We become stronger when we collaborate! On Friday, May 26, 2023, I was invited and had the privilege to participate in the ISACA Chapters & the Institute of Internal Auditors (IIA) joint webinar as a panelist together with other professionals to mark the 2023 International Internal Audit Awareness Month.
The theme of the event was: Auditing and Emerging Technology – Facing New Age Challenges.
Panelists included; Veronica Rose, CISA, CDPSE, Kenneth Palliam CISA, CGEIT, CRISC, CDPSE, ISAP (SA), Ramona Ratiu- MS, CISA, CISM, GSTRT, ITIL, COBIT, ITRisk, Ime Udoko (PMP,ITIL,CGEIT,COBIT 5,ISO 22301 LI), Ambrose Enuma, and Innocent Panni.
Special thanks to the organizing committee and moderators including; Emmanuel Omoke, CISA, CISM, CRISC President Abuja chapter, Rita Kobusinge- CISA,CDPSE, Wole Davis CFE, CISA, and Pascaline UMUHIRE
This was an event of a kind and it affirmed that collaboration is a new competition. The event was attended by 420+ professionals across the globe and All attendees earned 4 CPE Hours
Below are the key takeaways:
- Get certified i.e. CISA, CIA, etc.
- Join professional bodies i.e. ISACA, IIA, etc.
- Know which data points to provide insights and oversight on.
- Assess risk exposures from third parties continuously.
- Auditors are the eyes and ears of management
- The audit function is not the end but a means to achieve business objectives
- Every company is a reachable target for cyber attacks, it’s just a matter of time.
- Watch the movie called Terminator – for cyber enthusiasts
- A cyber resilience culture is essential in every organization.
- We need to reboot our cyber tactics
- Slow down and cover the basics
- Not everything needs to turn into an audit.
- Communicate with stakeholders and give them high-level expectations.
- Have joint problem-solving initiatives
- Actively involve and collaborate on cyber risk assessment
- Foster trust, transparency, and feedback
- Invite stakeholders to the tabletop exercises
- Encrypt audit reports that contain sensitive information
- Train your teams continuously
- Allocate liaisons between cyber and auditors
- Observe interactions between departments
- Incorporate fresh practice into best practices.
- Introducing new technologies comes with new risks, particularly around cybersecurity and data privacy and it is critical for organizations to balance innovation with privacy and security to mitigate the risks.
- Ensure the protection of sensitive information, the first step is to carry out a risk assessment on the audit client prior to the start of the engagement, this helps you keep your reputation.
- Auditors should seek guidance from your digital trust officers or data privacy officers to guide the process of protecting sensitive information.
- Auditors in general need an understanding of what they are auditing.
- Training should be prioritized and awareness for all stakeholders on an audit engagement.
- Auditors must also be aware of the applicable laws (GDPR, information misuse acts, HIPPA, DPA) in the respective regions, and regulatory requirements related to sensitive information.
- Also during contracting, auditors need to honor contractual obligations e.g. sign off Non-disclosure agreements/confidentiality agreements and have clauses like the return of information after the closure of an engagement or termination of the contract.
- Have Access control policies in place where information is shared on a need-to-know basis and access recertification reviews be done regularly.
- Be conscious of whom you share information about a particular audit project. Educate clients and also advise them to educate their service providers about audits in general.
- Confidentiality is a chain of responsibilities.
Sample feedback from attendees