Cybersecurity is top of mind for most executives and board members, as well as to internal audit. While the information security team may be in charge of measurably reducing cyber risk within the business, internal audit has an important role to play too.
So, what exactly does an IT auditor do? In this article, we provide a broad breakdown of an IT auditor's responsibilities, the necessary skills to become one, how an IT auditor interacts with other roles throughout their organization, and more.
In migrating to the cloud, many challenges are present, and perhaps one of the largest challenges is updating an organization’s overall GRC program. Here, we've gathered a number of things that IT auditors should know about IT GRC in the cloud.
As we work toward the thick of the year, we've compiled a list of which cybersecurity regulations could be impactful this year, some of the challenges that they could present, and the reasons behind some of the changes we've highlighted below.
Technology has impacted quite a lot, but privacy is likely what hits closest to home for everyone. Internal Audit Insights catches up with IHS Markit Internal Audit Director Tony Redlinger, who discusses what the state of privacy is today, and more importantly, what impact it has on the modern-day IT auditor.
Internal Audit Insights caught up with Jami Shine, corporate and IT audit manager at Quiktrip Corp, who shared some proven advice on how non-technical auditors can overcome some of the challenges associated with IT risks.
Data analytics is being leveraged more than ever by internal audit departments, but for those that haven't jumped on the bandwagon yet, this interview with CVS Health's head of data analytics explains the benefits, challenges, and misconceptions tied to the technology.
RPA, robotics, robots, bots … as internal auditors you have undoubtedly been hearing this terminology tossed around more and more. What exactly is it? Why is it such a hot topic? Here we answer those questions.
IT audit is only beginning to familiarize itself with DevOps as more organizations begin to deploy successful programs. But is it fair to say that DevOps and compliance go hand in hand? In this video interview with Atlassian Risk Futurist Guy Herbert, he gives his take on the topic.
Many organizations are still failing to effectively audit areas such as cloud security or even social media. So what areas should you be covering and why? This article answers questions tied to that topic. Here you'll find the top IT risks that consistently vex companies and protect your assets.
Measurably reducing cyber risk in the business is an obstacle nearly all organizations face today. Needless to say, it's critical for businesses to conduct cyber risk assessments. In this contributed article by Experis' Stephen Head, he dives into the topic.
IT audit expert Mark Thomas, president of Escoute Consulting, chats with Internal Audit Insights on the impact that cloud migration has had on the business, and shares the major Dos and Don'ts that IT auditors should know about GRC in the cloud.
As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge.
By Terry Hatherell, Deloitte Global Internal Audit Leader
August 14, 2018
As organizations continue to evolve and innovate, new risks arise. Meanwhile, the larger business environment continues to change, often rapidly and in unexpected ways. This places new demands on the internal audit function.
As the number of blockchain implementations continues to grow, internal auditors will need to learn about both the promise and risk this technology offers. So what exactly is blockchain technology and what does it mean to you as an internal auditor? This article answers that question.
Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.
XebiaLabs’ Robert Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.
In this recent video shot at MISTI’s ITAC Conference, INARMA's Jason Claycomb gives his take on the state of auditing social media in the enterprise, and what steps internal auditors can take to monitor the risks associated with the technology.
Since the cards might feel a little stacked against the auditor at the cybersecurity table, let’s define a few Aces in the hand that you can use when you’re auditing cybersecurity and communicate helpful root causes and risks.
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Rather than robotic humanoids or machines who have become “self-aware,” artificial intelligence might be better described as computer systems that can predict human behavior. For internal audit, it can be a handy tool for specific processes within audit and analyzing overall sets of data with greater accuracy and even predict risk.
Forrester Research's Robert Stroud discusses the current state of the enterprise as it relates to IT auditors and why it’s important to bridge the gaps between audit, IT audit, compliance, and security within organizations.
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organization.
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
The cyber threat landscape is evolving and as an internal auditor it's important to become familiar the risks the organization is facing. Here are 11 helpful tips you can leverage to make sure your company steers clear of known exploits.
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
Is it historic or historical? Mass or weight? Mean or average? Coke or Pepsi? The items in these pairs are similar to each other and certainly related, but have important distinctions that make them different in how they are defined and applied (or in that last case, enjoyed).
We love our national holidays and, with a little help from Twitter, those lesser known, quirky commemoratives like national doughnut day, national left-handers day, and national roller-coaster day are making their way into our collective awareness.
As IT auditors, we've audited mainframes, servers, applications, and many other IT devices and systems for years and have become proficient in determining the reasonable effectiveness of a company's suite of controls to safeguard them.
The consequences of a cyber-attack—including a hit to reputation, lost customers, diminished credibility, and the cost of repairing the damage, just to name a few—are such that companies will do everything they can to defend against them.
From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, IT auditors have an obligation and value-adding opportunities to assess enterprise vulnerabilities.
Whether it's data analytics; governance, risk, and compliance solutions; or planning and collaboration software packages, most internal audit departments are looking to improve their use of technology as they strive to do more with less.
As you may have heard, healthcare organizations have been under attack during the last three-plus years by various types of malicious hackers. The biggest of those attacks came against a healthcare payer organization which had over 100 million of its healthcare records exposed to a hostile government entity.
No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan.
What if access to our online bank accounts was managed the same way we manage access to information systems at work? Would we know who can get into our accounts? Who could see how much we have in what accounts? Who could take money out?
Most information security experts aren't afraid to state bluntly: "We're losing the battle for information security." But then again, we already knew that. Near-daily headlines about the latest cyber-theft or data breach have made that pretty clear to most people.