1. Privacy compliance will be a key focus for internal audit

Download 23,52 Kb. bet 1/6 Sana 29.04.2022 Hajmi 23,52 Kb. #592248

Bu sahifa navigatsiya:

• 2. New cybersecurity regulations from the SEC and PCAOB will require more internal audit involvement.

1. Privacy compliance will be a key focus for internal audit. Over the past few years, the world has seen a massive increase in data privacy regulations at the state and national levels. Many organizations are struggling to keep up with these regulations, trying to untangle a growing number of legislative, regulatory, and internal requirements to demonstrate compliance.  With the potential for more privacy regulations in 2020, internal audit needs to stay informed of these changes and develop a better understanding of potential privacy risks, so it can be more actively involved in identifying compliance risks and establishing the appropriate controls to mitigate those risks. IA must start incorporating privacy considerations into its enterprise risk assessments and determine how equipped the organization is to respond to new regulations as well as sustain ongoing compliance. As part of these privacy efforts, internal audit is responsible for validating the organization’s data classification policy. To do this, IA will need to review the processes for collecting, analyzing, storing, and sharing personal information to ensure compliance with current and new data regulations. By gaining a thorough understanding of these processes, internal audit will help enable the identification of current and emerging risks, giving shape to a privacy roadmap for future compliance efforts. 2. New cybersecurity regulations from the SEC and PCAOB will require more internal audit involvement. Cyber threats are continuing to increase in frequency and complexity, with each day bringing the potential of another data breach. To hold public companies accountable to their stockholders and investors, the U.S. Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) are pressuring public organizations to clearly demonstrate how they are mitigating cyber risks, including key internal controls. These compliance requirements push internal auditors into the world of cybersecurity. From required board oversight to data incident disclosures to insider trading regulation, internal audit must evaluate the existing policies that address the requirements from external bodies and show external auditors that adequate controls are in place. A few key steps auditors can take to help ensure compliance include: Revisit and, if necessary, refresh data-security public disclosures to ensure compliance with the new guidance Consider the adequacy of internal controls and procedures for identifying cybersecurity risks and incidents as part of the design and effectiveness of a company’s disclosure controls and procedures Update existing enterprise-wide data security policies, plans, and procedures Ensure that controls are in place to escalate cyber risk, incident engagement, and oversight by senior corporate leaders and the board Review data security incident disclosure processes to ensure key stakeholders are notified of significant data security incidents and establish a decision-making process and protocol to timely disclose material cybersecurity incidents Revise codes of conduct and internal securities trading policies to ensure that, as appropriate, securities trading restrictions are put in place upon the detection of a material cybersecurity incident Regularly testing security controls, policies, and processes and making improvements as needed to help reduce the likelihood of a security incident Download 23,52 Kb. Do'stlaringiz bilan baham: