Actions for Internal Audit on Cybersecurity, Data Risks

 

Gartner’s 2019 Audit Key Risks and Priorities Survey shows that 77% of audit departments plan to cover cybersecurity detection and prevention in audit activities during the next 12-18 months. But, only 53% of audit departments are highly confident in their ability to provide assurance over cybersecurity detection and prevention risks.

 

Cybersecurity preparedness tops the list of internal audit priorities for 2019 and Gartner highlights the top steps audit heads must take to tackle it.

 

  • Review device encryption on all devices, including mobile phones and laptops.
  • Review access management policies and controls.
  • Review patch management policies.
  • Evaluate employee security training.
  • Participate in cyber working groups and committees. 

 

Gartner also has tips on what audit can do when it comes to:

Data Governance
  • Review the data assets inventory.
  • Review the classification of data.
  • Participate in relevant working groups and committees.
  • Review data analytics training and talent assessments.
  • Review the analytics tools inventory across the organization. 
Third Parties
  • Evaluate scenario analysis for strategic initiatives.
  • Assess third-party contracts and compliance efforts.
  • Investigate third-party regulatory requirements.
  • Evaluate the classification of third-party risk.
Data Privacy
  • Review data protection training.
  • Assess current level of GDPR compliance and identify compliance gaps.
  • Assess data access and storage.
  • Review data breach response plans.
  • Assess data loss protection.

Sign up for information on the agenda, announcements and more! 

Thank You, Please add the domain @gartner.com to your safe sender list to ensure receipt of future email.
Thanks for the subscription.
Error occurred in submitting the form. Please try again!
Error occurred in submitting the form. Please try again!
Thank You, Please check your inbox to confirm your subscription and add the domain @gartner.com to your safe sender list to ensure receipt of future email.

Learn firsthand what you can achieve.