Embedding the IIA Topical Requirement on cyber security
ArticleWhat the IIA topical requirement covers, when it applies, and the practical steps internal audit functions need to take to meet the requirements.
In a climate of increasing digital innovation and evolving threats in areas such as data governance, cloud, and cyber security, it's vital to stay ahead of technology-related risk.
Organisations are looking for technology assurance solutions that not only provide independent assurance over technology controls and processes but also pragmatic advice and tailored recommendations that add value to business stakeholders.
Taking a collaborative approach we'll work with you to deliver assurance across all three lines of defence, using our technical skills and market understanding.
1.
Subject matter experts
Our integrated subject matter experts cover a range of technical specialisms and bring senior-level experience in practice and industry to your project.
2.
Collaboration throughout
We work in partnership with you to deliver a tailored, value-adding service, by understanding your culture, objectives and assurance requirements.
3.
Holistic risk management
We consider technology risks holistically by developing an in-depth understanding of your business to effectively identify and propose pragmatic solutions.
Why Grant Thornton
We support you across a wide range of technical areas, risks and controls so you can make decisions with confidence. Whatever your size or industry, our experienced technology risk professionals and subject matter experts work with you to understand your business and manage your technology risks.
As your partner and challenger, we provide:
- assurance over your key technology risks
- advice on how to enhance your IT control environment
- fresh insights that can help shape your business.
Our technology internal audits cover a broad range of subject areas
In addition, large corporates are now increasingly taking a proactive approach to technology risks and controls, establishing assurance functions and performing assurance exercises in the first and second line. We have experience in supporting technology risk functions and performing discreet technology risk engagements that cover a wide range of technical areas.
Areas we cover include:
- cyber and information security
- data privacy
- technology resilience and IT disaster recovery
- cloud
- ERP security and implementations
- technology infrastructure
- IT strategies
- software development and DevOps
- data governance, maturity, and real-time insights
- programme assurance
- third-party risk
- Sarbanes Oxley (SOX) testing
- application reviews
- integrated audits with the business auditors
- controls automation
- development of control frameworks
Read more
Trends in technology risks 2026
Key technology risk areas for internal auditors and technology risk functions to consider in 2026.
Vulnerability to visibility: strengthening IT resilience
Read our insights, reports and more
|
7 min read
|
09 Jun 2026
Charity sector development report: why systems fail - and how to stop it happening
ArticleFive reasons why system implementations fail with actionable recommendations that empower charities to navigate system implementation more effectively.
|
11 min read
|
09 Apr 2026
FCA confirms targeted support framework under PS25/22
ArticleThe FCA has taken another step forward by confirming the introduction of a targeted support framework and publishing the near final rules in PS25/22.
|
7 min read
|
03 Feb 2026