Botswana’s auditors urged to mobilise on the front line in cyber crime war
Botswana's Minister of Finance Peggy Serame has urged internal auditors in both the public and private sectors to examine the cybersecurity culture within organisations and provide appropriate recommendations to help ensure employee accountability.
Addressing an annual conference for auditors, Ensuring Corporate Stability during Disruption and Turbulence, Serame said auditors should – in addition to evaluating risks and controls – also examine the cybersecurity culture within the organisations.
She said, “The threat of cyber-attacks is significant and continuously evolving. Whilst direction on effective cybersecurity management must come from the leadership of the organisation, internal auditors have a key role to play.”
Serame added that the internal audit profession must embrace digitisation. “Without a doubt digitisation will shape the business environment, going forward. As an imperative, the internal audit profession should make concerted effort towards attaining full digital transformation in order to enhance its value-add.”
Serame encouraged auditors to strive to become data-driven service providers, but that “good security and effective working practices must go hand-in-hand.”
Icho Molebatsi from the Institute of Internal Auditors Association of Botswana (IIAB) said the internal audit function needs to customise its response based on the cyber maturity of the entity they serve.
He said the internal auditor should ensure cybersecurity is a key focus point in risk discussions, and it should be a standard agenda item for the audit committee and board of directors.
“Assessing if the right cybersecurity solutions are available to prevent and detect cyber threats. This is a combination of technology, applications, and people. It has been noted that the people factor is the weakest link in cybersecurity. You can have the best systems but if effective training has not been done for employees, you are still exposed,” said Molebatsi, and stressed that auditors should request that a cybersecurity framework and policy to be developed and implemented.