White Paper - Cybersecurity Topical Requirement – Case Studies in Early Adoption

Whitepaper

This is a members only resource.

Please login to access.

Author

Aamir Husain

BCOM HONS, MBA, CPA, CIA, CISA

Date

2025

Topics Explored

Internal Audit, Cybersecurity and Technology Governance, Standards

Format

White Paper

Extract/Description

This White Paper explores the experience in early adoption of the Institute of Internal Auditors’ Cybersecurity Topical Requirement, highlighting its practical application in enhancing internal audit effectiveness and organisational resilience. It aims to demonstrate how aligning audit practices with this framework strengthens cybersecurity governance, risk management, and control processes. The learnings and observations from the early adoption of the Topical Requirement is explored in four case studies.

Key Points

Four case studies are explored which outline how the topical requirement was applied, the results of the audit, the challenges identified and lessons learned.
These case studies have identified the following issues: interpreting technical complexity, cross-functional coordination, resource constraints and evidencing conformance.
Each of the issues can be overcome by internal audit with strategies suggested.

Relevant Industries

All

Level of Assumed Knowledge

Intermediate

Aligned to Global Internal Audit Standards

Yes