Abstract
Cyber Security has proven to be the most critical aspect in the operations of organisations that are continuously exposed to risks of cyber-attacks. Cyber security risks are continuously evolving, and the use of technology has also increased and improved, which gives rise to these cyber security attacks. The use of data and personal information is required for proper security controls and monitoring to ensure that the organisation’s valuable information is substantially protected. The increased reliance on the use of Information Technology requires an extensive internal audit assessment to review the cyber security risks that will assist organisations to improve their control environment. Due to the variety of cyber-attacks and poor information technology security controls implemented by most organisations, cyber security reviews presented the need for an independent assurance to management on the cyber security gaps and controls.
The study explored the role of internal audit functions in managing cyber security risks for organisations. The content analysis study found that cyber security management is an important function that requires the need for internal audit functions to assist the organisation in evaluating the effectiveness and adequacy of controls to mitigate the impact of cyber security risks. This study highlighted the role of the internal audit function in organisations to reduce the risk of any cyber threats. It also proved that a thorough understanding of the organisational objectives and risks is required by the internal audit function to address the cyber security risks challenge faced by organisations.
The results of the study revealed that organisations place a great emphasis on having an internal audit function to assist management in evaluating the effectiveness and adequacy of controls to minimise cyber security risks. The results highlighted the high level of compliance to the Public Finance Management Act, Treasury Regulations and King IV report on the role of the internal audit function. The results proved that some organisations had highlighted the cyber security risks they are exposed to with some organisations having performed risk assessment to identify cyber threats and security breaches to improve cyber security risk management processes. The results of the study revealed that the internal audit function identifies and contributes to cyber security in organisations by incorporating cyber security reviews based on the internal audit plan and assess the adequacy of the existence of internal controls designed to minimise the cyber security risks.