KPM

Search
Menu
Contact Us
Search
PAY NOW
KPM_LOGO
PAY NOW
Menu
  • Articles, Assurance
Communicating Accounting Information Inventory Management WIP Non-GAAP Metrics Reduce Billing Bottlenecks Auditor Independence Accounting Methods Year-End Financials Auditing Revenue Recognition Inventory Management System Access To Capital M&A Due Diligence What Is Materiality Job-Costing Systems Technology Bank Reconciliation Cybersecurity New Segment Expense Disclosure Rules QuickBooks To Prepare 2024 Budgets Safeguard Organization Assets Offsetting Rules Inventory Count negotiation M&A Accounting Monthly Financial Close Shareholder advance Payroll challenges Prepare for audit QuickBooks income tax Crypto Accounting Percentage-Of-Completion Financial Statement PCAOB Overhead Mileage in QuickBooks UTPs Cross-Train Employee Benefit Plan Audits Accounts Receivable

How External Auditors Address Cybersecurity

Experiencing a data breach can lead to significant financial implications. As per a recent 2023 survey conducted by the Ponemon Institute, a research center specializing in privacy, data protection, and information security policy, the average total cost of a data breach has surged to approximately $4.45 million. This represents a notable 15% increase in the overall cost over the past three years. Particularly noteworthy is the 53% surge in data breach costs within the healthcare sector since 2020.

Auditors consider all kinds of risks when they prepare financial statements. Here’s how they specifically tackle the issue of IT security in an audit.

Audit Scope

When it comes to evaluating cybersecurity risks, auditing standards require auditors to:

  • Learn how businesses use IT and the impact of IT on the financial statements
  • Understand the extent of the companies’ automated controls as they relate to financial reporting
  • Use their understanding of business IT systems and controls in assessing the risks of material misstatement of financial statements, including IT risks resulting from unauthorized access

 
The auditor’s role is limited to the audit of the financial statements and, if applicable, the internal control over financial reporting (ICFR).

Primary Focus

An auditor’s primary focus is on controls and systems that are in closest proximity to the application data of interest to the audit. This includes enterprise resource planning systems, single purpose applications (such as fixed asset systems), and any connected systems that house data related to the financial statements.

Companies must continuously update their controls and systems to stay atop the latest hacking techniques. Increasingly, companies are using artificial intelligence (AI) and automation to detect and contain breaches. According to the 2023 Ponemon Institute report, organizations that fully deploy cybersecurity AI and automation on average saw 108-day shorter breach lifecycles than organizations without these technologies in place. In addition, organizations that extensively use cybersecurity AI and automation to identify breaches experienced $1.76 million lower average loss than those without these technologies. In fact, these technologies were the biggest cost-savers identified in the report.

An auditor’s responsibilities don’t encompass an evaluation of cybersecurity risks across a company’s entire IT platform. But, if auditors learn of material breaches while performing audit procedures, they consider the impact on financial reporting (including disclosures) and ICFR.

Fortifying Your Defenses

Data breaches have become increasingly common and costly. It’s critical for business owners and managers to understand the scope of the external auditor’s responsibilities in this area and develop a cybersecurity program that mitigates the risks. Contact us with questions.

Related Articles

Assurance

Clearly Communicating Accounting Information To Everyone

Employer

Tips To Strengthen Trust In Your HR Department

Business

Businesses: Need To Knows On Health Care Self-Insurance & Stop-Loss Coverage

Talk with the pros

Our CPAs and advisors are a great resource if you’re ready to learn even more.

Contact us