Cyberattacks have grown dramatically over time with increasing severity, and cybersecurity risks consistently rank among organizations’ most significant concerns.
This GTAG, updated to align with the Global Internal Audit Standards, covers risks and controls that correspond to the NIST CSF “respond” and “recover” functions and gives an overview of the relevant risks and controls to help an internal audit function plan and scope audit engagements. The guide’s references to external control frameworks can help internal auditors develop insightful testing approaches.
This guidance supersedes the previous edition published in 2022.