Skip to Content

Internal Audit Foundation and Crowe Report, “Privacy and Data Protection, Part 2”

Internal Auditors’ Views on Risks, Responsibilities, and Opportunities

Communications Mar 01, 2022

Sharpen Your POV to Add Value

The Internal Audit Foundation has released a new report in collaboration with Crowe, “Privacy and Data Protection, Part 2: Internal Auditors’ Views on Risks, Responsibilities, and Opportunities.” This second report in a three-part series reveals a number of potentially valuable opportunities for internal auditors to take an earlier, proactive role in helping to recognize, manage, and mitigate these risks, while still fulfilling their role as defined by the International Professional Practices Framework.

In order to create the report, The IIA, Foundation, and Crowe conducted a survey among chief audit executives (CAEs) and audit directors to develop a better understanding of organizations’ data protection policies and practices. Survey responses suggest that a number of likely opportunities exist where internal auditors could add value to their enterprises, while also building, developing, or strengthening critical relationships with peers elsewhere in their organizations. The simplest way to explain the results of the survey is that internal audit needs to take a more active leadership role in mitigating data privacy risk.

Further, the purpose of this report is to present the findings of the surveys and field interviews to examine how internal audit as a profession is responding to privacy and data protection issues.

Detailed examination of the results provided a number of insights that internal audit professionals can use to reflect on their own organizations’ preparedness and effectiveness in managing risks associated with privacy and data protection.

Key takeaways include:

  • Data privacy roles and responsibilities.
  • Data privacy as a material risk.
  • Internal auditors’ views of program effectiveness.
  • Internal auditors’ most critical concerns.
  • How internal auditors can add value.

To learn more about how to sharpen your privacy and data protection point of view to add even more value to your organization, download the report now.

Additional Privacy & Data Protection Resources

Virtual Conference

The 2022 Data Privacy & Ethics Virtual Conference, taking place Thursday, April 28, 2022, is part of a series of one-day conferences designed to help internal auditors stay ahead of critical issues and be more responsive in their work. Upskill your knowledge in data privacy and ethics while earning up to 6.6 CPEs. Learn more.

Related Research Report

Privacy and Data Protection Part 1: Internal Audit's Role in Establishing a Resilient Framework

Internal Auditor Magazine

Targeting Fraud With Data Analytics by Alisanne Gilmore Allen, CIA, CRMA, CFE, CISA

Feb. 21, 2022

Recommended Guidance

Get a Group Membership

Learn More