- How To Integrate Continuous Improvement Into Your Organization’s Culture And Daily Activities
- Identify The Strengths Of Your Services And Where Improvements Can Be Leveraged
- How To Succeed In A Continually Changing And Unstructured Workplace
- 6 tips to get back in touch with an old colleague
- Paving the Last Mile of Big Data Analytics
- Important Considerations For An Organizational Restructuring
- Elevator Speech 2.0 = Elevator Dialogue
- 4 ways to qualify a lead
- Is the Trusted Advisor Still Trusted?
- 5 things you must do to win your first client.
PwC: Internal audit’s role critical to combatting hackers
August 16, 2012
By Rob Starr, Content Manager, Big4.com
A new PwC US whitepaper titled Fortifying your defenses: The role of internal audit in assuring data security and privacy finds data security threats and breaches have increased exponentially, with more than 1,037 publicly reported incidents of loss, theft or exposure of personally identifiable information recorded in 2011.
As data thieves become increasingly creative, corporate policies, procedures, tools, training and compliance efforts have not kept up. In some instances, PwC found that some security capabilities have actually diminished over the last three years. In 2011, only 39 percent of nearly 10,000 executives in 138 countries said they reviewed their privacy policies annually, compared to 52 percent in 2009. Only 41 percent had an identity management strategy in 2011, a decrease from 48 percent in 2009.
Jason Pett, PwC’s U.S. internal audit services leader comments:
“No matter how strong a company’s data security policies and controls are, a company won’t really know the adequacy of its defense if it doesn’t continually verify that those defenses are sound, uncompromised and applied in a consistent manner,” he said. “Internal audit has to play a far more substantial role in information security, and audit committees must also increase their attention on the increasing risk, heightening the expectations they place on internal audit to place adequate focus on data security and privacy concerns.”