A CISO and a senior audit leader discuss how a good rapport between information security and internal audit can improve organizational cybersecurity.
One of the features of The IIA's Three Lines Model (PDF) is its clear description of accountability among key players within an organization. The governing body is responsible for organizational oversight, management is tasked with achieving organizational objectives, and internal audit's role is to provide assurance and advice. The model also points out that this delineation does not imply isolation. Among all roles, "the basis for successful coherence is regular and effective coordination, collaboration, and communication," the model states.
