Read Richard Chambers' Latest Blog
What Happens When Internal Audit Is Ignored? It Happens Too Often
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:
In the summer of 2017, internal auditors for the city of Atlanta warned officials that their IT systems could be easily compromised if they weren't fixed immediately. The audit report minced no words, calling out the lack of resources (tools and people) available to address the "thousands of vulnerabilities" and characterizing the situation as a "significant level of preventable risk exposure," according to news media reports.
The city apparently began to implement certain security measures, but it was a classic case of too little, too late. A ransomware attack — essentially digital extortion — crippled the city's computer network and took many departments nearly into the "Dark Ages" of pen and paper. The breach even shut down Wi-Fi service at Atlanta International Airport. Fortunately, critical services such as those supporting emergency responders (and flights at the nation's busiest airport) were not affected.
It was a textbook example of a ransomware attack. And after years of such breaches around the globe, the city's response to internal auditors' dire warnings should have been textbook, as well. It clearly was not.
Read the full InternalAuditor.org blog post from IIA President and CEO Richard Chambers.