The Institute of Singapore Chartered Accountants (ISCA) has launched a publication to provide a guide for auditors on assessing cybersecurity risk in a financial statements audit.
This is the first publication in Southeast Asia that provides guidance on this matter, said the ISCA in a recent statement. With cybersecurity posing immense challenges to entities in the current business environment, and the severity and frequency of cyber attacks escalating over the years, auditors will have to consider their client’s cybersecurity risk when planning and performing audit. The recent WannaCry cyberattack in 2017, which affected computers across 150 countries, caused total financial damages estimated to amount to S$4bn ($3bn), noted ISCA.
Produced by ISCA with contributions from PwC Singapore, ‘Cybersecurity Risk Considerations in a Financial Statements Audit’ notes that smaller businesses face just as much, if not higher risk of cyber attacks as compared to larger businesses, as they may lack the resources to have a robust infrastructure to fend off or detect these cyber attacks. As seen in the WannaCry cyber attacks, vulnerable firms could face massive financial repercussions. Hence, it is important for auditors to consider cybersecurity risk in their assessment of all their client’s financial statements.
The publication also uses different case studies to illustrate the diverse impact of a cyber attack on companies, the guidance demonstrates how cybersecurity threats and cyber attacks can impact financial reporting and hence its related audit. It also provides insights on how auditors should take cybersecurity risk into account as part of risk assessment during audit planning, and suggests appropriate responses to risks identified and cyber incidents that have happened, and those that were detected or suspected as a result of the audit.
ISCA chief executive officer Lee Fook Chiew said, “In today’s digital age, cybersecurity risk is one of the key threats to businesses. This publication provides financial statements auditors a guide in identifying and assessing cybersecurity risk, as well as the appropriate responses to the risks identified those that were detected or suspected as a result of the audit. With this guide, we aim to equip audit professionals with knowledge in an area that will grow increasingly important in the future economy.”
PwC Singapore’s digital trust and cyber leader Tan Shong Ye said, “Cybersecurity risk has become one of the top risks, identified by board directors, that could affect a company's business as well as financial statements. Cyber criminals have evolved from targeting computer systems and networks to breaching buildings, factories and safety controls systems through the embedded computer and communication chips. Increasingly, cyber risks, are becoming pervasive and are causing an impact on financial line items treatment. This would need to be considered when we perform financial statement audits.”
The publication can be found here.