INTHEBLACK October 2021 - Magazine - Page 8
GET SMART
// C PA A U S T R A L I A P O L I C Y
OCTOBER
UPDATE
AT A G L A N C E
Dr Jana Schmitz,
CPA Australia’s
technical adviser,
assurance and
emerging technologies
With businesses making
a quick shift to a virtual
operating environment,
their vulnerability to
cyber attacks has
increased.
Data manipulation,
misappropriation of funds
or assets and leaks of
confidential information
are among the greatest
threats to businesses.
The Australian Auditing
and Assurance Standards
Board has recently
released its bulletin to
assist auditors in
assessing the direct and
indirect effects of
cybersecurity risks.
CLEAR AND
PRESENT DANGER
AS BUSINESSES HAVE SHIFTED TO REMOTE WORKING DURING THE PANDEMIC,
THE MAJORITY OF THEIR BUSINESS ACTIVITY HAS MOVED TOWARDS A VIRTUAL
ENVIRONMENT. THIS HAS EXPOSED COMPANIES TO BOTH INCREASED AND NEW
CYBER VULNERABILITIES THAT NEED TO BE CONSIDERED AND ASSESSED BY
EXTERNAL AUDITORS.
C
CLICK HERE
TO BORROW
Contemporary
Issues in Audit
Management and
Forensic Accounting
from the
CPA Library
8 ITB October 2021
yber attacks by criminal entities, many located
overseas, have become a real and present threat
to businesses in Australia.
The latest Annual Cyber Threat Report from
the Australian Cyber Security Centre (ACSC), covering
the period between July 2019 and July 2020, concludes
that the most common type of cybersecurity incident is
“malicious email” (27 per cent), including phishing and
spear-phishing.
The second most common incident is a “compromised
system” attack (24.4 per cent), an incident where an
adversary accesses or modifies a network, account,
database or website without authorisation.
Inadequate systems and controls can expose entities
to data manipulation, misappropriation of funds or
assets, breaches of privacy and leaks of confidential
information, which in turn may lead to fines, litigation
and reputational damage.
THE IMPACT OF CYBER BREACHES
Cyber attacks can affect both the integrity and
reliability of financial information, creating risks of
material misstatement, which the external auditor
needs to assess.
Cybersecurity risks can have a pervasive effect on
general information technology (IT) controls, as well
as IT application controls, and consequently may
undermine the effectiveness of internal control systems
and processes. This affects the reliability of the financial
information used in the preparation of financial reports.
To assist auditors in considering the direct and
indirect effects of cybersecurity risks, the Australian
Auditing and Assurance Standards Board (AUASB) has
published the AUASB bulletin: The consideration of
cyber security risks in an audit of a financial report.
According to the AUASB, cyber breaches can have
the following direct and indirect effects on a financial report:
Recognition of provisions or disclosure of contingent
liabilities as a result of a data breach: This may be the
result of fines or penalties from regulators as well as the
possibility of legal action from affected parties where
sensitive data has been lost or leaked.
Change in the fair value of assets as a result of a
cyber incident: When a particular industry is targeted,
there may be a hesitancy to transact with entities within
that industry.
Impairment of assets due to decreased operating
cash flows as a result of a cyber attack: Where an
attack has shut down operations for a significant period
of time, or where an attack has significantly damaged
the organisation’s brand.
The Bulletin also covers overall implications for the
organisation’s ability to continue as a going concern
if its operations or reputation are severely affected.