Insider Threat Leading Practices

February 18, 2026

Misuse of authorized access to an organization’s critical assets is a significant and complex threat that requires a coordinated, proactive, enterprisewide effort to sufficiently address. This tool is designed to assist auditors in preparing an audit program for insider threats.

Additional resources to use with this IIA Audit Tool

Auditing Insider Threat Programs
Insider Threat Assessment Using NIST Cybersecurity Framework

Guidance
Tools
Risk
Fraud
Internal Control
Technology
IT General Controls
Executive
Mid-Level
Entry Level
Global Regions
English

Insider Threat Leading Practices

Additional resources to use with this IIA Audit Tool

Learn more with our other resources

Canada Connected: An Internal Audit Summit - for Canadians by Canadians

CAE Bulletin Issue: May 7, 2026

Achieving Effective Internal Control Over Generative AI: Applying COSO’s New Guidance

AI Driven Cybersecurity: Managing Risk in an AI First World

Learn about IIA programs and partners.