Cybersecurity – What is the auditor’s role?

Cybersecurity risks are continuously evolving in the current world; therefore, the auditor must continuously evaluate the potential for cybersecurity incidents to have a material impact on the financial statements. The Standards require the financial statement auditor to understand how the company uses its information technology systems and its impact on the financial statements. This process includes understanding the extent of the company’s automated controls on the transactions and related reporting to the financial statements.

The general IT systems controls are significant for the reliability of data and reports produced by the company and used in the financial reporting process, including IT risks resulting from unauthorized access. The financial statement auditors must consider their understanding of the company’s IT systems and controls for evaluating the risks of material misstatement in the financial statements.

The systems and data are in scope for most financial statement audits in the IT environment of the company. Usually, these are a subset of systems and data used to support the company’s overall business operations.

The auditor focuses on access controls and changes to systems and data, computer operations controls, and the reliability of company-prepared information by using the computer systems and data that could impact the financial statements and their effectiveness.

The financial statement auditor’s primary focus is on the controls and systems closest to the application data of interest to audit the financial statements. Audit procedures will then be developed to address each company’s unique IT environment. Many cybersecurity incidents first occur through the perimeter and internal network layers, which tend to be further removed from the application, database, and operating systems typically included in access control testing of systems that affect the financial statements.

However, the cybersecurity risk landscape has evolved, and the frequency and complexity of cybersecurity attacks continue to change. For example, cybersecurity incidents have resulted in the disbursement of unauthorized funds (e.g., a wire transfer) through compromising the company’s email system. Such incidents may not necessarily be sophisticated in the use of technology; instead, they have adapted to exploit weaknesses in the company’s policies and procedures that are vulnerable to cybersecurity risk today.

As part of risk assessment and planning, auditors would broadly consider cybersecurity risks that could have a significant effect on the company’s financial statements Considerations related to cybersecurity risks include the potential fiscal impact of such risks on the financial statements and the inability of an organization to issue financial statements promptly because of a breach of its financial reporting systems (e.g., due to a ransomware attack). For example, auditors may obtain an understanding of the company’s business operations that give rise to cybersecurity risk and, to the extent such risks are deemed material to the company’s financial statements, adjust their audit plan accordingly to address those risks. The Common areas that may have exposure to cybersecurity risk include the transaction processes where bank account information is modified and funds are disbursed (e.g., wire transfer).

Concerning the company’s cybersecurity disclosures, the auditor’s responsibilities depend on whether the disclosures are included in the audited financial statements. Suppose the disclosure is included in the audited financial statements. In that case, the auditor performs procedures to assess whether the financial statements, taken as a whole, are presented fairly in all material respects. The auditor’s assessment includes procedures specific to the financial statement disclosures. Such as, if a cybersecurity breach with a material financial statement impact occurs, the auditor will perform procedures around the affected account balances and assess whether the disclosures related to material contingent liabilities, if any, are reasonable concerning the financial statements taken as a whole.

Get Free Consultation

Would you like to rate us on Google?      Yes    No

HLB HAMT - Audit, Tax, Accounting and Business Advisory

4.8

Based on 176 reviews

review us on

Varun R Chandra

07:38 25 Apr 21

HLB Hamt is highly recommended! They have the quality of services that would satisfy your needs. I'm glad I found them.

Giuseppe Assi

06:20 31 Jan 21

I HAD A GOOD EXPERIENCE WITH HLB HAMT DUBAI. THEY HAVE A VERY PROFESSIONAL TEAM, GOOD QUALITY OF SERVICES, GOOD VALUE... FOR PRICE.I RECOMMEND THIS COMPANY.read more

Mohamed Sheriff

16:16 28 Jun 20

Experience with HLB Hamt in audit experience is great pleasure. They deploy well qualified accounts team for audits.... And the amount of checking they perform give the management of the company confidence that internal controls are well in place. We are glad to see they have high standard of audit practices.read more

218141 JOSEPH THOMAS

16:20 23 Jun 20

Professionally managed firm with commitment to the engagements taken. My company and its group are assigning our... requirements for last 12 years to HLB and we don’t have any negative remarks on any assignments.read more

PMI

07:14 23 Jun 20

In my opinion, HLB Hamt is one of the best professional firms in UAE after big4. Excellent client service, professional... and competent staff and timely delivery are their strength. Over the years they have developed the infrastructure and skill set to handle multiple verticals ie, audit, tax services, consulting, IT support etc.Wishing HLB Hamt team all the very best.read more

RAVI CHOKSI

08:28 21 Jun 20

Thank you Team HLB hamt...Your internal auditing team put the good amount of time and inputs in helping the... organisation making considerable improvements throughout the organisational working structure and helps in building the better business.Thanks.read more

Maharajan Subramaniam

18:17 06 Jun 20

High-Performing IT Teams, I'm impressed with the knowledge level of their deputed staff, audit procedures, and... checklist adopted. Mr. Vimal especially understand the requirement and provide solution not only technical feasibility and also considered budgeting. We’re confident in their abilities.read more

Mohammed L

08:07 05 Jun 20

We have been working closely with them on payroll services for quite sometime.They provide very professional... services,experts in domain and excellent support. Would recommend them.Cheers.read more

ROY ROSHAN VIVIAN

06:32 04 Jun 20

Very professional team. Vimal has always given us good solution advice for various Software and IT Infra projects. We... are very Extremely satisfied working with him and his team. Wishing them success.read more

Basil Daniells

05:55 03 Jun 20

I have worked with HLB as a partner of Sage for about 2 years, they were dedicated to the success of the partnership... and kept aligned with the business plan that was agreed between our two companies. They are always ready to go the extra mile for a customer and don’t shy away from challenging circumstances. Keep up the good work and wish you all the success in the future.read more

Amar Kashyap

19:28 02 Jun 20

Team of well qualified and organised professionals. Their reports are not based on numbers first they will understand... their client and their business. They are highly recommended and trust worthy.read more

Radz de Jesus

16:03 02 Jun 20

We're glad to have found HLB Hamt to conduct the IT audit and risk assessment for our organization. We have learned a... lot from their team during that first project. And since then, we've continued to be in touch with them. Mr. Vimal especially is very good at presenting technical concepts in simple yet interesting ways that non-IT and business people alike would easily catch. We are very happy with the professionalism and quality of service they provide. They leave their clients nothing short of satisfied. Highly recommended.read more

Next Reviews