Internal Audit’s Growing Engagement in Cyber Management

LAKE MARY, Fla. USA (March 12, 2018) — Internal auditors are increasingly adapting to the new cybersecurity risk landscape and their growing responsibilities in validating the effectiveness of cyber risk management, according to a new research report, The Future of Cybersecurity in Internal Audit. The report, jointly produced by The Internal Audit Foundation and Crowe Horwath, focuses on internal auditors’ future engagement, role and expertise with cybersecurity.

“The evolving responsibilities of internal audit in addressing cybersecurity issues mean that audit professionals must develop a clear understanding of the principles of data security and the cyber frameworks that apply within their own organizations,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “As internal audit departments continue to adapt to cybersecurity risk management, the responses recorded as part of the Foundation’s research project can provide a valuable snapshot of the current state of the profession — as well as a potential road map for the future.”

Evolving relationships 
The report reveals several opportunities for improving the level of collaboration and support among internal audit and various key players, particularly information technology (IT), information security (InfoSec) and the broad risk management function. While internal audit is more likely to at least have formalized audits and communication with IT and InfoSec departments, research found that relationships characterized by the sharing of resources and high levels of trust were lowest with those two areas.

Internal audit’s increasing role 
According to the report, to maintain effectiveness and credibility, internal audit professionals must understand how much emphasis should be given to prevention, detection and response in cybersecurity programs, as well as the sufficiency of the controls and testing. Internal audit must assert itself in independently assessing the rapidly evolving and escalating risk environment.

Access to cybersecurity expertise 
The report also outlines why, as internal audit’s role evolves, it will require access to personnel resources with technical expertise most in demand. In many cases, internal audit will need to revisit its relationships with IT and InfoSec professionals to address any talent gaps.

“Recognizing the growing need for technical expertise and experience that is specifically relevant to cybersecurity, audit executives will need to continue developing creative ways of attracting and retaining talent with the requisite skills, while also strengthening relationships with other elements within the organization that can provide valuable guidance and support,” said Christopher R. Wilkinson, Crowe Horwath Principal and co-contributor to the report.

The Future of Cybersecurity in Internal Audit, co-authored by John D. Jamison, Lucas J. Morris, and Wilkinson, all of Crowe Horwath, is now available through The IIA Bookstore.

About the Internal Audit Foundation
The Internal Audit Foundation (Foundation) is the donor-supported arm of The Institute of Internal Auditors (IIA). The nonprofit Foundation conducts groundbreaking research and scholarly publishing, offers essential career development and thought leadership products through The IIA Bookstore, and works with colleges and universities through the Internal Auditing Education Partnership (IAEP) program to enlighten the next generation of internal auditors. For more information, visit www.theiia.org or www.theiia.org/foundation.

About The Institute of Internal Auditors 
The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 190,000 members from more than 170 countries and territories. The IIA’s global headquarters are in Lake Mary, Fla. For more information, visit www.theiia.org.

About Crowe Horwath 
Crowe Horwath LLP (www.crowehorwath.com) and its subsidiary, Crowe Horwath Global Risk Consulting (Holdings) Limited, use their deep industry expertise to provide governance, risk management and compliance services. Crowe Horwath serves clients worldwide as an independent member of Crowe Horwath International, one of the largest global accounting networks in the world. The Crowe Horwath International network consists of more than 200