The Institute of Internal Auditors issued a new guide on insider threat programs that is designed help internal auditors understand insider threats and related risks by providing an overview of common traits of main players, key risks, and potential impacts. The guide also covers security frameworks, techniques, considerations, and resources that can aid in the planning and execution of audit engagements.
The latest in the IIA’s series of Global Technology Audit Guides defines key terms in the insider threat universe and offers recommendations auditors can use to improve existing insider threat programs or create new programs. It distinguishes between malicious and non-malicious incidents and describes behaviors that may precede a threat action.
By becoming aware of insider threats and the associated risks and by learning about insider threat programs, internal auditors have a tremendous opportunity to add value by helping their organizations strengthen governance, risk management, and control processes.
Topics include:
- How to better understand insider threats and guidance for practical audit considerations
- Ways to assess and prioritize insider threats in audit planning
- How to increase collaboration with management
- Ways to champion the communication of insider threats to management and the board
IIA members can download the guide free. Nonmembers may purchase Supplemental Guidance by visiting the IIA Bookstore.