Fortifying your defenses - The role of internal audit in assuring data security and privacy

July 2012
  • Print-friendly version
Fortifying your defenses - The role of internal audit in assuring data security and privacy

At a glance

Companies should construct three lines of defense, with internal audit playing a critical role in providing assurance around data security and privacy controls and practices.

Data privacy and protection is a topic of great interest and impact regardless of industry. The average loss in brand value for a company that experiences a data breach can be anywhere from $184 million to more than $330 million. It is predicted that the risk of a breach occurring will continue to increase because companies today maintain greater amounts of personal data on customers and employees than ever before, coupled with the ongoing proliferation of technology.

In our experience, every company has security controls and privacy policies, and often quite good ones. But in many instances these processes and policies are not being followed and new threats are often overlooked. In an effort to help our clients address these challenges we have introduced the concept of three lines of defense, which is not unique to data privacy and security but should be in place and operating at a robust level to deal with any critical risk to the business. In this whitepaper we give first hand testimonial from one of our clients who institutionalized these three lines of defense to assist them in mitigating their privacy and security risks.

This whitepaper also highlights the critical role which internal audit plays in helping reduce risk and protect a company's brand.