Internal Control Policy Requires Annual and Periodic Cybersecurity Training
The updated Internal Controls Policy requires departments to confirm that employees complete both annual and periodic information system cybersecurity awareness training. As cyber threats grow more sophisticated, employees are increasingly targeted. Regular reminders help keep staff vigilant, reducing the risk, disruption, and costs associated with fraud attempts.
Departments have many options for integrating periodic cybersecurity awareness reminders into daily operations. These options include phishing tests, email notices, posts on employee portals or newsletters, and reminders in routine staff meetings. CTR also offers free cybersecurity awareness training content on CTR Cyber that can be used for refreshers.
As part of the annual Internal Control Certification (ICC) process, department heads must confirm that CTR’s guidance on payments is actively used in daily operations. This includes memos, policies, job aids, and training posted on PowerDMS. Department procedures should also document how both annual and periodic information security training are incorporated into internal controls and daily practices.
Action Steps
- Update your written system of internal controls to include both periodic cybersecurity awareness refreshers and reminders.
- Maintain clear records of how and when periodic refreshers and reminders are implemented, to support audit readiness.
- Monitor the CTR Weekly Update [MAGNet or Commonwealth-issued VPN required] and CTR Compliance Corner for new cybersecurity tips to incorporate into your periodic refreshers and reminders.
Your Internal Control Officer (ICO) should review the department’s written system of internal controls to ensure it is current and supports these training compliance requirements. The ICO can help verify that the department head is accurately certifying compliance in the annual ICC.
Bookmark our CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe on your mission.