Over the course of just a few years, cybersecurity has grown into one of the most significant risk management challenges facing virtually every type of organization. Is the internal audit function keeping pace with this rapidly changing area of risk? This report examines this question and, based on a survey of internal audit and cybersecurity professionals, offers some observations on how internal audit departments are adapting in order to address cybersecurity risks.
A decade ago, the internal audit function evolved and adapted to the increasingly important role that information technology (IT) was playing in all aspects of business operations. Today, internal audit faces the need to adapt once again to address the critical risks associated with cybersecurity.
Recognizing this need, the Internal Audit Foundation and Crowe Horwath, in collaboration with The Institute of Internal Auditors’ (IIA’s) Audit Executive Center, conducted a limited survey of IIA members in order to understand how internal audit has begun to adapt to this new risk landscape.
This report offers a summary of key findings from that research and provides insights into some current internal audit and cybersecurity policies and practices. In addition, the report’s authors draw on industry experience and observation based on their working relationships with internal audit functions across a broad range of industries.
The survey respondents represented organizations of various sizes in a variety of industries. Their positions and job titles covered the full range of relevant responsibilities including chief audit executives (CAEs), audit directors, senior managers, managers, and internal audit staff. Their responses provide insights into the future role of internal audit in dealing with cybersecurity issues and illuminate several important areas of concern.
Download The Future of Cybersecurity in Internal Audit
Meer weten over cyber? Volg onze workshop Cyber Defense van 17 april!