance (ESG) risks, and operational
resilience as top risk areas for 2022.
Audit concerns about other digital and IT risks, such as data and analytics and IT governance, also reflect the increased importance of digital capabilities in the wake of COVID-19, and the need for rigorous assurance over associated risks. Many of the 12 risk hot spots – such as economic uncertainty, workforce management, and business continuity – relate to the ongoing effects of the COVID-19 pandemic.
2022 Audit Plan Hot Spots
“Ransomware is resulting
in revenue and data loss, compromised data, reputational damage,
significant operational disruption and more,” said Ginsburg.
“Regardless of their size or revenue, organizations should
assume they will be targeted with ransomware, and they should
examine their prevention, detection, mitigation, response and
Gartner experts recommend five initial steps for auditors to provide assurance over their organizations’ efforts to mitigate risk from ransomware attacks:
Diverse Risk Landscape
“Global business operations continue to be disrupted by supply chain issues, shortages, and other ongoing market effects from the pandemic-era economy,” said Ginsburg. “These include fierce competition between organizations for talent, greatly increased shipping prices and times, and shortages of key goods such as semiconductors.”
ESG matters have also taken on a new momentum in recent times with enterprises making public commitments in this area, and social and investor activism reaching new levels of intensity. This is creating risks for companies that are not meeting the expectations of investors, regulators, consumers, prospective and current employees, and others.
“2022 looks like a year that will feature an especially diverse array of unpredictable and highly impactful risks. Audit will need increase its capacity to assess such risks and provide related assurance over them to keep up with a highly turbulent risk landscape,” said Ginsburg.