Banking Exchange Magazine Logo

Cyber security top of mind for auditors

Best companies engage board, have audit plan

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
Cyber security top of mind for auditors

Internal audit professionals are making strides in meeting cyber security and data privacy standards, although much work remains, according to a survey by Protiviti.

Many of the organizations surveyed rated themselves as less than “very effective” at addressing their cyber security risks. However, the self-rating results are significantly better for organizations in which the board of directors has a high level of engagement with information security risks, and those that include cybersecurity in the annual audit plan.

“Across the globe, businesses are continuing to experience cyber security issues, challenges, and breakdowns,” says Brian Christensen, executive vice-president, global internal audit and financial advisory, Protiviti. “Those professionals who continue to engage board members and define cyber security measures within their annual audit plans will be poised to effectively mitigate future threats.”

Top 5 identified

Survey participants cited the following as the top five most significant cybersecurity risks:

• Data security (company information)

• Brand/reputational damage

• Regulatory and compliance violations (tie)

• Data leakage (tie)

• Viruses and malware

More than 800 internal audit professionals, including chief audit executives, participated in Protiviti's ninth annual survey to assess the top priorities for internal audit functions. Along with a review of cybersecurity management and processes, the survey assessed general technical knowledge; audit process knowledge; and personal skills and capabilities.

A closer look at involving the board

Protiviti’s survey shows a clear, positive correlation between a high level of board engagement in information security (30% of respondents) and an organization’s ability to acceptably manage cyber security risk. There is a similar relationship between having defined cyber security measures in the annual audit plan and the successful management of cyber security risk.

For example:

• Nearly half of organizations with a high level of board engagement (47%) rate themselves as “very effective” at identifying cyber security risk, compared to just 19% of other organizations.

• Seventy percent of organizations that include cybersecurity in the audit plan have a cyber security risk strategy in place, compared to 42% of other companies.

• More than half of this year’s respondents (53%) note that cybersecurity evaluation has been included in their current audit planning. Of those organizations, 60% have used the NIST Cybersecurity Framework to measure and evaluate existing programs.

Across respondents, many CIOs have also taken particular interest in collaboration with the audit committee, reporting on both cybersecurity and IT related risks (43%).

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo