Audit fatigue is a key pain point in IT risk management and compliance – Telos and IBM Security are ready to tackle it head on.

John Wood - Telos Blog
John B. Wood
May 16, 2022 • 3 min read
Audit fatigue is a key paint point in IT risk management

Dimple Ahluwalia, VP and Global Managing Partner at IBM Security, recently wrote a blog post highlighting the launch of IBM Active Governance Services (AGS). Telos is excited to be the launch partner with IBM Security for the AGS launch that will focus on industry trends and the challenges organizations are facing around cybersecurity risk and compliance.

There is no question that the number of global, national and local compliance requirements are increasing, resulting in massive amounts of security controls to implement, test and report on. For those regulations requiring external validation, audit requests are coming at a higher frequency putting stress on key resources already dealing with the new age of hybrid IT infrastructure.

Telos and IBM Security are certainly in sync on this issue, and we are concerned about the repercussions these issues have on the already heightened state of cyber security.

Telos has been spearheading our own research into the concept of audit fatigue and commissioned two studies on the audit fatigue phenomenon. The first study, A Wake-Up Call: The Harsh Reality of Audit Fatigue, conducted in the fall of 2020, explored the impact of burgeoning cybersecurity and privacy regulations on commercial enterprises and the individuals who work there.

Some of the key information gained from this study includes:

  • On average, organizations currently must comply with 13 different IT security compliance and/or privacy regulations, which requires a team of 22 dedicated staff
  • 58 working days each quarter are spent responding to audit evidence requests
  • 86% of respondents believed that compliance is or will be an issue for them when moving systems, applications, and infrastructures to the cloud
  • 94% of organizations report they would face challenges when it comes to IT security compliance and/or privacy regulations in the cloud
  • The survey found there was an average of over 17 audit evidence requests each quarter
  • It takes an average of three working days to respond to a single audit evidence request

Our follow-up study, Revisiting the Harsh Reality of Audit Fatigue: How Financial Services are Faring in 2021, took a deep dive into the financial services industry, and found an industry particularly burdened by audit fatigue:

  • 95% of surveyed financial IT security professionals reported they personally dread their organization being audited 
  • An average of 54 dedicated people is required to work on IT security and/or privacy compliance 
  • Financial organizations spend an average of 71 working days each quarter responding to audit evidence requests  

The bottom line is organizations are hurting, and they need help. Together with IBM Security, we will use our combined extensive expertise in the area of IT risk management and compliance to create efficiency out of chaos and offer effective solutions to the audit fatigue issue.

The AGS solution will utilize strategic planning, responsive compliance reporting, proactive monitoring, and automation of the most time-consuming tasks all while leveraging existing tools to create a more ordered approach to IT risk management and compliance. The solution is scalable across hybrid, multi-cloud, and on-premises architectures and systems, and will bring peace of mind to those on the front lines of the cybersecurity battle.

If you’d like to learn more about IBM AGS, I encourage you to visit, and learn how this innovative solution is addressing the most urgent concerns of those in the field of compliance.

John Wood - Telos Blog
John B. Wood
CEO of Telos Corporation
John B. Wood is the chairman and CEO of Telos Corporation.
Read full bio

Subscribe to Our Newsletter

Email Address
Select a Country

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.