Grant Thornton: Internal Audit & Quantum Computing Risks: Preparing for the Future

The advent of quantum computing brings unprecedented opportunities and risks. As we enter the "year of harvesting," where adversaries may store encrypted data now to decrypt later with quantum computers, organizations must focus on quantum resilience. Preparing now to respond to this shift can protect financial stability, ensure compliance, and safeguard reputation. In this critical landscape of evolving quantum computing risks and regulatory demands to be resilient, the role of internal audit takes center stage. As part of a layered defense approach, Internal Audit can serve as the guardian of an organization’s resilience against these risks.

 

Join us on March 26th as we discuss how internal audit can assess and inform the audit committee and the board on the adequacy of your organization's quantum resiliency processes and controls.

 

The discussion will cover:

• What quantum computing is, how it impacts organizations today, and how to prepare for the risks of the future.
• Preparing for the quantum shift towards post-quantum cryptography (PQC) as a crucial mitigation strategy and what auditors need to know.
• Leading practices internal auditors can consider in their audit plans to evaluate their organization's quantum resiliency against decryption risks.
• How internal auditors can tailor existing audit plans to align with quantum resilient audit process using specifically designed risk-based control frameworks.
• Leveraging security tools with technical testing to improve quantum resilience.
• Tools internal audit can use to determine the effectiveness of management’s corrective action plans in the event of a quantum-related security incident/data decryption.

Learning objectives

• Describe how to adapt and respond to evolving regulatory requirements and emerging quantum risks.
• Identify risk mitigation strategies to manage quantum-related operational risks and build quantum resilience.
• Define Internal Audit's role in assessing cryptographic inventory and planning the transition to post-quantum cryptography (PQC).
• Recognize industry audit trends in evaluating an organization's quantum readiness and resilience against quantum threats.
• Identify leading practices and considerations to improve resilience against quantum computing risks, including third-party risk management and data protection policies.