Internal Auditors face constant change, and nowhere is that change more obvious, and sometimes daunting, than in the technology arena. With new technologies come new risks, and new ways for hackers to exploit those risks. How can an Internal Audit team, often stretched in terms of resourcing and budget, keep up with it all?
Often, cybersecurity is viewed as an IT responsibility, and audit efforts are focused on what IT is doing to ensure that the organization is protected. What tools do they use? How are firewalls configured? How do they monitor? But that’s only a piece of the puzzle. When you look at the root causes of security breaches, some studies have reported that over half are due to human error…and those aren’t necessarily the humans in your IT department. When you look at your audit plan, how are you addressing your cybersecurity risks outside of IT? All of the other employees, members of the management team, or members of the Board who could put your company at risk just by clicking on the wrong link.
This session will explore the various ways that Internal Audit can audit cybersecurity measures beyond the technology, by looking at the risks and mitigating controls of the human side of the equation.