IT audits have a bad rap for being a “tick-box” activity that only focuses on surface-level risks and abstract controls. A recent international study, “The Next Generation Cybersecurity Auditor,” found a significant knowledge gap in 151,000 Big Four IT Auditors’ theoretical knowledge and practical skill.