As cyber threat actors continually evolve their attacks, an organisation can be considered to be doing well these days if it is only two steps behind bad actors. In the second of a two-part podcast, Lee Glover of Validera and Mike Hughes of Prism RA talk about recent developments in cyber risk including the evolution of the approach of threat actors from attacking individual organisations to attacking software companies that then distribute their bad code across the globe. Risk management is only possible if the controls implemented work as intended, so Internal Audit’s periodic assurance work on controls is vital, as is its involvement in IT projects from the outset.

ACCA’s report on Cyber and the CFO is a useful resource that you can download at https://bit.ly/cyberandthecfo. ISACA and Aston University have produced a briefing for the C-Suite on what the Board of Directors need to know to build business resilience. This briefing accompanies ACCA’s report and on page 6 of the document you’ll find eight key questions that company directors need to ask to ensure they are at least doing the fundamentals – you can access the ISACA briefing at https://bit.ly/isacabriefingcsuite.

You can find all available podcasts here or find them on your favourite platform: Apple podcasts: https://podcasts.apple.com/us/podcast/internal-audit/id1761978023?mt=2&ls=1at=1001l626 Spotify: https://open.spotify.com/show/2VcM3L5gXHlmrfiV9U2VFj

You can find more resources for internal auditors on our Internal Audit hub - https://bit.ly/accaiahub - including a series of guides for beginners, Heads of Internal Audit and audit committee. We also have resources for those moving into Internal Audit, free webinars available on demand, and articles.

This podcast is hosted by ZenCast.fm

Internal Audit Lens - Recent developments in cyber risk