A Wake Up Call: The Harsh Reality of Audit Fatigue

A Risk Management and Compliance Research Report

The importance of privacy and security has grown exponentially over the last five years, bringing with it a host of new regulations. But what is the business impact of this growing number of security and privacy regulations? How are commercial organizations coping with these requirements? What is the cost to businesses? Those are just a few of the questions that led to this survey and subsequent report, which we believe to be the first attempt to quantify a growing problem for commercial enterprises: audit fatigue.

A Hidden Threat to Successful Compliance and Personnel Morale

Audit fatigue not only plagues organizations as compliance becomes a drain on time and resources, it also personally affects the individuals tasked with managing IT security compliance and privacy regulations. As more regulations come into existence and more organizations migrate their critical systems, applications, and infrastructure to the cloud, the risk of non-compliance and associated impact increases.

Key findings from the research study include:

  • On average, organizations currently must comply with 13 different IT security compliance and/or privacy regulations, which requires a team of 22 dedicated staff
  • Organizations spend over $3.5 million each year on activities relating to IT security and privacy compliance and about 58 working days each quarter responding to audit evidence requests
  • Approaching nine in ten (86%) believe that compliance is or will be an issue for them when moving systems, applications, and infrastructures to the cloud, and 94% of organizations report they would face challenges when it comes to IT security compliance and/or privacy regulations in the cloud
  • IT security professionals report receiving an average of over 17 audit evidence requests each quarter and spend an average of three working days responding to a single request
  • Over the last 24 months, organizations have been found non-compliant an average of six times by both internal and third party auditors resulting in an average of eight fines, costing an average of $460,000

Learn more about the personal and organizational impact of audit fatigue and explore potential solutions to ease compliance headaches by downloading our report, A Wake Up Call: The Harsh Reality of Audit Fatigue.