NEW! Internal Audit Foundation and Crowe Report, Privacy and Data Protection — Internal Audit’s Role in Establishing a Resilient Framework

Know the Risks So You Can Prepare and Implement Properly

The Institute of Internal Auditors’ Internal Audit Foundation has released a new report in collaboration with Crowe, “Privacy and Data Protection — Internal Audit’s Role in Establishing a Resilient Framework.” The first in a three-part series, this report serves as a how-to guide to assist internal auditors in assessing their current level of preparedness regarding privacy and data protection issues, particularly as their approaches relate to the present state of the profession overall.

Further, the report is intended to help internal auditors understand specific risks and threats and to help them ensure that relevant controls are developed, implemented, and operated effectively. The framework, audit plan, and implementation discussions in the later sections of the report are designed to provide a foundation on how internal audit departments can build their own structures.

Today’s rapidly evolving regulatory environment, coupled with continued advances in data technology and growing awareness of privacy and data protection issues, pose specific issues for internal auditors. The urgency of these issues is reflected in concerns expressed in recent surveys of the internal audit profession in both the United States and Europe.

As stated, the framework and implementation methodology outlined in this report represent one approach that has been successful in helping organizations develop and execute relevant controls for managing and mitigating data privacy-related risks. However, as both the technological and regulatory environments continue to evolve, organizations in general — and internal audit departments in particular — will need to be able to adapt quickly to changes in stakeholder expectations.

Learn more about how to develop, enhance, and respond to this critical area of concern.