A real-life practical Internal Audit Approach to Cyber Security
Cyber Security is an emerging/changing risk where traditional Internal Audit departments and previous approaches may not be adequate. We used this complex Cyber risk to create a unique opportunity for Internal Audit to showcase the value we can bring to our organization.
Many internal audit departments are struggling with the following concerns/questions:
1) I understand Cyber Security risk is important but what can my Internal Audit department do to help the organization?
2) Do I have the right skillsets and resources in my department? Should I just outsource information security audits?
3) Is management doing enough? How can I make sure?
4) How do I put Cyber on to my audit plan?
5) I’ve been to a lot of conferences and I hear all the scary media stories about Cyber security – but what can Internal Audit do?
At BCLC we have recently gone through this journey, educating the Board, working with management and developing a strategic Internal Audit approach to address this ever growing Cyber risk. In this session the chief audit executive for BCLC will share BCLC’s approach, templates, learnings and advice for any Internal Audit Dept. struggling to get a start in this area. This talk is ideal for any Internal Audit departments that have Cyber on their radar or perhaps have performed a few audits but do not have a comprehensive, strategic, long-term approach.
