Governance, Risk and Compliance
Security Congress Abstract
Cybersecurity risks no longer concern only IT; instead, they are enterprise-level risks. The C-suite and board must view cybersecurity risks differently. Many organizations have already added a cybersecurity committee to the board, and this is expected to increase across organizations. The state of cybersecurity should be assessed on an ongoing basis with meaningful reporting to these executives. Internal auditors understand the business, provide independent assessment and report on the effectiveness of financial controls. However, in many organizations internal auditors are minimally involved (if at all) in cybersecurity assessments. Much like the Sarbanes-Oxley Act of 2002, which was created in response to corporate fraud, continued requirements for the cybersecurity control environment are expected with potential focus on auditing and reporting on effectiveness of cyber controls. Get your organization ready.