Discription

Organizations of all types are becoming more vulnerable to cyber threats due to their increasing reliance on computers, networks, programs and applications, social media, and data. In response to such emerging risks, CAEs are challenged to ensure management has implemented both preventive and detective controls. CAEs must also create a clear internal audit approach to assess cybersecurity risk and management’s response capabilities, with a focus on shortening response time. The IIA’s revised Global Technology Audit Guide (GTAG), Assessing Cybersecurity Risk: The Three Lines Model, was designed to help internal auditors develop competence in providing assurance over cybersecurity risks.