Chief Audit Executive Conference
The United Arab Emirates Internal Audit Association (UAE-IAA) is a vibrant organization founded by a dedicated group of practicing volunteers to serve the profession and the needs of local internal auditors.
The UAE IAA was chartered by a government decree from the UAE Ministry of Community Development and is dully affiliated with the Global Institute of Internal Auditors located in Florida, USA.
One of the organization’s primary objectives is to enable its membership base to excel by way of continuous learning and networking opportunities, thereby contributing to the members’ professional growth through services and benefits aimed at augmenting their skills, professional effectiveness and career growth.
As such, the UAE IAA Board of Governors are pleased to invite you to the UAE Internal Audit Association’s upcoming 8th Chief Audit Executive Conference themed “Technology Redefines Internal Audit” due to take place at Rixos Premium, JBR, Dubai, UAE between 20th & 21st November 2019.
We would like to request your participation as a Key-Note Speaker at our conference and the details are as follows:
Date: Thursday, 21st November 2019
Time: 01:30 p.m. – 02:40 p.m. (60 minutes)
Venue: Rixos Premium, JBR, Dubai, UAE
We have also invited a great panel of expert speakers in the fields of Internal Audit, Risk Management, Corporate governance, Transformational Leadership and we forecast a record local and regional attendance.
For more evets :
https://www.erdalozkaya.com/category/free-events/
CISO Insight
The CISO and Chief Audit Executive relationship is one of the most important — and most under-invested — partnerships in enterprise governance. Internal audit provides independent assurance that security controls are actually working, not just that they exist on paper. When the CISO and CAE operate as genuine partners rather than adversaries, the entire risk management function of the organisation improves dramatically.
Why the CISO-Internal Audit Relationship Matters
Internal audit and cybersecurity share a common objective: protecting the organisation from risk. Yet in many enterprises, the relationship between the CISO and the Chief Audit Executive is adversarial rather than collaborative. Audit teams arrive with checklists that feel disconnected from operational reality. Security teams view audits as administrative burdens that consume resources without improving security posture. This dysfunction serves nobody — least of all the board, which relies on both functions to provide assurance that risks are being managed effectively.
The most effective CISO-CAE partnerships I have observed share three characteristics. First, regular informal communication between engagements — not just during audit cycles. Second, a shared risk language that both functions use when reporting to the board and executive leadership. Third, a mutual understanding that audit findings are opportunities for improvement, not accusations of failure. When both parties approach the relationship with this mindset, audit becomes one of the CISO’s most valuable tools for driving security investment and accountability.
How CISOs Should Prepare for Cybersecurity Audits
Proactive CISOs do not wait for audit to arrive — they use the audit cycle strategically. Before an engagement begins, provide auditors with context about the threat landscape, current priorities, and known gaps you are already working to address. During the audit, be transparent about challenges rather than defensive about findings. After the audit, use findings as evidence to support budget requests and organisational change initiatives. A well-documented audit finding from an independent internal audit function carries more weight with the board than any CISO presentation alone.
The most common audit findings in cybersecurity consistently relate to access management (excessive privileges, orphaned accounts, inadequate review processes), patch management (delays in applying critical patches, lack of systematic vulnerability management), third-party risk (incomplete vendor assessments, lack of continuous monitoring), and incident response (untested plans, unclear escalation procedures, insufficient documentation). Addressing these recurring themes proactively — before audit identifies them — demonstrates maturity and builds credibility with both the audit function and the board.
Frequently Asked Questions
How often should cybersecurity be audited?
Most organisations conduct a comprehensive cybersecurity audit annually, with targeted assessments of high-risk areas (access management, cloud security, third-party risk) on a more frequent basis. Continuous auditing approaches that use automated tools to monitor controls in real-time are increasingly common in mature organisations and provide assurance between formal audit engagements.
What frameworks do auditors use to assess cybersecurity?
Common audit frameworks include NIST Cybersecurity Framework, ISO 27001, COBIT, and sector-specific standards. Auditors may also assess against regulatory requirements specific to the organisation’s industry and jurisdiction. The key for CISOs is understanding which framework the audit function uses and ensuring the security programme’s documentation and metrics align with that framework’s control structure.
Related reading: For governance and risk management frameworks, download the CISO Toolkit or visit the Cyber Resilience Hub for enterprise governance templates.