Fundamentals of Cybersecurity Auditing (X7-SE16786)

At the end of the course participants should be able to:

• Establish the importance of compliance and compliance reporting. 
• Explore a suite of commonly encountered regulations impacting one or more industries focus  on data collection, data protection, breach notification and compliance reporting requirements, current proposals, and recent changes.
• Review the suite of common risks and controls related to identifying and maintaining regulatory compliance in general.
• Discuss common U.S. and international data privacy regulations, and notable failure impacts.
• Evaluate common U.S. and international cybersecurity regulations, and notable failure impacts along with their impact on privacy regulations and the cryptocurrency industry.
• Identify challenges with maintaining compliance during rapidly shifting global work conditions, including: increased volume of remote work, shifts to company culture, and increased demand for employee mental health and well-being.
• Examine the impact of climate change, environmental, environmental, and governance (ESG) and diversity, equity, and inclusion (DEI). 
• Articulate the importance of data protection regarding data and people analytics.
• Explore current regulatory environment related to blockchain frameworks, and associated audit activities. 
• Apply common techniques for performing internal audit activities against common regulatory guidelines.

In 2022 the SEC charged 16 publicly traded organizations over 1.1 billion USD in penalties after discovering widespread recordkeeping failures and other regulation compliance wrongdoings. Globally, top GDPR fines of 2022 totaled nearly 218 million Euros-across just 4 notable companies.  "Finance, ultimately, depends on trust. By failing to honor their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust,” said SEC Chair Gary Gensler.  Can your organization afford to be out of compliance? 

Compliance auditing is typically used to evaluate whether the organization is following external regulations; however, it can also be used at a corporate level to determine whether a subsidiary company follows the wider corporation's procedures and policies.  Internal auditors should exhibit high levels of proficiency and professional due care to ensure adequate testing is performed, reducing the likelihood of failing regulatory and other stakeholders’ expectations.  

This course provides a comprehensive overview of key compliance auditing concepts that are fundamental for all internal auditors. This course will introduce participants to a host of common regulations - both domestic to the United States, and globally - in addition to the controls needed to maintain compliance, and how to apply each regulation within the internal audit process. This course will also explore the associated reporting requirements (including but not limited to: SOX, PCI, HIPAA, breach notification, OFAC, ESG, GDPR), including tactics to collect evidence and perform internal audit activities against the regulatory reporting guidelines.