Internal Auditors: ISO 27000 the Top Tech Need


When it comes to information security know-how, many internal auditors said they wouldn’t make the grade.

The 2008 Internal Audit Capabilities and Needs Survey from Protiviti found that among internal auditors, the top technical competencies in need of improvement were ISO 27000, enterprise risk management (ERM) and fraud risk management (FRM).

Chief audit executives constituted more than a third of the 516 audit professionals who participated in the study. CAEs also named ISO 27000, the certification standard for information security developed by the International Organization for Standardization, as their top competency in need of improvement, followed by COSO and FRM.

ISO 27000 was not listed in the 2007 Capabilities and Needs survey. Bob Hirth, executive vice president of global internal audit solutions for Protiviti, said in a release, “An ever-increasing reliance on IT-generated data and the plethora of data security breaches are contributing to the need for internal auditors to enhance their skills in this critical area. Clearly, more organizations view themselves vulnerable to such risks and are relying on internal auditors to help mitigate and monitor them.”

Source: 2008 Internal Audit Capabilities and Needs Survey, www.protiviti.com/go/2008capabilitiesandneeds.

SPONSORED REPORT

Cybersecurity threats proliferating for midsize and smaller businesses

This report details how SMBs can properly protect private information from breaches, design and implement a cybersecurity policy, and create safeguards for training and education.

QUIZ

Test yourself on these often confused words

The spelling checker on your word processing program can do only so much to flag problems. Your best insurance is to learn the troublesome words that trip up writers and use them correctly by the standards of formal, written English.