The no denying that internal audit plays a big role in measuring reducing risk within the business when it comes to information security. In MISTI’s recent 2019 Internal Audit Priorities Report, more than 70 percent of audit leaders surveyed indicated that cybersecurity is the audit committee’s top concern.
The days of the infosec department being the sole entity within the organisation that’s responsible for data security is long gone. Today, given the complexity tied to the controls surrounding critical assets, the internal audit function has a duty to play their part, according to Shawna Flanders, director of instructional technologies and innovation at MISTI.
“There’s always going to be a certain degree of challenge between the cybersecurity team and the internal audit team,” Flanders told Internal Audit Insights during a recent interview. “There’s a lot of great work that is conducted today by the folks in cybersecurity. But on top of that internal audit is coming in and reaping some of those same processes.”
The more that the two teams can work together and build a program, the more it’s going to help to create a collaborative environment, Flanders added.
In the full video interview below, Flanders discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions.