IIA-Australia White Paper - Auditing Data Risk Management

IIA-Australia White Paper - Auditing Data Risk Management

This is a members only resource. Please login to access. 

Author

Tariq Islam BEng (First Class Honours), BMaths & Computer Science, DCAM

Date

 2023

Topics Explored

Internal Audit, Internal Audit Management, Fieldwork

Format

White Paper

Extract/Description

Compared to other more established risk classes, data-related risk is a relatively new area of focus in which most organisations are still maturing their risk management approach. This White Paper provides an overview of data-related risk management and discusses the key areas that should be covered when auditing it.

Key Points

  1. The best starting point for the internal auditor is to review the data management policy and framework.
  2. The internal auditor should check whether there is a definition of what ‘data’ actually means for the organisation.
  3. To facilitate enterprise-wide data risk management, data across the organisation may be divided in some manner. Each data area will have a data steward accountable for it.
  4. Poor data quality is a common weakness across organisations.
  5. Data should be classified according to how sensitive it is.

Relevant Industries

All

Level of Assumed Knowledge

Intermediate