Internal Audit’s Key Role in Cyber Preparedness
New report emphasizes holistic approach to cybersecurity
PHOENIX, Az (Aug 17, 2015) — Alarming growth in high-profile cyberattacks is shocking the business community globally toward greater awareness of protecting data that increasingly serves as an organization’s life blood.
Not surprisingly, much of today’s cybersecurity efforts focus on prevention. But a new report released today at the 2015 Governance, Risk and Control (GRC) Conference in Phoenix urges companies and organizations to take a more holistic view of cybersecurity – from prevention through recovery – by recognizing the critical role of internal audit.
Internal Audit’s Role in Cyber Preparedness: The Importance of a Holistic Approach maintains that organizations must learn to anticipate, withstand, and recover from cyberattacks to be truly cyber-prepared. Key to that approach is for boards and audit committees to understand the tools and resources available to their organizations when crafting cybersecurity strategies, policies, and protocols.
“Organizations must get beyond simply trying to keep the cyber invaders out,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “This new report promotes a comprehensive approach and explains how internal audit plays a crucial support at each step in the process.”
The report was released at the start of the three-day conference hosted jointly by The Institute of Internal Auditors (IIA) and ISACA. The conference brings together more than 700 governance, risk management, control, and business professionals from around the world, offering GRC professionals opportunities to expand their network, build knowledge, and hone their skills.
This year’s event features more than 30 sessions split into four tracks comprising risk mitigation, anti-bribery and corruption, privacy, technology, audit effectiveness related to millennials, and more.
Internal Audit’s Role in Cyber Preparedness, developed by The Institute of Internal Auditors Research Foundation (IIARF) explores five key areas of cyber preparedness – protection, detection, business continuity, crisis management and communications, and continuous improvement – and the important role a well-resourced and supported internal audit function plays as an ally and assurance provider. The report concludes with a warning understood all too well by those that have fallen victim to cyberattacks: “Only organizations that develop the skills to cope with these threats at strategic and tactical levels will survive and grow.”.