Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorNewsBreadcrumb SeparatorBlog: What Happens When Internal Audit Is Ignored? Ask Atlanta

Read Richard Chambers' Latest Blog
What Happens When Internal Audit Is Ignored? Ask Atlanta

In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:

Last summer, internal auditors for the city of Atlanta warned officials that their IT systems could be easily compromised if they weren't fixed immediately. The audit report minced no words, calling out the lack of resources (tools and people) available to address the "thousands of vulnerabilities" and characterizing the situation as a "significant level of preventable risk exposure," according to media reports.

The city apparently began to implement certain security measures, but it was a classic case of too little, too late. A ransomware attack — essentially digital extortion — crippled the city's computer network and took many departments nearly into the dark ages of pen and paper. The breach even shut down Wi-Fi service at Atlanta international Airport. Fortunately, critical services such as those supporting emergency responders (and flights at the nation's busiest airport) were not affected.

Read the full InternalAuditor.org blog post from IIA President and CEO Richard Chambers.