CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: [email protected].

IIA seeks public input on third-party risk assessment requirements

The Institute of Internal Auditors (IAA) is seeking feedback on new requirements that would establish baseline standards for how internal audit functions should assess third-party governance, risk management and control processes within organizations.

Open for public comment until April 20, the third-party topical requirement is designed to provide internal auditors with a consistent framework for evaluating risks associated with vendor relationships, outsourcing and supply chains. This marks the second in a series of requirements following cybersecurity standards released in February.

“Particularly in light of geopolitical shifts that are driving global trade and supply chain disruptions, third-party relationships can present a number of threats to organizations including operational, reputational and compliance risks,” said Anthony Pugliese, president and CEO of the IIA, which serves internal audit professionals worldwide.

While the requirements don’t mandate that specific risk areas be included in audit plans, they provide practitioners with baseline criteria for assessing key risk domains that impact organizations globally. The IIA is developing additional topical requirements covering business culture, business resilience and anti-corruption and anti-bribery.

Internal auditors and other stakeholders can review the draft requirements and submit feedback through April 20 via a survey available in multiple languages.

85% of companies expect to increase fraud budgets

A majority of global companies (85%) are increasing their fraud budgets, according to a survey by fraud prevention and AML compliance provider SEON. The company’s survey of more than 500 fraud, risk and compliance professionals also found that 88% of fraud teams expect to expand as their companies grow.

A few other key findings:

• 84% say AI will reduce the need for human oversight.
• 95% of respondents say they are cross-training teams to handle fraud challenges (or plan to).
• Real-time transaction monitoring (62%) and AI risk-decisioning (60%) were ranked as the most effective components of fraud prevention strategies.

Report reveals top priorities and challenges for tech workers

Tech professionals are primarily motivated by problem-solving opportunities, continuous learning and job security, according to a new report from ISACA, a global technology professional association. The global survey of 7,726 tech workers reveals significant insights into workforce priorities, challenges and satisfaction across different demographics.

Analyzing and solving problems (45%), opportunities for continuous learning (41%) and job security (38%) rank as the top three reasons professionals pursue IT careers. Despite industry-wide discussions about remote work, only 18% cite work-life balance as a primary motivation for entering the tech field.

“There is a struggle similar to an arm-wrestling match happening between many tech employers and employees,” the report states. “Many workers are continuing to hold onto less-than-satisfying roles due to uncertainty about finding or keeping a new job.”

Other key findings:

• 74% of organizations are concerned about attracting and retaining talent, but only 27% regularly discuss this issue with employees.
• 87% of respondents report that gender disparities continue to exist in the tech sector, with women more likely than men to cite gender biases as a career challenge (27% vs 4%).
• The need for more technical knowledge (35%) and keeping up with changing technology (31%) are cited as top career challenges across all demographics.
• Interesting work (36%) and compensation (34%) are the main reasons employees stay at a company, though women (49%) are much more likely than men (37%) to cite remote work options as a retention factor.

Digital accessibility study finds 297 issues per webpage across industries

Websites across industries average nearly 300 accessibility issues per page, placing businesses at significant legal risk, according to a new report from AudioEye, an accessibility software platform. The analysis of 15,000 websites identified widespread compliance gaps that could expose companies to lawsuits, regulatory penalties and lost customers.

Retail websites showed the highest number of problems, averaging 350 issues per page, while healthcare sites averaged 272 issues that could prevent patients from scheduling appointments or accessing test results. The findings highlight challenges for people with disabilities attempting to navigate and use essential online services.

“Many businesses don’t realize their accessibility compliance gap until they take a closer look at their websites,” said David Moradi, CEO of AudioEye. “This year’s Index reveals the true scale of digital inaccessibility, and the results are alarming.”

Other key findings:

• 38% of images lacked proper alternative text, making content inaccessible to people with visual disabilities.
• 80% of pages had links without clear descriptions, preventing screen reader users from understanding their purpose.
• 41% of travel and hospitality webpages had issues that made it difficult for keyboard-only users to navigate content or make reservations.
• 35% of pages had forms missing clear labels or instructions, creating obstacles for users relying on assistive technology.

The report highlights growing legal vulnerabilities as digital accessibility enforcement increases globally under laws like the Americans with Disabilities Act and the European Accessibility Act.