Internal cybersecurity audit - do you already meet the NIS2 requirements and can you verify this as an auditor?

The long but aptly titled workshop for internal auditors prepared in cooperation with Czech Institute of Internal Auditors and its task this time was to guide internal auditors through an area that requires a deeper orientation in the field of information technology.

How to approach an IT audit in which you do not have the necessary knowledge; what to focus on and how to make your work easier while complying with the formal requirements - this was discussed by Libor Štourač , internal auditor, manager of QMS, EMS, ISMS of ITS and head of the Brno branch, who has more than extensive experience in this area.

On what basis do we speak to internal auditors?

As a supplier of IT technology to clients locally and globally, we are subject to a number of measures, regulations and other formal requirements that we can no longer operate without. We have tried to translate the demanding external audits and the experience from them into practical advice and examples, not only in the context of the upcoming NIS2 directive and the related obligations, but also with the general objective that should play a major role in internal auditing - to improve the overall state of the organisation and to move the whole company forward through corrections.

Libor tried to explain to the auditors which parts of the audit are relatively easy and verifiable, which parts to be careful with, and where it is necessary to invite external help. We also briefly introduced our application dTASKas a handy helper (not only) in internal audit.

We believe that the auditors from private companies and public administration took away useful information and we look forward to the next workshop in the autumn.

An overview of current CIIA training courses can be found on the website interniaudit.cz, if you are interested in tailor-made training for your company, please do not hesitate to contact us contact!