Getting Everyone on Board to Battle Security Risks

 
 
By Karen A. Frenkel  |  Posted 03-27-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Board Involvement Improves Cyber-Security
    Next

    Board Involvement Improves Cyber-Security

    Organizations whose Board of Directors is highly engaged with information security risks and include cyber-security in their annual audit plan manage cyber-security risk acceptably, according to 30% of respondents.
  • Previous
    Defined Cyber-Security Measures Help
    Next

    Defined Cyber-Security Measures Help

    Defining cyber-security measures in the annual audit plan aids successful management of cyber-security risks. 47% of respondents rate their organizations as "very effective" at identifying cyber-security risk, compared to just 19% of other organizations.
  • Previous
    Cyber-Security Risk Strategy
    Next

    Cyber-Security Risk Strategy

    70% of organizations that include cyber-security in their audit plan also have a cyber-security risk strategy, compared to 42% of other companies.
  • Previous
    Cyber-Security Evaluation Included in Audit
    Next

    Cyber-Security Evaluation Included in Audit

    53% of respondents said cyber-security evaluation is included in their audit planning. Of those, 60% have used NIST's Cybersecurity Framework to measure and evaluate their programs.
  • Previous
     Top Five Security Risks
    Next

    Top Five Security Risks

    The top five most significant cyber security risks are: Data security (company information), Brand/reputational damage, Regulatory and compliance violations (tie), Data leakage (tie), Viruses and malware
  • Previous
    Tech Knowledge: Top Five Priorities
    Next

    Tech Knowledge: Top Five Priorities

    Respondents assessed their competency in 35 areas of technical knowledge, indicating whether their knowledge is adequate or needs improvement. The top areas for technical knowledge improvement include: Data Analysis Technologies, NIST Cybersecurity Framework, Mobile Applications, Continuous Assurance, The Guide to the Assessment of IT Risk
  • Previous
    Audit Process Knowledge–Top Five
    Next

    Audit Process Knowledge–Top Five

    Respondents evaluated 35 areas of audit process knowledge in terms of improvement. These include: Auditing IT security, Computer-assisted audit tools (CAATs), Data analysis tools for data manipulation, Marketing internal audit internally, Monitoring fraud
  • Previous
    Increased Adherence to Standards
    Next

    Increased Adherence to Standards

    Internal auditors indicate an increased desire for new guidance and standards to advance IT audit plans and communicate the importance of these practices more effectively to key stakeholders.
  • Previous
    Commitments to Collaboration
    Next

    Commitments to Collaboration

    Internal auditors are committed to increasing collaboration with other departments and wish to improve and leverage their personal skills such as persuasion and their relationships with board members, to balance multiple priorities and strengthen their strategic contributions to the enterprise.
  • Previous
    CIOs and Internal Auditors
    Next

    CIOs and Internal Auditors

    According to 43% of respondents, many CIOs have been collaborating with the audit committee, reporting on both cyber-security and IT-related risks.
 

Although internal auditors admit that much work remains to meet cyber-security and data privacy standards, results are significantly better for organizations whose boards of directors are highly engaged with security risks. So says a new report by consulting firm Protiviti, "From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions." A total of 800 internal audit professionals, including chief audit executives, participated in the survey, which is Protiviti's ninth annual such report. The report reviews cyber-security management and processes and assesses general technical knowledge, audit-process knowledge and auditors' personal skills and capabilities. "Those professionals who continue to engage board members and define security measures within their annual audit plans will be poised to effectively mitigate future threats," said Brian Christensen, Protiviti’s executive vice president of Global Internal Audit and Financial Advisory.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...