Saturday, August 25, 2012

Effectively Assessing Information Risks within the Enterprise

3 Lines of Cyberdefence

By combining responsible management, risk management and compliance functions and internal audits, organizations will go far in securing their data and systems. 

To succeed, internal auditors and business systems owners, including chief information security officers, must collaborate more closely to assure the security of their organizations' data systems. 

A new report from PwC, Fortifying Your Defenses: The Role of Internal Audit in Assuring Data Security and Privacy, which identifies three lines of cyberdefense:  

Management: Companies that are good at managing information security risks typically assign responsibility for their security regimes at the highest levels of the organization. Management has ownership, responsibility and accountability for assessing, controlling and mitigating risks. Risk management and 

Compliance Functions: Risk management functions facilitate and monitor the implementation of effective risk management practices by management, and help risk owners in reporting adequate risk-related information up and down the enterprise.

Internal Audit: The internal audit function provides objective assurance to the board and executive management on how effectively the organization assesses and manages its risks, including the manner in which the first and second lines of defense operate.

It's vital that internal audits be at least as strong as the management and risk management and compliance functions for critical risk areas. Without internal audits that provide proficient and objective assurance, organisations risk having their information privacy practices becoming inadequate or outmoded. 

This is a role that internal audit is uniquely positioned to fill, but, it must have the support and the resources to match to do so.

Refer here to download the report.

No comments: