Actions for Internal Audit on Cybersecurity, Data Risks
Gartner’s 2019 Audit Key Risks and Priorities Survey shows that 77% of audit departments plan to cover cybersecurity detection and prevention in audit activities during the next 12-18 months. But, only 53% of audit departments are highly confident in their ability to provide assurance over cybersecurity detection and prevention risks.
Cybersecurity preparedness tops the list of internal audit priorities for 2019 and Gartner highlights the top steps audit heads must take to tackle it.
- Review device encryption on all devices, including mobile phones and laptops.
- Review access management policies and controls.
- Review patch management policies.
- Evaluate employee security training.
- Participate in cyber working groups and committees.
Gartner also has tips on what audit can do when it comes to: