chief audit execs speak out: cybersecurity & risk management
TRANSCRIPT
Cybersecurity: Suggested actions
Where are the risks?
Where can internal audit add the most value?
Financial services CAEs see room for improvement when it comes to their risk management functions.
CAEs speak out: Cybersecurity seen as key threat to growthFor more information, read the report at grantthornton.com/fs-cae-survey
continue to require improvements
ineffectively used or they’ve yet to implement one
rigorously enforced and used comprehensively
business continuity
25%
� +� +� +D62%
15%
23%
fraud/anti-corruption
20%data privacy and security (including cybersecurity)
71%third parties and vendors
34%regulatory
risks
38%
.
Prepare for potential attacks and regularly test preparations.
Address exposures stemming from third-party and vendor relationships.
Focus on people and processes, in addition to technological solutions.
Shore up cyberrisk exposures by utilizing key resources (e.g., EO 13636 and NIST supporting standards, FBI’s InfraGard, U.S. Computer Emergency Readiness Team, U.S. Secret Service Electronic Crimes Task Force).
Be alert to warning signals and identify potential vulnerabilities across the entire business “ecosystem.”
Ensure boards and senior management focus attention on cyberrisks, including understanding inherent cybersecurity risks, as outlined by the Federal Financial Institutions Examination Council (FFIEC).
Chief audit executives (CAEs): Management and board priorities (according to CAEs):
Identifying improvement opportunities
Increased effi ciency
Mitigating risk/stronger corporate governance
Mitigating risk
Identifying improvement opportunities
Stronger compliance efforts in other areas
1 1
2 2
3 3
“Grant Thornton” refers to Grant Thornton LLP, the U.S. member fi rm of Grant Thornton International Ltd (GTIL). GTIL and its member fi rms are not a worldwide partnership. All member fi rms are individual legal entities separate from GTIL. Services are delivered by the member fi rms. GTIL does not provide services to clients. GTIL and its member fi rms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. Please visit grantthornton.com for details.
© 2015 Grant Thornton LLP | All rights reserved | U.S. member fi rm of Grant Thornton International Ltd