Practical guidance on cybersecurity and data security
This practical guidance is part of the Risk in Focus 2021 publication. It aims to provide a concise overview of key publications and existing tools developed by the 10 European institutes of internal auditors in Austria, Belgium, France, Germany, Italy, Luxembourg, the Netherlands, Spain, Sweden, the UK & Ireland and publications from IIA Global.
This guidance is developed to help internal auditors address some of the key risks identified in Risk in Focus 2021, with the aim of contributing to the reduction of their impacts on businesses and stakeholders. Where the Risk in Focus report itself addresses the ‘WHAT-could be important to audit’, this guidance helps you address the ‘HOW-to audit’ this topic.
The topic of cybersecurity and data security has been selected due to its current and foreseen importance for most organisations, and takes into consideration the needs of Chief Audit Executives to strengthen or expand their knowledge and experience in auditing this fast-developing risk.
This practical guidance is designed to firstly, help practitioners learn from experienced professionals (experts, operational teams or internal audit), and, secondly, offer practitioners useful reflections that we believe are of particular interest when auditing these topics and their associated risk management processes.