Keeping pace with the IT risk landscape and the world of your Chief Information Officer (CIO) can be daunting. Disruption from the pandemic has permanently changed how we work, shop and access services. Most organisations have reacted to this by accelerating their digital business models. 

Here is a summary of the latest thinking, top risks and considerations into how audit leaders might approach technological assurance in the digital age.

Current thinking 2025

Key risks

Regulatory landscape

Future thinking 2030

Assurance

Current thinking | 2025

As you read this section, think about your organisation’s IT strategy: is it simply maintenance, is it transformational or is it inspiring? The CIO needs to balance strategic and operational needs while also taking account of the external environment as digitalisation accelerates (read the Chartered IIA’s Risk in Focus 2022 report for more on this).

• Microsoft ends supports for Windows 10 in October 2025. Organisations who have not migrated will be exposed to increased cyber risk without patch updates.
• Cloud computing continues to increase across all three aspects due to scalability, cost and efficiency; software/infrastructure/platform as a service. Security should be tested where rapid deployment took place over the last two years to enable remote working. It is important to match risk appetite with the use of public, private and hybrid clouds. What does cloud risk management look like in your organisation?
• Digital transformation is being accelerated through the use of low-code development platforms that enable the creation of software apps using graphical interfaces instead of hand coding them. This reduces dependency on overstretched IT functions but potentially introduces new vulnerabilities and makes managing innovation harder. Entry-level quantum computers launch late 2022 while higher specification versions will be available in 2023 for sectors such as finance, energy and technology. It is comparable to the invention of…