• Register
Return to: Home > News > Professional Bodies > KPMG: Cybersecurity is the biggest internal audit risk in 2017

KPMG: Cybersecurity is the biggest internal audit risk in 2017

The focus for internal auditors should be on cybersecurity, according to the report; KPMG Internal Audit; Top 10 Considerations for 2017.

KPMG investigated companies in different sectors and analysed the results from more than 400 respondents on internal audit issues for 2017.

The top ten 2017 internal audit concerns according to KPMG’s report are:

1.            Cybersecurity

2.            Culture / soft controls

3.            Integrated assurance

4.            Regulatory Compliance

5.            Third party relationships

6.            Anti-bribery / anti-corruption

7.            Emerging technologies

8.            Data analytics and continuous auditing

9.            Performance risk

10.          Strategic alignment

The increasing expertise of hackers is pointed out in the report, on how they can penetrate the system, including through connections with suppliers and technology partners.

A representative from the Institute of Chartered Accountants in England and Wales’ (ICAEW’s) IT facility told The Accountant: “Cyber security continues to be high on the agendas of all organisations. They are facing more sophisticated and organised attackers, who continue to exploit weakness in organisations, especially people, to gain access to systems and sensitive data. Integrated supply chains and pressure to innovate with new technologies add to the risks.”

The drivers of cybersecurity include minimising the costly consequences of data breaches such as investigations, legal fines, coverage of customer losses, and potential loss of customers and business. Consequences can be minimised through averting reputational damage to the organization, avoiding non-compliance with regulatory requirements, and preventing loss of intellectual property or capital.

There are also two other major concerns for internal audit; corporate culture and so-called soft controls. This refers to problems caused by incorrect employee behaviour and the lack of an effective system that can respond to associated business risks.

An Association of Chartered Certified Accountants (ACCA) spokesperson told The Accountant: “Audit’s value – internal and external – comes from the benefit it brings by helping businesses to be more effective in identifying areas of risk, poor controls and inefficiencies. Internal auditors are increasingly becoming the business’ eyes and ears to report fraud, bribery and money laundering activities, many of which now happen in the cyber world. Internal audit also needs to be aware of the balance between security and utility.”

The representative from ICAEW’s IT facility added: “International organisations specifically have to comply with multiple regulations around cyber security and privacy. Ticking a box to say the board has discussed cyber risk is not enough. For accountancy firms, cyber risks continue to be both a threat and an opportunity. They have to manage their own risks carefully to maintain client trust, as well as advise clients showing leadership in this area.”

"The consequences of security holes can be disastrous, because the core function and reputation of a company may be affected." said a KPMG representative.

The ACCA spokesperson continued: “KPMG’s report is a must-read for the profession, and not just for internal auditors. It highlights the issues we all face in the digital 24/7 world, where cybersecurity is a cause of concern for all in a business and not just the internal audit function.”

KPMG’s full report - KPMG Internal Audit; Top 10 Considerations for 2017 - can be found here:

Top Content

    Accountancy Europe: the winner takes it all

    Jonathan Minter spoke to Olivier Boutellis-Taft, chief executive officer at Accountancy Europe, about how technology could change the industry, and how training needs to keep up to enable the profession to develop

    read more

    Embracing global technology trends

    Accountancy Europe’s Digital Day 2018 found the European accounting profession looking to tackle the challenges presented by new technologies head on. Jonathan Minter reports from the day

    read more

    IMA Conference: automation of the audit

    At the annual conference of the Institute of Management Accountants (IMA) in Indianapolis, Deloitte partner Alex Smith gave a presentation on digital transformation in the profession. Joe Pickard spoke to Smith following the presentation to find out more about his views on the future of audit

    read more

    IMA Conference: technology and the human effect

    The annual conference of the Institute of Management Accountants (IMA) took place in Indianapolis this year. Members of the profession gathered to hear the latest from the institute and other market players, covering some of the challenges and opportunities the profession faces.

    read more

    The Caribbean: a digital paradise

    The ICAC hosted its 36th annual conference in June this year – very much looking to the future following a tough 2017 for the Caribbean. Jonathan Minter spoke with chief executive officer Misha Lobban Clarke

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.