05-01-2016
05-01-2016

Cybersecurity and the role of internal audit

Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls, and helping the audit committee and board understand and address the diverse risks of the digital world.

Cyber risk and internal audit
The threat from cyberattacks is significant and continuously evolving. Many audit committees and boards have set an expectation for internal audit to understand and assess the organization’s capabilities in managing the associated risks. Our experience shows that an effective first step for internal audit is to conduct a cyber risk assessment and distill the findings into a concise summary for the audit committee and board which will then drive a risk-based, multiyear cybersecurity internal audit plan.

Third line of defense
Business units and the information technology (IT) function integrate cyber risk management into day-to-day decision making and operations and comprise an organization’s first line of defense. The second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations, and take action as needed.

Increasingly, many companies are recognizing the need for a third line of cyber defense–independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.

Download the complete PDF Cybersecurity and the role of internal audit

Authors: Sandy Pundmann and Michael Juergens

Terug naar het nieuwsoverzicht

IIA Nederland

088-0037100
iia@iia.nl
Burgemeester Stramanweg 105F
1101 AA Amsterdam
Contact opnemen

Audit Magazine

Audit Magazine

Lidmaatschap

IIA is dé toonaangevende beroepsorganisatie voor internal auditors. Een lidmaatschap laat u delen in de collectieve kennis van alle vakgenoten in de wereld.
Meer informatie