IIA-Australia White Paper - Auditing Data Risk Management

IIA-Australia White Paper - Auditing Data Risk Management

This is a members only resource. Please login to access. 


Tariq Islam BEng (First Class Honours), BMaths & Computer Science, DCAM



Topics Explored

Internal Audit, Internal Audit Management, Fieldwork


White Paper


Compared to other more established risk classes, data-related risk is a relatively new area of focus in which most organisations are still maturing their risk management approach. This White Paper provides an overview of data-related risk management and discusses the key areas that should be covered when auditing it.

Key Points

  1. The best starting point for the internal auditor is to review the data management policy and framework.
  2. The internal auditor should check whether there is a definition of what ‘data’ actually means for the organisation.
  3. To facilitate enterprise-wide data risk management, data across the organisation may be divided in some manner. Each data area will have a data steward accountable for it.
  4. Poor data quality is a common weakness across organisations.
  5. Data should be classified according to how sensitive it is.

Relevant Industries


Level of Assumed Knowledge