GTAG: Auditing Insider Threat Programs
August 15, 2021
Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common dangers, key risks, and potential impacts. Additionally, the guide defines key terms in the insider threat universe, and presents security frameworks, techniques, considerations, and resources that can help during the planning and execution of audit engagements.
By becoming aware of insider threats and the associated risks and by learning about insider threat programs, internal auditors have a tremendous opportunity to add value by helping their organizations strengthen governance, risk management, and control processes.
Topics include:
- How to better understand insider threats and guidance for practical audit considerations.
- Ways to assess and prioritize insider threats in audit planning.
- How to increase collaboration with management.
- Ways to champion the communication of insider threats to management and the board.