Tone at the Top: Keeping the doors open
The COVID-19 pandemic has been called the biggest crisis of our lifetime. But it is not simply a crisis. Instead, we are in the midst of cascading waves of crises and risk events.
In a previous blog we dismissed talk of coronavirus as a black swan event and introduced the concept of grey rhinos – the known unknowns that are seen but not addressed. Similarly, we suggested that climate change is a further grey rhino specimen.
This report from the IIA serves as a how-to guide to assist internal auditors in assessing their current level of preparedness regarding privacy and data protection issues, particularly as their approaches relate to the present state of the profession overall.
A quick google search of “Black Swan” “Corona” reveals numerous articles have already been written equating the effects of the Coronavirus with a Black Swan. Is this a fair comparison? A “Black Swan” is an event which is both random and unpredictable. A key definition is that the event was unthought of, unimaginable beforehand. Was it? Most definitely not. It was a “Grey Rhino.”
As organisations adapt to dealing with the initial impact of COVID-19, internal audit functions have an important role to play to continue to provide critical assurance, help advise management and the Board on the shifting risk and controls landscape, and help Anticipate emerging risks.
Operational resilience and personal data protection are two topics that are high on the agenda of most organizations these days, as the focus on continuous operations and data privacy are being fueled by the disruptive effects of the Corona virus on business and the excitement around the GDPR and the menace of its large fines and with news of personal data leaks spreading on social media at the speed of a Tweet.