A new whitepaper from Big Four firm PwC US says that internal audit departments should play a critical role in reducing their organization’s risk of data breaches and threats.
The whitepaper, “
“Despite all the attention around data security, the risk of breaches is only getting worse with severe ramifications, not only in terms of dollar costs, but also management attention and company reputation,” said Dean Simone, leader of PwC’s U.S. risk assurance practice. “To battle the ever-changing hacker profiles and accelerating rate of technological change, companies need to constantly re-evaluate their privacy and security plans. No company, no matter how well it has secured its data, is ever finished maintaining information security and privacy, but by establishing three lines of defense involving internal audit, they are putting in place the best safeguards to deal with critical risks to a business.”
According to PwC, most companies do have security controls and privacy policies, and they are often quite comprehensive. All too often, however, no one checks to see if these protocols are being followed – a natural role for the internal audit function.
As data thieves become even more inventive, corporate policies, procedures, tools, training and compliance efforts have not kept up. In some instances, PwC found that some security capabilities have actually diminished over the last three years. In 2011, only 39 percent of nearly 10,000 executives in 138 countries said they reviewed their privacy policies annually, compared to 52 percent in 2009. Only 41 percent had an identity management strategy in 2011, a decrease from 48 percent in 2009.
