• Register
Return to: Home > News > Standards > KPMG: Cybersecurity is the biggest internal audit risk in 2017

KPMG: Cybersecurity is the biggest internal audit risk in 2017

The focus for internal auditors should be on cybersecurity, according to the report; KPMG Internal Audit; Top 10 Considerations for 2017.

KPMG investigated companies in different sectors and analysed the results from more than 400 respondents on internal audit issues for 2017.

The top ten 2017 internal audit concerns according to KPMG’s report are:

1.            Cybersecurity

2.            Culture / soft controls

3.            Integrated assurance

4.            Regulatory Compliance

5.            Third party relationships

6.            Anti-bribery / anti-corruption

7.            Emerging technologies

8.            Data analytics and continuous auditing

9.            Performance risk

10.          Strategic alignment

The increasing expertise of hackers is pointed out in the report, on how they can penetrate the system, including through connections with suppliers and technology partners.

A representative from the Institute of Chartered Accountants in England and Wales’ (ICAEW’s) IT facility told The Accountant: “Cyber security continues to be high on the agendas of all organisations. They are facing more sophisticated and organised attackers, who continue to exploit weakness in organisations, especially people, to gain access to systems and sensitive data. Integrated supply chains and pressure to innovate with new technologies add to the risks.”

The drivers of cybersecurity include minimising the costly consequences of data breaches such as investigations, legal fines, coverage of customer losses, and potential loss of customers and business. Consequences can be minimised through averting reputational damage to the organization, avoiding non-compliance with regulatory requirements, and preventing loss of intellectual property or capital.

There are also two other major concerns for internal audit; corporate culture and so-called soft controls. This refers to problems caused by incorrect employee behaviour and the lack of an effective system that can respond to associated business risks.

An Association of Chartered Certified Accountants (ACCA) spokesperson told The Accountant: “Audit’s value – internal and external – comes from the benefit it brings by helping businesses to be more effective in identifying areas of risk, poor controls and inefficiencies. Internal auditors are increasingly becoming the business’ eyes and ears to report fraud, bribery and money laundering activities, many of which now happen in the cyber world. Internal audit also needs to be aware of the balance between security and utility.”

The representative from ICAEW’s IT facility added: “International organisations specifically have to comply with multiple regulations around cyber security and privacy. Ticking a box to say the board has discussed cyber risk is not enough. For accountancy firms, cyber risks continue to be both a threat and an opportunity. They have to manage their own risks carefully to maintain client trust, as well as advise clients showing leadership in this area.”

"The consequences of security holes can be disastrous, because the core function and reputation of a company may be affected." said a KPMG representative.

The ACCA spokesperson continued: “KPMG’s report is a must-read for the profession, and not just for internal auditors. It highlights the issues we all face in the digital 24/7 world, where cybersecurity is a cause of concern for all in a business and not just the internal audit function.”

KPMG’s full report - KPMG Internal Audit; Top 10 Considerations for 2017 - can be found here:

Top Content

    Addressing tax challenges and the digitisation of the economy

    As the economy becomes even more globalised through digital sources, the tax systems currently in place need to be scrutinised to examine whether they are still fit for current and emerging business models. Joe Pickard reports on the OECD’s approach to this issue.

    read more

    Primary financial statements: a game changer in reporting?

    International Accounting Standards Board chair Hans Hoogervorst delivered a speech at the Seminario International sobre NIIF y NIF, organised by the Consejo Mexicano de Normas de Información Financiera in Mexico. The Accountant presents the highlights.

    read more

    FASB readies standards for the netflix generation

    The US Financial Accounting Standards Board (FASB) has updated its accounting standard for entertainment, with a specific eye on keeping up to date with how episodic content, such as television programmes, is consumed in the modern world. Jonathan Minter reports.

    read more

    Brexit: why it takes two to tango

    Former TA editor Vincent Huck, now editor of Insurance Asset Risk, looks at why Brexit might unleash geopolitical intrigue in Europe’s accounting standard-setting scene – and why IFRS 17 will be an incredible source of opportunity for firms in the coming years.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.