IIA Nigeria August 22, 2019 No Comments


In 2018, so many companies had data breaches that compromised the personal information of millions of people around the world. I’d recount the ordeal of Facebook.

Facebook dealt with a slew of major breach and incidents that affected more than 100million users of the popular social network, 29 million was lost, highly sensitive data, including locations, contact details, relationship status, recent searches and devices used to log in were affected. It happened from July2017 – September 2018, the most interesting part was that this vulnerability was not known to Facebook until September 2018 when the spotted a spike in unusual activity. That is to say that this vulnerability ran for a period of 13 months without the knowledge of Facebook, in other words the hackers did have a feel of user data for a long time and need I to sure that Facebook wasn’t even sure when this attack started.

Vulnerability is the weaknesses in a computer system, in a set of procedures, or in anything that leaves information exposed or simply put It is a cyber security term that refers to a flaw in a system that can leave it open for attacks.

IT Security refers to securing digital data through computer network security.

Causes of IT Security Vulnerability.

  • Exposure
  • Missing data encryption
  • OS command injection
  • Download of codes without thorough check
  • Weak passwords
  • Ignorance
  • Using an already infected software

Protecting client’s data is an integral part of business for any auditing firm or any organization.

Firstly, users should be blocked from visiting confirmed unsafe sites, stay on top of bandwidth range with alerts when devices exceed thresholds. Another way is to filter internet activity by day, category and URL to reveal trends, spikes and irregularities. Try to complete with detailed reporting tools to let you analyze browsing activity and demonstrate the effectiveness of web security. Identify risk with IIA, Nigeria to help you find it wherever it may be hiding.

Role of IA (Internal Audit) to helping organizations

  • They should understand and be aware of the data security threats that loom over organizations.
  • They should help identify the vulnerabilities.
  • They should examine if all the required security precautions have been taken.
  • They should constantly network with industry counterparts to keep abreast of emerging threats.
  • They are also to help to see that cyber security regulations are being met

Internal audit is a pivotal ally which must join forces with IT to build a truly robust cyber security strategy that focuses on anticipating and mitigating risks and building organizational resilience. As vast as cyber threats are growing, cyber security has also become a more serious and relevant topic for system owners than ever before. The world is entering an era when attackers are trying to find a way to disrupt industries and critical infrastructure, attacks are heard every single day, you can stay on top of your game by having the best tools for intrusion detection network monitoring but without people, they can’t do much. People make decisions on how to respond to these threats and assess these vulnerabilities to choose which one to make priority for remediation

IIA, Nigeria is available to provide all the training you need for an efficient and effective IT Security



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For conference ?



For CIA preparatory Class?

IIA Nigeria August 5, 2019 No Comments

CYBER THREATS(CYBER INTELLIGENCE) – contributing insights for Internal Auditors


Cyber threats are a malicious act that seeks to damage data, steal data and disrupt digital life. Threats like computer viruses, data breaches and denial of service disrupts computer network and paralyze systems making data unavailable. Cyber threats attackers are always after financial gain, disruption and espionage, cyber threats are not static because millions are being created every year.

Cyber/threats are in five categories:

Physical/Digital attacks which is the loss of life or damage of infrastructure. Psychological attacks points to the individuals being left depressed, embarrassed or confused. Economically, there will be a fall in stock price, regulatory fines and reduction of profits. Reputationally, there’s a loss of key staff, damaged relationship with customers and intense media scrutiny. Socially, it stands the risk of disruption of daily life such as impact on key services and a negative perception of technology.

Internal auditors have a role to play in ensuring that advanced cyber threats stays in check to avoid damages. They will ensure the effectiveness of the response actions on IT risk, they will leverage relationships with the audit committee to heighten awareness and knowledge of cyber threats and ensure that they remain aware of the changing nature of cyber threats. Internal audit provides a holistic approach to where an organization may be vulnerable, it is crucial to provide assurance services for all areas of an organization.




Conclusively, internal audits may provide the most value by contributing insights from its extensive scope of work but preparedness assumes the survival of a cyber attack. It serves no purpose if the organization does not evolve and improve the strategies to be better prepared for any type of attack. Cyber threat increase should make organizations see the need to train their employees to know the implications of a security breach and give clear guidance on how to respond to one when it eventually comes since it is inevitable. In cyber intelligence, education is power therefore the need to be educated on the importance of staying free from cyber threats is the great job of IIA, Nigeria, we protect everything.


Source :

Media/IT Unit 

IIA Nigeria




IIA Nigeria July 25, 2019 No Comments


Internal audits performance can be enhanced for both operations and compliance, to strengthen their impact, we look at The Process (How), The Product (What) and The System (Where).

The Process type of audit helps to know that processes are working within established limits. It helps to evaluate a method against predetermined instructions or, standards to measure the conformance to these standards as well as the effectiveness of the instructions.

The Product type of audit is the examination of a particular product or service such as hardware, processed materials or software to evaluate whether it conforms to customers’ requirements. The Big 4(Deloitte, EY, KPMG, PWC) in conjunction with IIA, Nigeria has been able to help in strengthening internal audit’s impact and influence in all organizations.

The System type of audit explains the conduct on the management system.

It is a documented activity performed to verify by evaluation and examination of objective evidence that applicable elements of the system are appropriate and effective and have been developed, documented and implemented in accordance with specified requirements or as part of the IPPF global internal audit framework.
Internal audit has a critical role to play as the third line of defence in risk management and helping organizations in the ongoing battle of managing cyber threats, providing an independent assessment of existing and needed controls and helping the audit committee and board to understand and address the diverse risk of the digital world. And, until we realise the role that internal audit is playing and pay full attention to it, internal audits impact and influence won’t be felt much and as such cannot be strengthened.


Internal audits performance can only be heightened or strengthened if they adopt analytics, contemporize reporting, enhance skills and capabilities and try to increase personal impact for all operations and compliance.



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For conference 



IIA Nigeria June 28, 2019 No Comments

The State of the Internal Audit Profession in Africa



In 2015, The Institute of Internal Auditors (IIA) launched an African Development Plan designed to build capacity of the internal audit profession across Africa. As the global leader of the internal audit profession, The IIA’s intent is to elevate the profession on the continent to meet or exceed the expectations of the profession’s key stakeholders.

 In conjunction with the World Bank, The IIA released The State of the Internal Audit Profession in Africa (Phase I), which assesses the factors that contribute to the current status of the internal audit profession across 11 countries in Africa, including Nigeria. The valuable insights gleaned from extensive in-person interviews and research outlined in the report helped to identify several areas of focus to build capacity of the profession in the region. 

The analysis of the situation in Africa found there is a greater need for effective internal audit in the public and private sectors, awareness of the internal audit and its contribution to governance is limited, and training resources are inadequate. 

Kindly review the entire report and also share with your stakeholders by using any of the links below to download the report.


Download the report for a comprehensive review of the profession by country.








Humphrey Okorie

CEO, IIA Nigeria

Ebrahim September 9, 2016 No Comments

Welcome to IIA Nigeria


Welcome to  IIA Nigeria.

Our goal is to ensure that you get every support that you need to continuously  offer unparalleled value to your organisation.

Kindly explore the website for the various resources available, you could also reach me directly through my email address Humphrey.okorie@iia-nigeria.org for further clarification or guidance.