• Register
Return to: Home > News > Professional Bodies > KPMG: Cybersecurity is the biggest internal audit risk in 2017

KPMG: Cybersecurity is the biggest internal audit risk in 2017

The focus for internal auditors should be on cybersecurity, according to the report; KPMG Internal Audit; Top 10 Considerations for 2017.

KPMG investigated companies in different sectors and analysed the results from more than 400 respondents on internal audit issues for 2017.

The top ten 2017 internal audit concerns according to KPMG’s report are:

1.            Cybersecurity

2.            Culture / soft controls

3.            Integrated assurance

4.            Regulatory Compliance

5.            Third party relationships

6.            Anti-bribery / anti-corruption

7.            Emerging technologies

8.            Data analytics and continuous auditing

9.            Performance risk

10.          Strategic alignment

The increasing expertise of hackers is pointed out in the report, on how they can penetrate the system, including through connections with suppliers and technology partners.

A representative from the Institute of Chartered Accountants in England and Wales’ (ICAEW’s) IT facility told The Accountant: “Cyber security continues to be high on the agendas of all organisations. They are facing more sophisticated and organised attackers, who continue to exploit weakness in organisations, especially people, to gain access to systems and sensitive data. Integrated supply chains and pressure to innovate with new technologies add to the risks.”

The drivers of cybersecurity include minimising the costly consequences of data breaches such as investigations, legal fines, coverage of customer losses, and potential loss of customers and business. Consequences can be minimised through averting reputational damage to the organization, avoiding non-compliance with regulatory requirements, and preventing loss of intellectual property or capital.

There are also two other major concerns for internal audit; corporate culture and so-called soft controls. This refers to problems caused by incorrect employee behaviour and the lack of an effective system that can respond to associated business risks.

An Association of Chartered Certified Accountants (ACCA) spokesperson told The Accountant: “Audit’s value – internal and external – comes from the benefit it brings by helping businesses to be more effective in identifying areas of risk, poor controls and inefficiencies. Internal auditors are increasingly becoming the business’ eyes and ears to report fraud, bribery and money laundering activities, many of which now happen in the cyber world. Internal audit also needs to be aware of the balance between security and utility.”

The representative from ICAEW’s IT facility added: “International organisations specifically have to comply with multiple regulations around cyber security and privacy. Ticking a box to say the board has discussed cyber risk is not enough. For accountancy firms, cyber risks continue to be both a threat and an opportunity. They have to manage their own risks carefully to maintain client trust, as well as advise clients showing leadership in this area.”

"The consequences of security holes can be disastrous, because the core function and reputation of a company may be affected." said a KPMG representative.

The ACCA spokesperson continued: “KPMG’s report is a must-read for the profession, and not just for internal auditors. It highlights the issues we all face in the digital 24/7 world, where cybersecurity is a cause of concern for all in a business and not just the internal audit function.”

KPMG’s full report - KPMG Internal Audit; Top 10 Considerations for 2017 - can be found here:

Top Content

    2018 Digital Accountancy forum and awards: Digital transformation

    The Accountant presents highlights from The Digital Accountancy Forum & Awards 2018 panel discussions

    read more

    2018 Digital Accountancy Forum and Awards: Tech deep dive

    The second panel session of the day saw experts discuss how new technologies should not just be seen as a threat, and could be used to improve accounting.

    read more

    Digital Accountancy Forum and Awards: The power of data

    The third panel discussion of the day saw panellists discuss some of the worries their clients have had, how to overcome them, and how data and technology are providing real business opportunities.

    read more

    Digital Accountancy Forum and Awards: The next generation

    With young people more mobile, and technology changing the industry rapidly, the final panel session of the Digital Accountancy Forum looked at how firms would need to adapt to the new reality

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.