Thought Leadership on Becoming a Trusted Cyber Adviser
IIA whitepaper addresses how internal audit can provide top cybersecurity support
NEW YORK (July 19, 2016)—In short order,leaders in C-suites and boardrooms around the world have become acutely aware of the severe damage data breaches can create and the dire need for well-designed and comprehensive cybersecurity.
Further,successful cybersecurity demands an organization-wide approach.
A new report, Internal Audit as Trusted Cyber Adviser, outlines the steps heads of internal audit should take to become significant contributors to cybersecurity efforts. Audit leaders must go “beyond simply ensuring cybersecurity audits are executed according to plan” and instead bring a strategic and anticipatory approach to the problem, according to the report.
It urges heads of audit to build relationships with the chief information officer (CIO) and chief information security officer (CISO) to gain a clear understanding of what security and IT teams need. Additionally, heads of audit must be familiar with all “cyber pathways” in and out of the organization. Another key to success is buy-in from the top in support of internal audit’s efforts.
Beyond efforts to block cyberattacks and data breeches, audit leaders must embrace the concept of cyber resiliency, a holistic view of how the organization plans for and responds to a successful cyberattack.
The report, released today at The Institute of Internal Auditor’s 2016 International Conference, is part of the Global Perspectives and Insights series, which looks at key issues and challenges facing the profession and offers insights and direction on how best to address them.
The report is available in eight languages, including English, Chinese, Spanish, and Arabic, to members through The IIA’s national Institutes in more than 100 countries and territories around the world, as well as through its global website.