“We are currently experiencing a hyper exponential period of change to digital infrastructure, and as a result it is inexplicitly changing the IT landscape," he tells CIO New Zealand.
Technology is evolving so fast, the challenge for risk professionals is to keep up, he says. “People used to say ‘I know IT’, even ‘I know IT risks’. Now this is very difficult.”
Vael lists the five key trends emerging that are impacting IT audit and IT risk professionals, requiring executives to adapt in order to manage and protect the business.
Trend one: The Internet of Everything
Devices today are becoming connected with everything else – from mobile phone to television and even refrigerators.
In 2011, there were 15 billion connected things – and this is expected to increase to 30 billion by 2020, according to ABI Research.
Key emerging technologies are embedded sensors, image recognition and NFC (near field communication). Wearable smart electronics within clothing, shoes, accessories and even tattoos are likely to become a $10 billion industry by 2016, according to Gartner.
He says there are four implications of this trend for IT and IT risk professionals:
- Device controls and well thought-out design is vital for trust and value
- Device failures are real
- IT audits of the ‘Internet of Everything’ will be required via automated IT audit devices
- Additional training for IT professionals will be required.
Trend two: Private memory
Neuro-technology is increasing whereby people’s mind can be used as a way to communicate with a computer. Therefore, you don’t need to use your hands or eyes, as thought power will drive the technology, he states. “Companies are increasingly developing solutions to suit. But there is a risk that a computer might be able to ‘steal our minds’ and tamper with thought processes.”
Trend three: 3D printing
Vael says 3D printing is the next step for a lot of companies, particularly for those in the medical and automotive sectors. Human printing is also advancing, with companies working on how to design human printing, for instance, to help burn victims.
This can solve a lot of issues to enhance treatment, but there are also risks, he points out. “End products need to be verified and IT needs to enable authenticity checks and controls. For example, guns can now be printed via 3D printing! In the wrong hands this could have terrible consequences. With bio printing – concerns surround handling inventory, and ensuring quality is maintained.
“IT controls need to shift from the end product to raw materials,” he states. IT professionals also need to check and maintain the computer devices that are printing these items.
Trend four: Augmented reality
With innovations such as Google Glass, we can use technology to provide more information in real time, says Vael. They allow people to see things that are available in the real world, such as in a shopping mall or street. Now there are some emerging examples where a device might not be needed anymore to allow people to access augmented reality.
The risk is the information can be abused, and be fake, he states. “How do you determine how trustworthy the information is? And if there is too much commercial information, how do you screen advertisements and marketing material?”
IT controls need to shift from the end product to raw materials.
Another issue is privacy and giving away too much information. “IT professionals now need to be aware of the risks, and put controls in place to ensure their company or citizens aren’t taken advantage of.”
Trend five: Advanced e-health
With Big data and analytics technology there is the ability to gain to automation of patient files, and enable the faster exchange of information. The next step becomes really innovative ways of dealing with sickness or diseases, he says. For example, people with the same symptoms can group together and work out what works. Even now some smartphones have the ability to monitor heart health and people can do standard health checks themselves.
But there is a major risk that the information people are accessing is not correct, or people don’t interpret information correctly, says Vael. “The challenge comes when people decide to trust computers more than doctors,” he states. "From an IT standpoint we need to ensure adequate controls are in place and the public are aware of these aspects, for instance, through medical government bodies."
The challenge comes when people decide to trust computers more than doctors.
The rise of industry specific IT risk professionals
Given these technology shifts, Vael predicts IT audit and IT risk analysis will become more specialist. He cites the evolution of risk professionals that are industry specific, for instance, in mobiles and smartphones.
“There is so much complexity, therefore you need to specialise.”
While there will also be more demand for risk professionals, this really has to be seen as the second line of defence, he says.
The first line is composed of people who are developing applications, who need to consult with risk professionals to provide guidance on the applications of various technology and the potential for use and misuse. The internal auditors, meanwhile, are the third line of defence verifying if the controls are effective and efficient.
He says ISACA is working in this space, sharing information globally in a “non-competitive way”.
The goal, he says, is to provide companies and professionals with a forum to interact and develop responsible IT practices for the overall good of society.
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.