Skip to Content

The IIA Releases New GTAG on Auditing Cyber Incident Response and Recovery

Communications The IIA Jun 15, 2022

The impacts from cyberattacks have grown dramatically over time and are consistently ranked among the most significant business risks.

“Auditing Cyber Incident Response and Recovery” covers risks and controls that correspond to the NIST CSF “Respond” and “Recover” functions. The GTAG gives an overview of the relevant risks and controls in this area to help an internal audit activity with planning and scoping audit engagements. References to external control frameworks are offered, which, if used effectively, can help with the development of insightful audit approaches.

This guide will help internal auditors:

  • Define cyber incident response and recovery and develop a working knowledge of relevant processes, including related governance and risk management controls.
  • Understand risks and opportunities associated with cyber incident response and recovery, for the purposes of enterprisewide or engagement-specific assessments.
  • Identify components of cyber incident response and recovery, including contributions from governance, risk management, and planning processes, as well as controls to test and execute response and recovery plans.
  • Consider relevant control guidance in widely used IT-IS frameworks to increase the value of assurance and advisory services provided by the internal audit activity.
  • Understand the basics of auditing cyber incident response and recovery, including specific controls to be evaluated.

IIA members are invited to download this guidance and all guidance as a benefit of membership.


Register for Exploring the New GTAG “Auditing Cyber Incident Response and Recovery” on Wednesday, July 13, 2:00-3:00 p.m. ET, where we’ll discuss the importance of having an effective cyber incident management process that will help an organization respond to attacks and restore normal operations timely and securely. Having plans in place is more critical than ever due to the higher likelihood of cyberattacks caused by the pandemic, geopolitical events, and more sophisticated threat actors.

Access Additional Cyber Resources



The Institute of Internal Auditors

Get a Group Membership

Learn More