Cyber security: Advances in search of armor
Cybersecurity has become one of the great challenges of the digital age. KPMG's Keeping pace with disruptive risk and digital transformation report revealed that among the companies' priorities are to conduct focused internal audits and improve cyber security.
The biggest challenges that were mentioned by organizations are: maintaining internal control over financial information and its disclosure procedures (50%), helping to ensure that financial organizations have the talent and resources to prepare quality financial reports ( 49%), monitor fraud risk (30%), maintain audit quality and auditor independence (29%), evaluate key assumptions underlying critical accounting estimates (27%), implementation of new accounting standards (23 %), preparation of key or critical audit reports by an external auditor (15%) and expedite / improve company disclosures in presentations (5%).
One of the key findings highlighted in the audit committees indicates that they rely on their supervision of the basic responsibilities: integrity of the financial information and quality of the audit. However, it is also clear that technological innovation, digital disruption and business complexity exert greater pressure and sharpen the focus on risk management and the internal control environment.
In addition, they ensure that the priorities behind the central supervisory roles are legal and regulatory compliance (64%), ensure that the internal audit is correctly focused and maximizes its value (51%), cybersecurity (50%), tone in the culture (39%), adaptation of the company's ERM processes to identify and evaluate disruptive risks on the horizon (36%), impact of digital disruption and new technologies in the financial organization (31%), privacy and protection of data (29%) and have the talent, skills and succession of leadership in the financial company (29%).
Since the 2014 edition of the '2014 Global Audit Committee Survey', ensuring that the internal audit is properly focused and maximizing its value has been considered as one of the main priorities of the audit committees worldwide.
This year occupies the second place, behind the legal / regulatory compliance.
In short, it is necessary to focus on the controls that management considers to reduce the most significant risks to an acceptable level, the audit plan must be designed primarily to provide the meets the guarantee that these controls are totally effective.
GIVES IN CYBER SECURITY
In general, it is admitted that there are gaps, but it is noted that there is the ability to minimize them and manage cyber risk; However, what is striking is that they increase considerably compared to the 2017 sample, in a scenario where companies thought they were prepared, but have found elements that prove otherwise.
Concern for organizational awareness / culture increased from 22% in 2017 to 41% in 2019; cyber risk is isolated as an 'IT' problem compared to business growth throughout the company, 41%; having the right talent and experience increased from 22% to 36%; keeping technology systems up to date increased from 31% to 35%;third party vulnerability / supply chain increased from 24% to 30%; the internal risk of "people" increased from 20% to 29%; and the monitoring and effective reporting of cyber threats went from 21% to 23%.
In this regard, Timothy Copnell, of the KPMG UK Board Leadership Center, stressed: “Committee members must understand the different pressure points within an organization. They need people who have an independent mindset and are prepared to think carefully about the judgments that must be made, who proactively ask good questions and not only accept the recommended approach. ”
One of the insights highlighted by the respondents is that almost half of the members of the audit committee say that companies should not continue to provide profit guidance semiannually or quarterly.
In fact, 16% said that the practice of providing guidance on earnings should be phased out, and 15% believe that guidance should be provided only annually.
Interestingly, 31% believe that environmental, government and social problems are important for long-term performance and value creation; and 42% see in it part of the normal activities of risk and regulatory compliance.
"Year after year, maximizing the internal audit value function remains a top priority by maintaining the flexibility to adjust the audit plan in response to changes in commercial and risk conditions," says Fabián Echeverría, Lead Partner KPMG consulting in Colombia.
Of the companies that reported having an internal audit function, they focused the plan on key risk areas beyond financial information-centric hazards, such as cybersecurity, information technology and other operational risks, and maintained the flexibility to adjust the audit plan in response to changes in business and risk conditions classified as the most important ways to maximize the value of the internal audit.
One of the key findings highlighted in the audit committees indicates that they rely on their supervision of the basic responsibilities: integrity of the financial information and quality of the audit. However, it is also clear that technological innovation, digital disruption and business complexity exert greater pressure and sharpen the focus on risk management and the internal control environment.
In addition, they ensure that the priorities behind the central supervisory roles are legal and regulatory compliance (64%), ensure that the internal audit is correctly focused and maximizes its value (51%), cybersecurity (50%), tone in the culture (39%), adaptation of the company's ERM processes to identify and evaluate disruptive risks on the horizon (36%), impact of digital disruption and new technologies in the financial organization (31%), privacy and protection of data (29%) and have the talent, skills and succession of leadership in the financial company (29%).
Since the 2014 edition of the '2014 Global Audit Committee Survey', ensuring that the internal audit is properly focused and maximizing its value has been considered as one of the main priorities of the audit committees worldwide.
This year occupies the second place, behind the legal / regulatory compliance.
In short, it is necessary to focus on the controls that management considers to reduce the most significant risks to an acceptable level, the audit plan must be designed primarily to provide the meets the guarantee that these controls are totally effective.
GIVES IN CYBER SECURITY
In general, it is admitted that there are gaps, but it is noted that there is the ability to minimize them and manage cyber risk; However, what is striking is that they increase considerably compared to the 2017 sample, in a scenario where companies thought they were prepared, but have found elements that prove otherwise.
Concern for organizational awareness / culture increased from 22% in 2017 to 41% in 2019; cyber risk is isolated as an 'IT' problem compared to business growth throughout the company, 41%; having the right talent and experience increased from 22% to 36%; keeping technology systems up to date increased from 31% to 35%;third party vulnerability / supply chain increased from 24% to 30%; the internal risk of "people" increased from 20% to 29%; and the monitoring and effective reporting of cyber threats went from 21% to 23%.
In this regard, Timothy Copnell, of the KPMG UK Board Leadership Center, stressed: “Committee members must understand the different pressure points within an organization. They need people who have an independent mindset and are prepared to think carefully about the judgments that must be made, who proactively ask good questions and not only accept the recommended approach. ”
One of the insights highlighted by the respondents is that almost half of the members of the audit committee say that companies should not continue to provide profit guidance semiannually or quarterly.
In fact, 16% said that the practice of providing guidance on earnings should be phased out, and 15% believe that guidance should be provided only annually.
Interestingly, 31% believe that environmental, government and social problems are important for long-term performance and value creation; and 42% see in it part of the normal activities of risk and regulatory compliance.
"Year after year, maximizing the internal audit value function remains a top priority by maintaining the flexibility to adjust the audit plan in response to changes in commercial and risk conditions," says Fabián Echeverría, Lead Partner KPMG consulting in Colombia.
Of the companies that reported having an internal audit function, they focused the plan on key risk areas beyond financial information-centric hazards, such as cybersecurity, information technology and other operational risks, and maintained the flexibility to adjust the audit plan in response to changes in business and risk conditions classified as the most important ways to maximize the value of the internal audit.
Comments
Post a Comment