Cyber Security

There is a common joke among physicists that fusion energy is 30 years away … and always will be. You could say something similar about artificial intelligence (AI) and robots taking all our jobs. The risks of AI and robotics have been expressed vividly in science fiction by the likes of Isaac Asimov as far back as 1942 and in news articles and industry reports pretty much every year since. “The machines are coming to take your jobs!” they proclaim. And yet, all of us here at Audit International still head to the office or log in from home each weekday morning.
The reality is less striking but potentially just as worrying. Most people expect that one day some sort of machine will be built that will instantly know how to do a certain job—including internal auditing—and then those jobs will be gone forever. More likely, is that AI and smart systems start to permeate into everyday tasks that we perform at work and become critical parts of the business processes our units and companies conduct. (Indeed, many professions and industries have already been greatly disrupted by AI and robotics.)
Technology companies have been so successful over the last 30 years because of the common mantra of “move fast and break things.” And that was maybe just about acceptable when it meant you could connect online to your friend from high school and find out what they had for breakfast or search through the World Wide Web for exactly the right cat meme with a well-crafted string of words.
When the consequences now might mean entrenching biases in Human Resources processes, or mass automated biometric surveillance, not to mention simply not even understanding what a system is doing (so called ‘black boxes’), the levels of oversight and risk management need to be much higher.
The Regulatory Environment :
There is some existing regulation which covers aspects of this brave new world. For example, in the European Union, article 22 of the General Data Protection Regulation (GDPR) on automated individual decision-making, provides protection against an algorithm being solely responsible for something like deciding whether a customer is eligible for a loan or mortgage. However, the next big thing coming to a company near EU is the AI Act.
The proposal aims to make the rules governing the use of AI consistent across the EU. The current wording is written in the style of the GDPR with prescriptive requirements, extraterritorial reach, a risk-based approach, and heavy penalties for infringements. With the objective of bringing about a “Brussels effect,” where regulation in the EU influences the rest of the world.
Other western jurisdictions are taking a lighter touch than the EU, with the United Kingdom working on a “pro-innovation approach to regulating AI,” and the United States’ recent “Blueprint for an AI Bill of Rights” moving towards a non-binding framework. Both have principles which closely match the proposed legal obligations within the AI Act, hinting at the impact the regulation is already having.
Much of the draft regulation is still being discussed, with a final wording soon to be agreed. There are disagreements across industries and countries on whether some of the text goes far enough or goes too far. For example, whether the definition of “AI” should be narrowed, as the current wording could encompass simple rules-based decision-making tools (or even potentially Excel macros) or even expanded to greater capture so-called “general purpose AI.” These are large models which can be used for various different tasks and therefore, applying the prescriptive requirements and risk-based approach of the AI Act can become complex and laborious.
The uncertainty over the final wording has given companies an excuse to not make first moves to prepare for the changes. Anyone who remembers the mad rush to become compliant with the GDPR will remember the pain of leaving these things to the last minute. The potential fines, which may be as high as 6 percent of annual revenue depending on the final wording, could be crippling and have a cascade effect on a company’s going-concern.
What Can Internal Auditors Do?
As internal audit professionals we can start the conversation with the business and other risk and compliance departments to shine the light on the risks and upcoming regulations which they may be unaware of. It is our objective to provide assurance but also add value to the company and this can be done through our unique ability to understand risks, the business, and provide horizon scanning activities.
Performing internal audit advisory or assurance work, depending on the AI risk maturity level at the organization, can highlight the good practice risk management steps that can be taken early to help when the regulation is finalized. These steps could include:
1) Identify AI in Use: To be able to appropriately manage AI risks throughout their lifecycle stakeholders need to be able to identify systems and processes which make use of them. Agreeing on a definition of AI and developing a process to identify where it is in use is the first step. This would include whether it is being developed in-house, is already in use through existing tools or services, or acquired through the procurement process.
2) Inventory: Developing an inventory which includes information such as the intended purpose, data sources used, design specifications, and assumptions on how and what monitoring will be performed is a good starting point and can be added to, based on your company’s unique characteristics and any specific legal requirements that are implemented in the future.
3) Risk Assessments: Since a key aspect of the AI Act is it being “risk-based,” it is important to have a risk assessment process to ensure you take the necessary steps as required in the regulation, based on the type of AI used. For example, what level of robustness, explainability, and user documentation is necessary based on the risk tier provided. It is also important to consider the business and technology risks of using the AI. For example, machine learning using neural networks requires large training datasets, which can raise issues of data protection and security, but may also perpetuate biases that are contained in the datasets. Suitable experts and stakeholders should be involved in the development and assessment of the risk assessment process.
4) Communications: One area that is often forgotten is communication. It is all well and good having a policy or a framework written down but if it isn’t known and understood by the relevant stakeholders it’s worth less than the paper it’s printed on. Involving key stakeholders during the development of your AI risk management processes can help develop a diverse platform of champions throughout the business who can act as enablers as the requirements are communicated and regulation finalized.
5) On-going monitoring: Risk management is not a one-off exercise and this is no exception. Use cases, technology, and the threat landscape change over time and it is important to include a process for on-going monitoring of AI and the associated risks.
The machines may not be coming to take our jobs just yet, but the risks are already here and so are the opportunities to get ahead. There may be a long and winding road in front, as we all prepare for a world where AI is commonplace and new regulations and standards try to shape its use, but each journey starts with a step and it’s never too early to get going.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The world of internal audit continues to advance. In recent years, audit teams have increasingly used data analytics and cloud technologies to increase efficiency and improve assurance. Now, emerging technologies like AI and robotic process automation (RPA) are further making their way into internal audit. Audit International take a look at what effect this will have on Internal Audit and Financial Services in the future.
It’s still early days, but the trend toward automation is clear. In fact, when asked about emerging technology, 20% participants of a recent audit teams survey said they’re already using RPA. In addition to that, 12% said they’re using AI, 3% said they’re using blockchain, and 15% said they’re using more than one type of emerging tech.
These technologies, particularly RPA, have the potential to enhance audit quality. For example, RPA can enable internal audit teams to spend more time collaborating with other departments and sharing results with boards, rather than getting bogged down in repetitive, less strategic tasks.
And in data-centric industries like financial services, these technologies can make a particularly large impact, as we’ll examine in this article.
What is RPA?
Physical robotics can perform motions that automate repetitive tasks, like putting a cap on a bottle or moving a box from one place to another. Similarly, RPA automates repetitive tasks, but the difference is that RPA is centered around software, not hardware.
“Robotic process automation (RPA), also known as software robotics, uses automation technologies to mimic back-office tasks of human workers, such as extracting data, filling in forms, moving files, et cetera. It combines APIs and user interface (UI) interactions to integrate and perform repetitive tasks between enterprise and productivity applications,” explains IBM.
What does RPA mean for internal audit?
One way that RPA can be used for internal audit is to make data-related tasks more efficient.
“If we cut to the chase, the job is straightforward: we download data, analyze it, and use it to discuss processes and controls…The issue is that we waste a lot of time obtaining and formatting data for each audit—the same tables and charts repeatedly,” writes Jean-Marie Bequevor, Expert Practice Leader Internal Audit at consultancy TriFinance, in an article for Internal Audit 360°.
RPA can also help to automate periodic reporting. If you know certain information is needed in every report, then an RPA program could potentially be set up to obtain and fill that information.
That said, RPA can also carry risk, both in terms of the use of RPA in audit programs and the use of RPA across other departments. Internal auditors need to consider RPA internal controls to make sure that RPA is being used appropriately. You wouldn’t want to end up with a misprogrammed bot that creates errors or security holes.
What does RPA mean for financial services?
In addition to being used for auditing, RPA can also play a role in corporate finance and the financial services industry more broadly.
Finance professionals — ranging from corporate treasurers to wealth managers to mortgage lenders — deal with large quantities of data. With RPA, financial services professionals can automate data-related processes like data collection, data cleansing, and analysis.
For example, an investment analyst might use RPA to improve their research process. Instead of manually creating and assembling a clean spreadsheet full of financial data, an RPA tool could automate that, freeing up time for the analyst to engage in more complex, nuanced tasks.
RPA in financial services can also help when it comes to client service and marketing tasks. For example, banks could automate activities like identifying customers that are a good fit for credit card offers or loan products. Rather than sending out these offers to all customers or manually reviewing every client file, an RPA program could be set up to compile a list of customers that meet certain criteria.
These are just a few of the many ways that RPA can be used in financial services and internal audit in general. A repetitive, data-oriented business process tends to be a good candidate for RPA. Many of these types of tasks exist in the financial services industry in areas ranging from compliance to customer onboarding.
With automation, financial services firms can free up time and focus on higher-value work, like building customer relationships and identifying new revenue opportunities. Meanwhile, internal audit professionals can use RPA to efficiently provide assurance.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Any company operating successfully in this day and age, no matter its capacity, needs to effectively leverage its technology systems and make effective use of data. It is inevitable now that if a company wants to progress it must make a significant investment in technology. While these technology investments and innovations are required, it comes at a cost. This increased dependence on IT by extension increases the level of technological risk that an organisation faces, which has the knock-on effect of therefore increasing the relevance of IT audit.
The necessity of conducting IT audits within an organisation comes from its role in supporting effective risk management, particularly with regards those risks posed by weak cyber security measures. Data breaches and cyber-crime have escalated in response to the world’s digitalisation, an issue not limited to the financial services industry as world leading sports technology brand, Garmin, became one of the most recent victims of hacking. Thus proving that businesses large and small are equally vulnerable to attack.
The need for a strong IT audit function, while critical to the way businesses are now utilising technology to better navigate the market, also affects the way they relate to their staff. Since our daily lives are greatly integrated into our devices, that coupled with existing technological advancements, and the current professional climate means that businesses have been forced to interact with their employees very differently. Numerous processes have been digitalised, from annual leave forms to team meetings, paper and people have been replaced with electronic alternatives. Thus as the adoption of technology adoption increases, we see a knock-on effect of introducing risk into the environment.
IT audits focus on the gamut of risks associated with a business, identifying and evaluating them with a view to implementing the proper controls needed to action them in the best way. In helping an organisation understand the potential risks it faces, IT audit gives an organisation a clear strategy on how to action those risks, whether they can be eliminated, mitigated or tempered by the use of proper controls.
The IT auditors are there to guide the ‘implementers’ of the organisation through the resulting internal and external changes effected by the increasingly technologically-driven working environment. Many companies have struggled to adjust to the changes, falling short of successful strategic execution on the big money-making projects. This is where IT audit has proven its relevance as being that objective voice in the room to play devil’s advocate and advise on where those people implementing the changes may need to refocus their attention.
Applying regular and thorough IT audits keeps the relevant systems in check by raising potential security risks and actioning any solutions. Looking at the areas of company performance, business resilience in the face of crisis planning, compliance with existing and emerging standards and regulations, and financial health; the IT audit function exists to weed out any inaccuracies or inefficiencies within both the organisation’s management and the way it’s conducting itself as a business.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The podcast has rapidly become the go-to media for anyone and everyone seeking thought leadership, guidance, advice, or entertainment, especially in a particular niche with particular audience demands.
While far from a flash-in-the-pan trend, podcasts are tapping into what makes radio so timeless – they are familiar, routine, mobile-based and mostly non-committal (compared to TV shows), increasingly well-produced and incredibly varied in content provision and direction.
The state of podcasting in 2022
Podcasting is a rapidly growing, and increasingly lucrative, creative medium for creators and advertisers:
• “In 2021, there (were) 850,000 active podcasts, with over 48 million total episodes”.
• “Each week, more Americans listen to podcasts than have Netflix accounts”.
• “Podcast ad revenue is expected to grow to $1.33 billion in 2022”.
It’s also worth noting why people listen to podcasts, and this is where podcasting really comes into its own:
• “74% of all listeners tune in to learn new things. Other common reasons include entertainment (71%), staying up-to-date with the latest topics (60%), and relaxing (51%)”.
So rather than escaping into stories (which is increasingly the reason why audiobooks are on the rise), or listening to light-hearted comedy to relax at the end of the day (comedy still stands as the most popular podcast genre), learning is the primary reason why people listen to podcasts.
Finance podcasting and the future of the medium
The Finance sector has had a proliferation of podcasts erupt over the few years – content is varied, informative and incredibly useful, and the nature of podcasting means creators can approach the topic of “finance” from a variety of angles; from money management to investment advice, industry news to crypto-tips.
The team at Audit International are real fans of a podcast, so below are our top 10 finance podcasts we absolutely urge anyone in the industry to listen to!
• Invest like the Best
“Exploring the ideas, methods, and stories of people that will help you better invest your time and money”.
A popular and varied podcast covering everything from design investment products to interviews with leading financiers, start-up accelerators and figures within finance, investment and money management.
• Inside the Strategy Room
“We talk with McKinsey partners and corporate executives on the challenges they face creating lasting strategies in a fast-changing world. We also examine the different ways these executives approach these challenges and the new and innovative ways they think of creating a vision for their enterprises”.
While more strategic in approach, this McKinsey-sponsored podcast covers business and finance leadership via CEO interviews and thought leadership.
• We Study Billionaires
“We interview and study famous financial billionaires including Warren Buffett, Ray Dalio, and Howard Marks, and teach you what we learn and how you can apply their investment strategies in the stock market”.
With over 85 million downloads, this is a huge podcast for obvious reasons – an easy audio mind-tap into the richest and most successful finance people in the world.
• So Money with Farnoosh Torabi
“So Money brings inspiring money strategies and stories straight from today’s financial leaders, bestselling authors and entrepreneurs”.
One of the top-rated US finance podcasts in the podcast ecosphere, covering everything from childcare affordability to investing in a bear market.
• Money For the Rest of Us
“A personal finance and investing podcast on money, how it works, how to invest it and how to live without worrying about it”.
From debunking what money means to advice on money management and views on global investment vehicles, a great and varied finance podcast.
• Women & Money
“Take a priceless journey into your life and the life of your money with the most recognised personal finance expert in the world today”.
Suze Orman is one of the world’s most recognisable personal finance gurus, and her podcast covers everything from bond management to thought leadership on wealth creation.
• Optimal Finance Daily
“Why bother searching for the best blogs about personal finance when they can be found and read for you?”.
1900 10-minute quick-fire episodes on personal finance, covering how to get insurance to living more frugally and lifestyle changes to being better with money.
• CNBC’s “Fast Money”
“Hosted by Melissa Lee and a roundtable of top traders, “Fast Money” breaks through the noise of the day, to deliver the actionable news that matters most to investors”.
Global finance news from one of the most well-respected finance news desks in the USA. Actionable intel, up-to-date news and reporting on leading finance leadership.
• Count Me In®
“IMA® (Institute of Management Accountants) brings you the latest perspectives and learnings on all things affecting the accounting and finance world, as told by the experts working in the field and the thought leaders shaping the profession”.
A detailed and investigative look at the mechanisations and movements of finance, as told by experts and relayed by leaders in the field.
• The Better Finance Podcast
“The EY Better Finance Podcast explores the changing dynamics of the business world and what it means for finance leaders of today and tomorrow”.
From ESG reporting within finance to data analytics and more, the EY Better Finance podcast is one of the most up-and-coming popular podcasts within the finance sector.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we have always been on the lookout for clever ways to describe internal audit’s role in an organization.
Elevator speeches are fine when you have 60 seconds to describe the value your profession brings to an uninformed bystander. However, an elevator speech doesn’t hold a candle to a well-crafted sound bite that will leave a lasting impression.
One of our favorites used to be “internal audit is the brakes that allows the organization to drive faster.” The reasoning behind this analogy is that brakes are a critical component in a vehicle. To be sure, they are used to prohibit a vehicle from moving. But more importantly, brakes are crucial to maintaining control of a vehicle. Of course, well-resourced, independent internal audit functions add little value if they impede an organization’s ability to take risks and achieve results. But they add value when, like brakes on a car, they empower management and the board with information to slow down or stop if critical risks lie ahead.
Over the years, Audit International have come to view the “internal audit-as-brakes” analogy to be a bit outdated. It envisions internal audit as being primarily control-focused. Today, internal audit provides much greater value than merely a set of brakes. After all, a vehicle with an outstanding braking system can still end up in the wrong place. Brakes are great for stopping or slowing down. However, they do little to help change course. Internal audit in the 2020’s must be help create – not just protect value!
We believe a more powerful analogy is that internal audit is a critical component of an organization’s navigation system. Consider the value of a modern navigation system. Once the departing and arriving locations are entered, a navigation system provides timely and crucial feedback on the progress of the journey. The friendly voice provides turn-by-turn advice on reaching the destination. It recognizes when a turn has been missed, and quickly alerts the driver to “make a legal U-turn.” It can be programmed to recommend routes that are faster, less congested, or avoid tolls. Some alert the driver when the speed limit is being exceeded, or the vehicle is being taken on unsafe roads.
Much like the navigation system in a vehicle, internal audit shows its powerful value by:
• Providing assurance that the organization is progressing on the course charted by management and the board.
• Providing recommended corrective actions when the organization is off course (please make a legal U-turn).
• Identifying risks in advance (much like a navigation system warns of an accident or road congestion ahead).
• Alerting management and the board of compliance risks/failures (think excessive speed).
• Providing assurance that the organization has “arrived at its destination.”
To succeed, organizations in the 21st century must manage risks – both internal and external, whether related to finance, operations, strategy, technology, regulations, or reputation. While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. In the past five years, we’ve faced the most extraordinary global pandemic in more than a century, more global financial turmoil, cybersecurity breaches that even target our infrastructure, corporate failures, and more. In the immediate future, we are facing the prospect of severe supply chain disruptions, inflationary pressures not seen in 40 years, and likely more nasty surprises from COVID-19. Relying on a good braking system will be inadequate to navigate the hills and valleys that lie ahead. Instead, organizations need strong navigation systems with well-resourced and independent internal audit functions fully integrated to succeed.
Granted, Audit Internationals updated analogy may be oversimplified. Strong internal audit functions add value in a multitude of ways, and we are never more critical that management and the board in navigating risks that our organizations face. However, I find it is useful to think through analogies such as this one so that I can better articulate internal audit’s role in ways that everyone can understand.
We welcome your thoughts.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”
One of the biggest issues every successful company face in today’s business world is the prevention of fraudulent activities committed by employees. Over a decade ago the Sarbanes-Oxley Act (SOX) Compliance was introduced which requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. However with increasing new technologies is this enough to protect companies in 2017?
In a recent study conducted by one of the Big4- on average global companies lost over 5% of revenue to fraudulent actions- the majority of this done by current employees. The reason for this was due to lack of internal controls and no risk management in place. Furthermore the cost to strengthen such internal controls is a considerable investment whether it be in hiring new staff such as internal auditors or specialist fraud and forensic audit professionals. However the cost of such professionals is far less than the loss of earnings suffered by companies due to fraudulent activities conducted by employees.
Companies must also face the costly burden of implementing new software such as Governance Risk and Compliance packages. Combine this with the cost of hiring new talent in the IT Audit arena to process, analyse test and review these controls.
Using new technologies such as the cloud has allowed companies to analyse risk management procedures which look for unusual patterns such as access frequencies, duplicate payments, and splitting invoices
These cloud tools automate controls that uncover these types of preventable risks, but they can also help companies develop a road-map for identifying strategic risks.
It is vital that organisations continue to develop their internal controls, invest in technology and most importantly specialized fraud and forensic audit professionals to mitigate the increasing number of preventable risks which untimely leads to higher profit margins.
How an Internal Audit function will battle cyber security issues for your company WHEN it happens in 2017?
It is no longer a question queried in a boardroom by senior management of multinationals companies. Could we be hacked? It is now an inevitable occasion of when will we be hacked and how can we combat this data breach? Given the possible exposure and risk to a company’s valuable assets and information there is a duty for the board of directors to be adequately prepared for this occasion. How can they prepare for this? One major tool available to them is an internal audit team. Internal auditing is indispensable for helping companies manage cybersecurity threats and preventative programs. Here are some suggestions on how best to prepare.
1- Ensure your audit function is adequately prepared with talent, resources and budget.
It may be the responsibility for your HR department to ensure that you have hired the “IT Audit Dream Team”. Do not hinder this by not approving budgets for hire. In the long term this will cost your company more in time and in finances. Using specialised external executive search firms such as Audit International ensure you find the right skill and industry-specific experience to best facilitate your company as this is often challenging, Therefore management should prepare their companies to prioritize developing, training, and adequately hiring resources to the internal audit team.
2- Keep communication open with your Internal Audit Team
There is vital importance of engagement between the internal audit team and the business it serves. In order to comprehend where the cyber risks are coming from, you have to appreciate how the business works. This would include assessing firewalls, networks and apps, but also understanding the company’s processes and how it interacts with customers and sellers. Cyber security risks are moving targets. Most of the exposure lies in a company’s human element. You should ensure your internal audit teams are given a clear and thorough understanding of business operations. The only way this can really happen to keep an on-going rotation of internal audit staff into the business into various functions and units. This serves multiple purposes; it ensures retention of valuable talent in the company as they are then satisfied with their own personal career progression. It is a well-known fact in the recruitment space this is one of the key drivers for auditors to leave their role which in turn ends up costing the company time and resources to replace, train and hire new audit talent. Secondly it gives your auditors a better well rounded view of the company and thus can add more value and stay in tune with the company.
3- Ensure coordination between functions- IT and Internal Audit
Another integral part of this issue is the level of coordination between the internal audit team and other key functions and this is critical to the success of tackling your cyber issues and risks. You must ensure that your internal audit teams should be given access to other members of the IT Audit team. This can include the chief information officer and chief information security officer, as well as human resources, supply procurement, and business leaders. Coordination can make or break any important undertaking — and cybersecurity is no exception.
4- Where to start and what questions to ask first?
Below is a suggestion of where your audit committee can begin and what issues need to be addressed first.
• Currently it is important to ask, what interaction and coordination does the internal audit team have with other corporate functions (e.g., information technology, information security, operations, supply chain, human resources, etc.) related to cybersecurity matters?
• What skill sets does your internal audit team have that are related to information security? Cybersecurity? How do team members keep their skills current? How do you retain team members? Do you need to hire further talent to support them?
• Does the company perform internal and/or external system penetration testing? Are the tests announced or unannounced? What role, if any, does the internal audit team play? Is there open communication between all your functions to facilitate this?
• What types of prevention, detection, and reaction/response testing does the internal audit team perform in the threat and vulnerability management life cycle? Again do you have sufficient in-house talent to tackle all these problems? Are you supporting your team enough to support this in terms of team resources and talent?
• What role, if any, does the internal audit team play during a breach? Regular meetings and coordination could play an integral part in highlighting how these functions can support each other if a breach occurs which may then lead to quicker resolution of the problem.
• What role, if any, does the internal audit team play after a breach has occurred?
• Who performs cyber-related investigations within the organization?- Do you outsource this responsibility and if so would it be worth hiring an in-house function to address these issues.