• Register
Return to: Home > News > Assurance and Accounting > KPMG: Cybersecurity is the biggest internal audit risk in 2017

KPMG: Cybersecurity is the biggest internal audit risk in 2017

The focus for internal auditors should be on cybersecurity, according to the report; KPMG Internal Audit; Top 10 Considerations for 2017.

KPMG investigated companies in different sectors and analysed the results from more than 400 respondents on internal audit issues for 2017.

The top ten 2017 internal audit concerns according to KPMG’s report are:

1.            Cybersecurity

2.            Culture / soft controls

3.            Integrated assurance

4.            Regulatory Compliance

5.            Third party relationships

6.            Anti-bribery / anti-corruption

7.            Emerging technologies

8.            Data analytics and continuous auditing

9.            Performance risk

10.          Strategic alignment

The increasing expertise of hackers is pointed out in the report, on how they can penetrate the system, including through connections with suppliers and technology partners.

A representative from the Institute of Chartered Accountants in England and Wales’ (ICAEW’s) IT facility told the International Accounting Bulletin: “Cyber security continues to be high on the agendas of all organisations. They are facing more sophisticated and organised attackers, who continue to exploit weakness in organisations, especially people, to gain access to systems and sensitive data. Integrated supply chains and pressure to innovate with new technologies add to the risks.”

The drivers of cybersecurity include minimising the costly consequences of data breaches such as investigations, legal fines, coverage of customer losses, and potential loss of customers and business. Consequences can be minimised through averting reputational damage to the organization, avoiding non-compliance with regulatory requirements, and preventing loss of intellectual property or capital.

There are also two other major concerns for internal audit; corporate culture and so-called soft controls. This refers to problems caused by incorrect employee behaviour and the lack of an effective system that can respond to associated business risks.

An Association of Chartered Certified Accountants (ACCA) spokesperson told the International Accounting Bulletin: “Audit’s value – internal and external – comes from the benefit it brings by helping businesses to be more effective in identifying areas of risk, poor controls and inefficiencies. Internal auditors are increasingly becoming the business’ eyes and ears to report fraud, bribery and money laundering activities, many of which now happen in the cyber world. Internal audit also needs to be aware of the balance between security and utility.”

The representative from ICAEW’s IT facility added: “International organisations specifically have to comply with multiple regulations around cyber security and privacy. Ticking a box to say the board has discussed cyber risk is not enough. For accountancy firms, cyber risks continue to be both a threat and an opportunity. They have to manage their own risks carefully to maintain client trust, as well as advise clients showing leadership in this area.”

"The consequences of security holes can be disastrous, because the core function and reputation of a company may be affected." said a KPMG representative.

The ACCA spokesperson continued: “KPMG’s report is a must-read for the profession, and not just for internal auditors. It highlights the issues we all face in the digital 24/7 world, where cybersecurity is a cause of concern for all in a business and not just the internal audit function.”

KPMG’s full report - KPMG Internal Audit; Top 10 Considerations for 2017 - can be found here:

Top Content

    South Africa: sensing new opportunities

    It has been an interesting couple of years for the profession in South Africa. A number of high-profile scandals have brought the profession and the role of auditors into sharp public focus, brewing a distrust towards accountants and a large expectations gap. Joe Pickard reports.

    read more

    Ghana: a quest for consistency

    Ghana’s current economic profile would suggest a fertile landscape for purveyors of accounting services. But inconsistent approaches to compliance and application of standards – coupled with problems in the banking sector and consequent liquidity constraints – have created a challenging environment. Paul Golden writes.

    read more

    Drone technology: audit takes to the skies

    The movement towards a digitised era has already impacted the auditing profession in a number of ways, from blockchain to artificial intelligence. Now firms are taking to sky and using drone technology in their audits. Mishelle Thurai speaks to Big Four firms to find out more.

    read more

    SBC: a new alliance joins the market

    Jonathan Minter speaks to Paul Tutin, chair of founding firm Streets Chartered Accountants, about why the business and its European partners took the decision to launch their own association.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.