RiF 2021 Practical guidance on cybersecurity and data security

This practical guidance is part of the Risk in Focus 2021 publication. It aims to provide a concise overview of key publications and existing tools developed by the 10 European institutes of internal auditors in Austria, Belgium, France, Germany, Italy, Luxembourg, the Netherlands, Spain, Sweden, the UK & Ireland and publications from IIA Global.

This guidance is developed to help internal auditors address some of the key risks identified in Risk in Focus 2021, with the aim of contributing to the reduction of their impacts on businesses and stakeholders. Where the Risk in Focus report itself addresses the ‘WHAT-could be important to audit’, this guidance helps you address the ‘HOW-to audit’ this topic.

For the 2021 edition, practical guidance and webinars will be available on the following three chosen topics from the report:

• Guidance Cybersecurity and data security
• Webinar Cyber and Data Security 
• Guidance Macroeconomic and geopolitical uncertainty
• Guidance Climate change and environmental sustainability

These topics have been selected due to their current and foreseen importance for most organisations and take into consideration the needs of Chief Audit Executives to strengthen or expand their knowledge and experience in auditing these three fast-developing risks.

Please keep in mind that we intentionally chose to dive into some specific components of these three risks. Whilst we have endeavored to explore what we think are the key focus areas of these risks, a thorough understanding of their application may require additional research on your part, but we aim to provide a selection of what would benefit the most to the profession in the current context.

All practical guidance is designed to firstly, help practitioners learn from experienced professionals (experts, operational teams or internal audit), and, secondly, offer practitioners useful reflections that we believe are of particular interest when auditing these topics and their associated risk management processes.

About Cybersecurity

Cybersecurity and data security has been one of the top three priority risks identified in Risk in Focus over the past five editions. It is documented as the number one priority risk for 2021, and this trend is expected to continue for the next three years. As a result, a number of resources have been produced within the IIA network to support practitioners navigating this risk.