Leadership · Insight · Knowledge

Welcome to the Institute of Internal Auditors New Zealand, the professional body for internal auditing

About UsJoin Us

What is internal audit?

Internal audit is a dynamic profession that provides independent assurance that an organisation's risk management, governance and internal control processes are operating effectively Essentially, Internal Auditors help organisations to succeed.

Read More

Membership benefits

Join our professional community and access a range of local and international benefits to expand your thinking, knowledge and networks.

Learn MoreJoin Now

Events & training

Connect with other internal audit, risk and assurance professionals and grow your knowledge and skills with a range of online and local events.

Find out more

Subscribe to newsletters

Subscribe to monthly IIA NZ Newsletters here

Subscribe

home | News & Media | All News

 

New Report: "The Risky Six: Key questions to expose gaps in board understanding of organisational cyber resiliency"

The Institute of Internal Auditors (IIA) and Ernst & Young LLP (EY) release a joint report, "The Risky Six: Key questions to expose gaps in board understanding of organisational cyber resiliency."

Practitioners and researchers from The IIA and EY conducted extensive analysis to determine the root cause of how and why boards get a skewed picture of their organizations' ability to protect themselves from cyber-related risks. The team, which collectively has more than 100 years of experience managing cybersecurity risks within organisations in all industries, identified six key questions that if unanswered likely mean a disconnect exists.

Key data pointing to widespread disconnects from boards - rooted in the team's deep experience in the field, as well as cutting-edge research from The IIA and EY - include the following:

• 60% of organisations do not have a head of cybersecurity who sits on the board or at executive management level.

• 59% of organisations say that the relationship between cybersecurity and the lines of business is at best neutral, to mistrustful or nonexistent.

• 20% of boards are extremely confident that the cybersecurity risks and mitigation measures presented to them can protect the organisation from major cyber-attacks.

• 36% of organisations say cybersecurity is involved right from the planning stage of a new business initiative.

Organisations working toward a collective "yes" for the six questions provide a narrative that is well received by stakeholders inside and outside the organisation. It highlights the due care and diligence underway to battle cyber risk. However, the report also exposes how easily boards can develop false confidence if any of the six questions can't be answered in the affirmative.

Download "The Risky Six" now and learn the six key questions that must be asked to expose gaps in board understanding of organisational cyber resiliency.

Download link


MoST Content Management V3.0.8753