Page 76 - Courses
P. 76
IT Essentials — Physical and Environmental Controls
security and environmental control vendors interface with internally located systems, and how the
physical environment is protected from both natural and human threats.
TOPIC 6: SUMMARY
Learning Objectives
These learning objectives were covered in this course.
• Describe the basics of physical security.
• Describe the basics of environmental security.
• Recall common physical and environmental risks and controls.
• Identify the general concepts related to auditing physical and environmental security.
Additional Resources
Additional resources for further reading include The IIA Global Technology Audit Guide:
“Management of IT Auditing, 2nd Edition,” as well as The IIA Global Technology Audit Guide: IT
Essentials for Internal Auditors.”
Summary
Physical and environmental security concerns have a tremendous impact on organizations across a
broad spectrum of industries, and must be considered holistically and systemically. The effects of
environmental control failure can range from an inability to maintain a consistent control
environment, to power outages, catastrophic system failure, or loss of life and assets. Investments in
third-party risk management and control efforts are necessary to protect organizations from
sophisticated and widely used attack methods.
Being an independent voice offers opportunities for internal auditors to demonstrate their abilities
as trusted advisors, going beyond ensuring a mere performance according to plan; and instead
offering strategic thought-leadership to the organization. A strong internal audit activity —
sufficiently resourced and trained — is one of the most important tools available to boards and audit
committees, as they craft and refine strategies, policies, and protocols to provide holistic protection
to the organization from human, cyber, and equipment-related threats.
Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
