Cyber Security is Driving Board Engagement with Internal Audit

by David Ritzert 10. March 2016 12:14
Almost three out of four companies are now including cyber security risks in their internal audit plans, according to a survey of more than 1,300 IA professionals just released by Protiviti. This is an increase of 20% year over year, and stands in contrast to the findings reported in the Institute of Internal Auditors 2016 North American Pulse of Internal Audit, which concluded that internal audit leaders lack confidence in their staff’s cyber security capabilities (see our related blog). Suppliers and business partners are increasingly engaged with the issue as well. More than half of the survey respondents reported receiving inquiries from clients, insurance vendors, and customers about their cyber security posture. An important byproduct of cyber security risk becoming a fixture in the annual audit plan is that it is driving more Board engagement with the process. The Protiviti survey provided these important takeaways: in order to implement and maintain an effective cyber security plan, an organization must have a high level of engagement by its board of directors regarding information security risks, and it should also include an evaluation of cyber security risk in its current audit plan. Having directors more engaged with the internal audit process will provide further support for IA professionals as they seek to integrate increased cyber security measures into the overall enterprise risk management plan. This is a very positive trend.

Governance Update: Liability Risk for Boards Increasing

by Ken Urish 14. September 2011 13:20
In a plus for corporate governance advocates and a rare positive emerging from the current economic climate, the financial crisis appears to have driven home the need for boards to manage risk more effectively. This conclusion is based on the findings of a survey of board members of public companies with revenues ranging to $750M that was released this month by our alliance partner BDO. As the responsibility of boards has grown in recent years due to regulatory requirements, board risk management activities have been focused heavily on compliance. Now, facing increased risks as a result of the financial crisis, it appears that boards are more willing to take a proactive role in risk management. In the survey, when asked what topics they would like to spend more time on, a majority (55%) of board members at public companies cite risk management, more than any other area. Moreover, an even greater percentage (61%) believe their liability risk as a director has increased during the past few years. Interestingly, the study shows that the CEO position is considered by board members to be the most helpful position for assessing and managing risk (44%), with the CFO following at 33%. 
Categories: Assurance