This is a new world and we need to re-examine traditional techniques for addressing technology risk. Before assessing and testing controls, challenge management on whether they believe effective security is in place and why. An internal audit team can help with this.
Last month we introduced 3 questions that should be asked of any reporting that is done with a regular cadence - monthly, quarterly, annually - where you can get into the habit of "same old, same old".
Here are 3 questions to help you assess whether you have effective reporting and suggestions for making sure you’re hitting the mark. These are the questions that should be asked of any reporting that is done with a regular cadence.