GTAG 5: Managing and Auditing Privacy Risks - The Institute of Internal Auditors

GTAG 5 Cover Guide 5: Managing and Auditing Privacy Risks
One of the many challenging and formidable risk management issues faced by organizations today is protecting the privacy of customers' and employees' personal information. The cost from privacy breaches is increasing everyday. The organization's customers, suppliers, and business partners want assurances that the personal information collected from them is protected and used only for the purposes for which it was originally collected.

Managing and Auditing Privacy Risks is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks which help to understand the basic concepts and aid in finding the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers the details on how internal auditors complete privacy assessments.

Authors
Ulrich Hahn, Ph.D., Switzerland/Germany
Ken Askelson, JCPenney, USA
Robert Stiles, Texas Guaranteed (TG), USA

Download this guide (PDF 752KB).
Purchase printed version.
Download GTAG 5 PowerPoint slides (PPT).
Download form for permission to translate to another language (Word, 95KB).

Quick Search Advanced Search Site Map IIA Popular Pages About the Profession New Fraud Guidance Virtual Seminars CIA Preparation GTAG Series		Home / Professional Guidance / Information Technology / GTAG / GTAG5 Guide 5: Managing and Auditing Privacy Risks One of the many challenging and formidable risk management issues faced by organizations today is protecting the privacy of customers' and employees' personal information. The cost from privacy breaches is increasing everyday. The organization's customers, suppliers, and business partners want assurances that the personal information collected from them is protected and used only for the purposes for which it was originally collected. Managing and Auditing Privacy Risks is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks which help to understand the basic concepts and aid in finding the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers the details on how internal auditors complete privacy assessments. Authors Ulrich Hahn, Ph.D., Switzerland/Germany Ken Askelson, JCPenney, USA Robert Stiles, Texas Guaranteed (TG), USA Download this guide (PDF 752KB). Purchase printed version. Download GTAG 5 PowerPoint slides (PPT). Download form for permission to translate to another language (Word, 95KB).		Global Technology Audit Guides (GTAG^®) Guide 1 Guide 2 Guide 3 Guide 4 Guide 5 Guide 6 Guide 7 Guide 8 Guide 9 Guide 10 Guide 11 IT Resources Review some of the latest IT Resources available for IT auditing. GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology