The role of audit and compliance in cybersecurity needs to evolve to effectively address the concerns arising from the evolution of technology and the threats to it. The compliance regime is going through rapid changes with the increasing quantity and complexity of cyber risks. Global emphasis on data and privacy protection requires enterprises to allocate substantial budget toward meeting compliance requirements and keeping an eye on the changed regulations and risks of non-compliance. However, it is crucial that compliance does not become the security standard of organizations.
More extensive effort must be put into addressing security at the enterprise level. Internal and external audit needs to provide insights on risk areas across the enterprise by shifting away from traditional approaches. To do so, audit needs to engage with other functions in the enterprise to align its activity with the business objectives of the organization and take part in strategic project practice to acquire better understanding of the innovative technologies and methods being introduced to organizations. The audit and compliance organizations may experience substantial change with the introduction of advanced technologies. These are projected to increase efficiency and effectiveness through automation and deep learning processes but will certainly add more risk factors to be considered and managed. At the end, audit and compliance requirements are set to support organizations in achieving business objectives and promote growth while maintaining appropriate compliance. With proper assessment and management more fitted for the evolving market, audit and compliance will play a value-added role in achieving enhanced cybersecurity for organizations.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Andrew Cotton is a Partner and Americas Cybersecurity Leader for EY in which role he has responsibility for cross-service line, cross-channel evaluation and refinement of EY’s cybersecurity strategy and tactical operating plans. He has more than 25 years of industry experience serving EY’s largest global technology clients in the San Francisco Bay Area. Andrew has previously served on the Firm’s Partner Advisory Council and as the Americas Software Sector Leader, at which time he developed the firm’s technical guidance in that area. He has a Master of Arts degree from Oxford University.