Conducting auditing and monitoring activities

The auditing of security relevant events and the monitoring and tracking of system abnormalities are key elements in the after-the-fact detection of, and recovery from, security breaches. CPO shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Internal audit functions as they address issues within their health-care organizations, and develop guidance and reference materials on key aspects of health care auditing and monitoring processes.

Source :