Internal auditors have been advised to adopt and implement the necessary measures to audit IT systems as part of their organization’s cybersecurity measures.
This was said by the Head of National Cyber Security Centre (NCSC), Dr. Albert Antwi-Boasiako, in a presentation at the Ghana 2021 Annual National Internal Audit and Governance Conference on June 9, 2021, held virtually in Accra.
Dr. Antwi-Boasiako stressed that, in view of the current digitalization of business processes, auditors need to develop the necessary competencies to conduct system-based audits as part of internal audit functions. He also urged institutions to have procedures in place to examine the Information Technology (IT) systems are secured.
He added that they should also ensure that consultants they work with have not only the necessary skills but also integrity to protect their IT systems. This advice was necessitated in view of reported cybersecurity incidents involving insiders and external consultants.
The Head of the NCSC further informed participants that the state is the enabler of cybersecurity development in taking the necessary measures to ensure the safety of Ghana’s cyber ecosystem.
He mentioned the institutionalization of cybersecurity, the development, and adoption of a National Cybersecurity Policy and Strategy & the passage of the cybersecurity Act, 2020 (Act 1038) as the enabling pillars to improve the cybersecurity readiness of the country.
According to the World Economic Forum, Global Risks Report 2020, cybercrime is expected to reach US$ 6 trillion in 2021. Dr. Antwi-Boasiako raised concerns about the impact of a potential attack on the global IT supply chain on Ghana especially regarding critical information infrastructures in the banking, telecommunication, energy, and health sectors.
ALSO READ: Promotion and Protecting Internet Freedom
Commenting on efforts to ensure cybersecurity in the country, he said Ghana has enacted the necessary legislation in the form of the cybersecurity Act 2020, Act 1038, which will establish the cybersecurity Authority, regulate cybersecurity activities, and promote the development of cybersecurity in the country.