Getting Everyone on Board to Battle Security Risks
Board Involvement Improves Cyber-Security
Organizations whose Board of Directors is highly engaged with information security risks and include cyber-security in their annual audit plan manage cyber-security risk acceptably, according to 30% of respondents.
Defined Cyber-Security Measures Help
Defining cyber-security measures in the annual audit plan aids successful management of cyber-security risks. 47% of respondents rate their organizations as “very effective” at identifying cyber-security risk, compared to just 19% of other organizations.
Cyber-Security Risk Strategy
70% of organizations that include cyber-security in their audit plan also have a cyber-security risk strategy, compared to 42% of other companies.
Cyber-Security Evaluation Included in Audit
53% of respondents said cyber-security evaluation is included in their audit planning. Of those, 60% have used NIST’s Cybersecurity Framework to measure and evaluate their programs.
Top Five Security Risks
The top five most significant cyber security risks are: Data security (company information), Brand/reputational damage, Regulatory and compliance violations (tie), Data leakage (tie), Viruses and malware
Tech Knowledge: Top Five Priorities
Respondents assessed their competency in 35 areas of technical knowledge, indicating whether their knowledge is adequate or needs improvement. The top areas for technical knowledge improvement include: Data Analysis Technologies, NIST Cybersecurity Framework, Mobile Applications, Continuous Assurance, The Guide to the Assessment of IT Risk
Audit Process Knowledge–Top Five
Respondents evaluated 35 areas of audit process knowledge in terms of improvement. These include: Auditing IT security, Computer-assisted audit tools (CAATs), Data analysis tools for data manipulation, Marketing internal audit internally, Monitoring fraud
Increased Adherence to Standards
Internal auditors indicate an increased desire for new guidance and standards to advance IT audit plans and communicate the importance of these practices more effectively to key stakeholders.
Commitments to Collaboration
Internal auditors are committed to increasing collaboration with other departments and wish to improve and leverage their personal skills such as persuasion and their relationships with board members, to balance multiple priorities and strengthen their strategic contributions to the enterprise.
CIOs and Internal Auditors
According to 43% of respondents, many CIOs have been collaborating with the audit committee, reporting on both cyber-security and IT-related risks.
