The Institute of Internal Auditors\u2019 Internal Audit Foundation has released a new report in collaboration with Crowe, \u201cPrivacy and Data Protection \u2014 Internal Audit\u2019s Role in Establishing a Resilient Framework.\u201d The first in a three-part series, this report serves as a how-to guide to assist internal auditors in assessing their current level of preparedness regarding privacy and data protection issues, particularly as their approaches relate to the present state of the profession overall.<\/p>\n
Further, the report is intended to help internal auditors understand specific risks and threats and to help them ensure that relevant controls are developed, implemented, and operated effectively. The framework, audit plan, and implementation discussions in the later sections of the report are designed to provide a foundation on how internal audit departments can build their own structures.<\/p>\n
Today\u2019s rapidly evolving regulatory environment, coupled with continued advances in data technology and growing awareness of privacy and data protection issues, pose specific issues for internal auditors. The urgency of these issues is reflected in concerns expressed in recent surveys of the internal audit profession in both the United States and Europe.<\/p>\n
As stated, the framework and implementation methodology outlined in this report represent one approach that has been successful in helping organizations develop and execute relevant controls for managing and mitigating data privacy-related risks. However, as both the technological and regulatory environments continue to evolve, organizations in general \u2014 and internal audit departments in particular \u2014 will need to be able to adapt quickly to changes in stakeholder expectations.<\/p>\n