This guidance is developed to help internal auditors address some of the key risks identified in Risk in Focus 2021, with the aim of contributing to the reduction of their impacts on businesses and stakeholders.
Risk in Focus 2021: Practical guidance on cybersecurity and data security
Where the Risk in Focus report itself addresses the ‘WHAT-could be important to audit’, this guidance helps you address the ‘HOW-to audit’ this topic.
For the 2021 edition, practical guidance will be available on the following three chosen topics from the report:
- Cybersecurity and data security
- Macroeconomic and geopolitical uncertainty
- Climate change and environmental sustainability
All practical guidance is designed to firstly, help practitioners learn from experienced professionals (experts, operational teams or internal audit), and, secondly, offer practitioners useful reflections that we believe are of particular interest when auditing these topics and their associated risk management processes.
We are happy to share with you the first guidance about cybersecurity and data security-focus on the human factor. The human factor is important as a majority of cyber-incidents may be human enabled, and security breaches are mainly the result of human error; the intangible and complex nature of the human factor requires the expertise and competences of an internal auditor to look at it. Indubitably, many other factors remain key to ensure proper controls and risk management protocols are in place, but the value here for internal audit is to analyse, measure and understand the soft component impacting the robustness of the cyber-management system.