Cyber Security is Driving Board Engagement with Internal Audit

by David Ritzert 10. March 2016 12:14
Almost three out of four companies are now including cyber security risks in their internal audit plans, according to a survey of more than 1,300 IA professionals just released by Protiviti. This is an increase of 20% year over year, and stands in contrast to the findings reported in the Institute of Internal Auditors 2016 North American Pulse of Internal Audit, which concluded that internal audit leaders lack confidence in their staff’s cyber security capabilities (see our related blog). Suppliers and business partners are increasingly engaged with the issue as well. More than half of the survey respondents reported receiving inquiries from clients, insurance vendors, and customers about their cyber security posture. An important byproduct of cyber security risk becoming a fixture in the annual audit plan is that it is driving more Board engagement with the process. The Protiviti survey provided these important takeaways: in order to implement and maintain an effective cyber security plan, an organization must have a high level of engagement by its board of directors regarding information security risks, and it should also include an evaluation of cyber security risk in its current audit plan. Having directors more engaged with the internal audit process will provide further support for IA professionals as they seek to integrate increased cyber security measures into the overall enterprise risk management plan. This is a very positive trend.