Earlier this year, Deloitte published Internal Audit 3.0, The future of Internal Audit is now. It’s great that they are encouraging internal audit departments to change so they can meet modern demands, but their presentation that they are offering something novel and disruptive is way off the mark.
Should we give up auditing information security and the management of cyber risk? Not at all. But we should do so with eyes wide open. We should recognize the limitations of our knowledge, tools and techniques and the likelihood that hackers have new techniques that are unknown both to auditors and management.
Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.