As presented in The IIA’s Practice Advisory 2130.A1-2: Evaluating an Organization’s Privacy Framework, the internal audit activity can contribute to good governance and risk management by assessing the adequacy of management’s identification of risks related to its privacy objectives and the adequacy of the controls established to mitigate those risks to an acceptable level. The following describes some of the benefits of undergoing a privacy audit.
Privacy Audit Benefits
- Facilitates compliance with laws and regulations.
- Measures and helps improve compliance with the organization’s data protection system.
- Identifies potential inconsistencies between policies and practices.
- Increases the level of data protection awareness among management and staff.
- Provides information for a data protection system review.
- Provides assurance over reputational risks.
- Improves procedures for responding to privacy complaints.