This practical guidance about Cybersecurity and data security is part of the Risk in Focus 2021 publication. It aims to provide a concise overview of key publications and existing tools developed by the 10 European institutes of internal auditors in Austria, Belgium, France, Germany, Italy, Luxembourg, the Netherlands, Spain, Sweden, the UK & Ireland and publications from IIA Global.
This guidance is developed to help internal auditors address some of the key risks identified in Risk in Focus 2021, with the aim of contributing to the reduction of their impacts on businesses and stakeholders. Where the Risk in Focus report itself addresses the ‘WHAT-could be important
to audit’, this guidance helps you address the ‘HOW-to audit’ this topic.
For the 2021 edition, practical guidance will be available on the following three chosen topics from the report:
- Cybersecurity and data security
- Macroeconomic and geopolitical uncertainty
- Climate change and environmental sustainability
All practical guidance is designed to firstly, help practitioners learn from experienced professionals (experts, operational teams or internal audit), and, secondly, offer practitioners useful reflections that we believe are of particular interest when auditing these topics and their associated risk management processes. We are happy to share with you the first guidance about cybersecurity and data
security-focus on the human factor. The human factor is important as a majority of cyber-incidents may be human enabled, and security breaches are mainly the result of human error; the intangible and complex nature of the human factor requires the expertise and competences of an internal auditor to look at it. Indubitably, many other factors remain key to ensure proper controls and risk management protocols are in place, but the value here for internal audit is to analyse, measure and understand the soft component impacting the robustness of the cyber-management system.
The publication also refers to the ECIIA Insurance Committee publication: ” Auditing Cybersecurity within Insurance firms“.
Join us for the webinar “Cybersecurity: what is the role of the human factor and how can internal audit challenge the existing practices?“, on December 10th from 13:00 to 14:00 (Central European Time zone).