If you’re hiring an IT Audit or Risk professional this quarter, here are some things you need to know…
With the advancements in technology & digital transformation including Generative AI & its increased use across business processes a new challenge presents itself for organisations. With these advancements come new risks relating to an organisation’s IT systems and infrastructure; with potentially severe consequences for businesses where the risks are not managed appropriately including financial, reputational, legal & operational impacts.
The role of the IT Audit and Risk professional is to identify, assess, report, manage & mitigate against technology and cybersecurity risks. Additionally, they promote effective internal controls and risk management and provide guidance to the business on all aspects of internal audit governance hence why their role is now more critical than ever.
#1 Demand generation
Over the last year, Barden has had the opportunity to support multiple Irish PLCs, Technology organisations and Audit Practices who were making strategic appointments to their IT Audit & Risk teams. The roles have spanned across all levels from SOX and IT Auditor, Head of Risk and Head of IT Audit. The factors driving an increased level of hiring in this area of internal audit & controls include:
- Advancements in technology including AI / Gen AI and digital transformation. With these advancements come additional risks as outlined above and an increased focus on having the right talent to manage this area of the business.
- Cybersecurity and associated risks remain a top priority for organisations regardless of sector. More about this below in future challenges.
- Listing in new jurisdictions including the US & the need to build out their existing IT Audit & Risk functions to get ready for what is coming down the track.
- Business expansion through acquisition resulting in an uplift in their internal audit function. The critical aspect is to ensure they can integrate and onboard new entities & technology infrastructure with the right level of support and guidance.
- Continued investment & focus on the role of IT Audit & Risk – continued investment in the IT function given the influential roles they are playing against the backdrop of increased transformation and change.
Each Company we have partnered with places an enormous value on the role of IT Audit. The risk associated with not getting this right can have far-reaching consequences for businesses and their reputation.
#2 Verticals – IT Audit v SOX IT Audit
SOX IT audit and IT General Controls audit both focus on assessing and ensuring the effectiveness and reliability of information technology systems within an organization, however, some fundamental differences exist across both verticals including scope, compliance requirements, objectives and the skill set of those involved. These are outlined below:
#3 Variables to consider – Talent & Hiring Managers
Having spoken to clients and a notable % of the talent that exists within the Irish market across practice and industry, we’ve outlined some considerations below that might be helpful to both hiring managers and talent in the market. These should be considered in tandem with the factors that are driving demand. This will of course be specific to an organisation, where one or many might be relevant and require consideration in the search for talent.
#4 Base Salary
For the purposes of transparency, this is a very broad guideline based on recent engagements with our Clients. It is important to understand the specifics of each individual role i.e. scope, size of team, Industry v Practice, scope of responsibilities & location.
Context is very important when considering salary ranges. For bespoke advice please feel free to reach out to catherine.drysdale@barden.ie
#5 Talent Availability
Here are some data points about the IT Audit & Risk talent pool in Ireland this quarter. The estimated number of talent available per role for Q4 2024 was undeterminable based on data available at the time of publication:
#6 Projected Challenges for IT Audit & Risk for the year ahead
- Cybersecurity & technology resilience – the focus on protecting from potential digital threats against an organisation’s IT infrastructure continues to be one of the top priorities for organisations. In a recent study ‘Global Technology Audit Risks Survey’ conducted by Provinti in partnership with The Institute of Internal Auditors (The IIA), Cybersecurity remained the top-ranked critical technology risk. Next-gen cyber threats are highlighted as posing the most significant risk over the next two to three years.
- Generative AI & Machine Learning (ML) – due to its widespread adoption, the risks associated with the implementation of Gen AI & ML technology across business processes have become a key area of focus. Considerations on its appropriate adoption, audit proficiency and managing against misuse to ensure trust is maintained. Defining, implementing and oversight of a robust framework around the use of AI in businesses will be a key consideration for IT Audit and Risk professionals.
- Cloud solutions & assurance – there has been a rapid increase in the adoption of cloud-based solutions, used by organisations to host critical systems such as their ERP & customer-facing applications. Applying solid practices across all lines of defence is critical to managing any associated cloud-based risks and controls.
- Data Governance – Accuracy, consistency and trustworthiness of an organisation’s data remains a critical factor. This is true not just for IT audit but in the context of its wider impact on the successful outcome of an organisation’s digital/non-digital transformation programmes.
- Third-party service management – outsourcing to third-party providers does not outsource the risk. Ensuring there is clear oversight of all third-party services continues to be critical for IT Audit and Risk.
- Talent gap – risks and challenges associated with attracting and retaining talent within the IT Audit domain will continue to be a challenge. Additionally, organisations should identify skills gaps including those specific to AI & ML and set out to deliver targeted training to address those gaps.
In Barden, we understand that each team, role, and requirement is unique. If you’re interested in exploring which approaches would be best suited for you & your organisation, please feel free to contact Catherine Drysdale our IT Audit & Risk Talent Advisory & Recruitment expert here in Barden (catherine.drysdale@barden.ie); We’re where leaders go before, they start looking for IT Audit & Risk talent.
This information is accurate as of October 2024 and will be updated periodically. Data sources include Barden Proprietary Data, LinkedIn Analytics and other 3rd party data sources. If you have a request and would like real-time information to inform your hiring decisions contact Catherine Drysdale at catherine.drysdale@barden.ie