Cybersecurity is top of mind for most executives and board members, as well as to internal audit. While the information security team may be in charge of measurably reducing cyber risk within the business, internal audit has an important role to play too.
So, what exactly does an IT auditor do? In this article, we provide a broad breakdown of an IT auditor's responsibilities, the necessary skills to become one, how an IT auditor interacts with other roles throughout their organization, and more.
In migrating to the cloud, many challenges are present, and perhaps one of the largest challenges is updating an organization’s overall GRC program. Here, we've gathered a number of things that IT auditors should know about IT GRC in the cloud.
As we work toward the thick of the year, we've compiled a list of which cybersecurity regulations could be impactful this year, some of the challenges that they could present, and the reasons behind some of the changes we've highlighted below.
Technology has impacted quite a lot, but privacy is likely what hits closest to home for everyone. Internal Audit Insights catches up with IHS Markit Internal Audit Director Tony Redlinger, who discusses what the state of privacy is today, and more importantly, what impact it has on the modern-day IT auditor.
Internal Audit Insights caught up with Jami Shine, corporate and IT audit manager at Quiktrip Corp, who shared some proven advice on how non-technical auditors can overcome some of the challenges associated with IT risks.
Data analytics is being leveraged more than ever by internal audit departments, but for those that haven't jumped on the bandwagon yet, this interview with CVS Health's head of data analytics explains the benefits, challenges, and misconceptions tied to the technology.
RPA, robotics, robots, bots … as internal auditors you have undoubtedly been hearing this terminology tossed around more and more. What exactly is it? Why is it such a hot topic? Here we answer those questions.
Internal Audit Insights catches up with Ford Winslow, CEO of ICE Cybersecurity, to discuss what the “speed of business” has had on GRC controls, and what IT auditors should prepare for.
IT audit is only beginning to familiarize itself with DevOps as more organizations begin to deploy successful programs. But is it fair to say that DevOps and compliance go hand in hand? In this video interview with Atlassian Risk Futurist Guy Herbert, he gives his take on the topic.
Many organizations are still failing to effectively audit areas such as cloud security or even social media. So what areas should you be covering and why? This article answers questions tied to that topic. Here you'll find the top IT risks that consistently vex companies and protect your assets.
Measurably reducing cyber risk in the business is an obstacle nearly all organizations face today. Needless to say, it's critical for businesses to conduct cyber risk assessments. In this contributed article by Experis' Stephen Head, he dives into the topic.
IT audit expert Mark Thomas, president of Escoute Consulting, chats with Internal Audit Insights on the impact that cloud migration has had on the business, and shares the major Dos and Don'ts that IT auditors should know about GRC in the cloud.
As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge.
By Terry Hatherell, Deloitte Global Internal Audit Leader
August 14, 2018
As organizations continue to evolve and innovate, new risks arise. Meanwhile, the larger business environment continues to change, often rapidly and in unexpected ways. This places new demands on the internal audit function.
As the number of blockchain implementations continues to grow, internal auditors will need to learn about both the promise and risk this technology offers. So what exactly is blockchain technology and what does it mean to you as an internal auditor? This article answers that question.
Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.
XebiaLabs’ Robert Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.
In this recent video shot at MISTI’s ITAC Conference, INARMA's Jason Claycomb gives his take on the state of auditing social media in the enterprise, and what steps internal auditors can take to monitor the risks associated with the technology.
Since the cards might feel a little stacked against the auditor at the cybersecurity table, let’s define a few Aces in the hand that you can use when you’re auditing cybersecurity and communicate helpful root causes and risks.
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Rather than robotic humanoids or machines who have become “self-aware,” artificial intelligence might be better described as computer systems that can predict human behavior. For internal audit, it can be a handy tool for specific processes within audit and analyzing overall sets of data with greater accuracy and even predict risk.
Forrester Research's Robert Stroud discusses the current state of the enterprise as it relates to IT auditors and why it’s important to bridge the gaps between audit, IT audit, compliance, and security within organizations.
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organization.
Seeing as many IT audit positions require candidates to hold information security certificates, how do we as an assurance community prepare tomorrow's security-savvy workforce?
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
The cyber threat landscape is evolving and as an internal auditor it's important to become familiar the risks the organization is facing. Here are 11 helpful tips you can leverage to make sure your company steers clear of known exploits.
It's week one of National Cybersecurity Awareness Month, so what better way to kick things off than focusing on protecting yourself with these 17 important tips.
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
As internal auditors, we work in complex and demanding environments where business, social, and other dynamics challenge us to meet the increasing expectations of upstream management.
When Woodforest National Bank wanted to test whether employees were properly destroying physical data, it hit on an idea that would require internal auditors to roll up their sleeves and get messy.
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
Internal audit leaders continue to fret about hanging on to their top talent. In a recent survey, they ranked staffing concerns, including retention, as among their greatest worries.
Cybersecurity is the most frequent area on internal audit's audit plans for 2017, and for good reason. Other IT topics and traditional audit areas are also on many audit plans.
In a little more than a year, U.S. companies that do business in Europe or have customers or employees there will need to comply with a new set of European Union data protection and privacy laws.
Is it historic or historical? Mass or weight? Mean or average? Coke or Pepsi? The items in these pairs are similar to each other and certainly related, but have important distinctions that make them different in how they are defined and applied (or in that last case, enjoyed).
Last month, the National Institute of Standards and Technology issued a new update to its Framework for Improving Critical Infrastructure Cybersecurity.
We love our national holidays and, with a little help from Twitter, those lesser known, quirky commemoratives like national doughnut day, national left-handers day, and national roller-coaster day are making their way into our collective awareness.
As IT auditors, we've audited mainframes, servers, applications, and many other IT devices and systems for years and have become proficient in determining the reasonable effectiveness of a company's suite of controls to safeguard them.
The consequences of a cyber-attack—including a hit to reputation, lost customers, diminished credibility, and the cost of repairing the damage, just to name a few—are such that companies will do everything they can to defend against them.
IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.
A new survey out from the Institute of Internal Auditors finds that many internal audit departments either outsource cybersecurity audits, or worse, they don't do them at all.
Financial Executives are straining to keep up as the increasing volume and pace of data clouds their ability to provide meaningful insights to boards quickly and accurately.
From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, IT auditors have an obligation and value-adding opportunities to assess enterprise vulnerabilities.
Whether it's data analytics; governance, risk, and compliance solutions; or planning and collaboration software packages, most internal audit departments are looking to improve their use of technology as they strive to do more with less.
There's a lot going around these days: viruses, malware, Trojans, ransomware, you name it. And if you're not careful, you could catch a nasty case of any of these inflictions.
As you may have heard, healthcare organizations have been under attack during the last three-plus years by various types of malicious hackers. The biggest of those attacks came against a healthcare payer organization which had over 100 million of its healthcare records exposed to a hostile government entity.
No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan.
There isn't a company out there, big or small, that doesn't have some concerns about cybersecurity. Some have called it the biggest problem of our time for companies.
What if access to our online bank accounts was managed the same way we manage access to information systems at work? Would we know who can get into our accounts? Who could see how much we have in what accounts? Who could take money out?
Cybersecurity is unlike any other business risk because it isn't a risk at all. It's simply a new manifestation of all the business risks you already have.
Most information security experts aren't afraid to state bluntly: "We're losing the battle for information security." But then again, we already knew that. Near-daily headlines about the latest cyber-theft or data breach have made that pretty clear to most people.
A new report from global IT association ISACA identifies five steps organizations should take to create an effective audit program and reap the benefits of a successful information systems audit.
Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing, an approach that can help them on both counts.
196
Register and save for ITAC 2019!
MISTI's IT Audit & Controls Conference is coming to Arlington, VA on July 16-18, 2019. Register before May 5 and save!
