Will 2015 be a repeat of 2014 and become the year of the data breach? Organizations are experiencing a troubling number of cybersecurity challenges and breakdowns. Internal auditors play a vital role in securing the organization by helping companies ensure that cybersecurity is incorporated into common business processes. Information Technology (IT) departments clearly have major responsibilities in addressing cybersecurity areas. However, internal auditors also play a vital role in securing the organization by working closely with executive management to ensure that cybersecurity is incorporated into the flow of common business and its multitude of processes.
The growing importance of cybersecurity risks is evident throughout this year’s Internal Audit Capabilities and Needs Survey results. Internal audit leaders and professionals view strengthening data security, adhering to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and mastering new data analysis and auditing technology to be among their highest priorities.
In this year’s Internal Audit Capabilities and Needs Survey, we’ve devoted a special section to the current state of cybersecurity. Our findings show that cybersecurity represents a major focus for internal audit programs, but it is far from the only pressing issue on internal audit’s plate. Feedback we’ve received from companies and internal audit leaders suggests that the 2013 COSO Internal Control Framework (COSO) implementation has consumed significant internal audit time and effort. The need to address COSO, International Organization for Standardization (ISO) and Institute of Internal Auditors (IIA) related priorities and evaluate and monitor numerous IT and data risks – given how social media applications, cloud computing and mobile technology continue to transform organizational risk – are pushing internal audit resources to their limits.
In this report, we detail our key findings from our Internal Audit Capabilities and Needs Survey. Areas covered include: board engagement in cybersecurity design, the growing list of internal audit priorities, the rise of technology-enabled auditing, the increased focus from internal audit functions on marketing and collaboration, and more.