![](\"https:\/\/s3.amazonaws.com\/snd-store\/a\/57465521\/03_19_21_1183011866_aab_560x292.jpg\")
<\/p>\n<\/p>\n
Data security is a critical part of the audit risk assessment. If your financial statements are audited, your audit team will tailor their procedures to answer critical questions about cyber risks and the effectiveness of your internal controls. While conducting fieldwork, they\u2019ll assess how your practices measure up and whether your company has weaknesses that may require additional inquiry, testing and disclosure.<\/p>\n
Is cybersecurity a priority?<\/strong><\/p>\n Most companies today view cybersecurity as a business problem, not just as an information technology (IT) issue. During the audit process, it\u2019s important to identify the \u201ccrown jewels\u201d of your company\u2019s data assets, and then consider how your management team evaluates, manages and responds to cyber risks and cybersecurity incidents.<\/p>\n People are often the weakest link in cybersecurity. So, auditors will evaluate your company\u2019s training, awareness and accountability policies to ensure that sensitive data is kept safe. Those policies may need to be regularly updated as 1)\u00a0hackers get more sophisticated and find new ways of breaking into systems, and 2)\u00a0your business environment changes.<\/p>\n For example, remote working arrangements during the COVID-19 pandemic have resulted in new risks as employees access data from less-secure home networks. So companies may need to modify their practices to maintain effective data security.<\/p>\n Auditors also consider the tone at the top of your organization. Cybersecurity should be integrated into an organization\u2019s values and goals. Responsibility shouldn\u2019t fall solely in the hands of your company\u2019s IT department. After all, if your company can\u2019t keep its intellectual property and customers safe, its ability to operate will ultimately be diminished over the long run.<\/p>\n What\u2019s important to investors and lenders?<\/strong><\/p>\n To date, the Public Company Accounting Oversight Board (PCAOB) hasn\u2019t found any material misstatements on a public company\u2019s financial statements as a result of a cybersecurity breach. So, stakeholders generally have confidence in the ability of auditors to evaluate and identify cyber risks.<\/p>\n However, audit committees and other external stakeholders recognize that there\u2019s a risk that future cyberattacks may affect financial reporting. And they expect auditors to actively communicate about cybersecurity measures and the costs associated with breaches. The full cost of a data breach \u2014 including response and reputational damage \u2014 may not always be apparent. Financial statement disclosures should be as accurate, timely and comprehensive as possible.<\/p>\n An agile approach<\/strong><\/p>\n Many traditional audit risks \u2014 such as supply chain and related party risks \u2014 tend to be fairly constant and predictable over time. But cyber risks are constantly evolving. We have experience evaluating and disclosing data security practices. Each accounting period, our audit team will take a fresh look your company\u2019s cyber risks in today\u2019s marketplace and modify our audit procedures as necessary. We can also help get your policies and procedures back on track, if they haven\u2019t kept up with the times.<\/p>\n \u00a9 2021<\/em><\/p>\n <\/body> Data security is a critical part of the audit risk assessment. If your financial statements are audited, your audit team will tailor their procedures to answer critical questions about cyber risks and the effectiveness of your internal controls. While conducting fieldwork, they\u2019ll assess how your practices measure up and whether your company has weaknesses that […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,7,10],"tags":[8,11,12],"class_list":["post-15339","post","type-post","status-publish","format-standard","hentry","category-aa","category-articles","category-news","tag-articles","tag-news","tag-updates"],"_links":{"self":[{"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/posts\/15339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/comments?post=15339"}],"version-history":[{"count":0,"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/posts\/15339\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/media?parent=15339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/categories?post=15339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sfw.cpa\/news-and-guides\/wp-json\/wp\/v2\/tags?post=15339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/html><\/p>\n","protected":false},"excerpt":{"rendered":"