BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Internal auditors challenged by cyber-security, data quality

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 18 Feb 2016 19:08:06 -0700
http://www.cgma.org/Magazine/News/Pages/internal-audit-challenges201613894.aspx?TestCookiesEnabled=redirect

About half of internal audit leaders lack confidence in their staffs’
cyber-security expertise, and nearly half say internal audit has little or
no involvement in evaluating the quality of data used in their
organisation, according to a new survey.

Fifty-two per cent of the nearly 500 respondents to The Institute of
Internal Auditors (IIA) North American pulse survey said that a lack of
cyber-security expertise amongst internal audit staff very much or
extremely affects internal audit’s ability to address cyber-security risk.

Just one-quarter of respondents who reported having a business continuity
plan said their plan provides clear, specific procedures in response to a
data breach. And 17% said their plans provide no data breach or
cyber-attack procedures at all.

With regard to cyber-security, internal audit organisations primarily are
focused on prevention. More than half (53%) of respondents said prevention
efforts, such as hardening interior or external barriers, are the most
effective method for addressing a cyber-attack.

“In the face of a cyber-attack, addressing business continuity and
reputational risk are paramount, yet few organisations are taking time to
think beyond prevention,” IIA President and CEO Richard Chambers said in a
news release. “The IIA has been promoting cyber resiliency – the concept of
addressing the full spectrum of prevention, detection, reaction, and
restoration – for some time, so these findings are particularly alarming.”

Meanwhile, 47% of respondents said internal audit is slightly or not at all
involved in evaluating the quality of data used in their organisation.
Nearly one-quarter (23%) said they are slightly or not at all confident in
their organisations’ data-based strategic decisions.

Other findings

- The percentage of internal audit chiefs who report functionally to the
audit committee or board of directors has risen (83%, up from 76% in 2013).
- More than one-third (35%) project increases in their next internal audit
budget, and more than half (55%) expect their next budget to remain the
same as the current budget.
- One-fourth expect internal audit staffing to increase, and 71% project
that staffing will remain the same.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: