This Practice Guide is provided as a service to members of The IIA. To learn more about the value of an IIA membership, click here.
This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common dangers, key risks, and potential impacts.
Additionally, the guide presents examples of security frameworks from globally recognized and accepted sources including Carnegie Mellon University Software Engineering Institute, the National Institute of Standards and Technology (NIST), and the U.S. Intelligence and National Security Alliance (INSA), controls, and other resources that can help during the planning and execution of audit engagements. Organizations should base their choice of framework on their unique situation, weighing factors such as their industry, size, complexity, and applicability of the selected framework.
For organizations that already have insider threat programs, this guidance can help internal auditors design assurance engagements to assess the program’s effectiveness.
Item number 10.1301.dl