VIDEO: Accountants Must Help Companies Fight Systemic Cyberrisks

The Financial Accounting Resource Center™ is a comprehensive research service that provides the full text of standards, the latest news from the Accounting Policy & Practice Report ®,...


By Todd Cheney

Accountants and auditors must intensify efforts to warn investors of growing cybersecurity risks that can threaten companies across their entire systems, the Center for Audit Quality’s professional practice managing director said.

The accounting profession must help ensure the transparency of company cybersecurity networks and their impact on financial reporting as part of strong internal controls over financial reporting (ICFR), the CAQ’s Catherine Ide said in a video interview recorded during the American Institute of CPAs’ National Conference on Current SEC and PCAOB Developments. The Center for Audit Quality is Affiliated with the AICPA.

See interview here: https://players.brightcove.net/68290866001/HJCdfoas_default/index.html?videoId=5672714525001

Unfortunately, “the breaches we see happening generally are at a network or a perimeter level and not in scope from a financial statement or ICFR audit perspective,” Ide said. Auditors wouldn’t necessarily catch those breaches.

However, “if there is a material breach, [it is] the auditor’s responsibility to assess that impact on the financial statements, especially in consideration of disclosures and internal controls over financial reporting,” Ide said.

“A financial statement of internal control over financial reporting audit is generally a subset of the overall aggregate IT systems and data that a company uses to manage its business operations in totality,” Ide said. “It’s an auditor’s responsibility to maintain an understanding of the company’s information technology environment as well as the IT impact on the financial statements.”

When asked how the accountant’s role could evolve in cybersecurity, Ide said, “our core competencies around understanding enterprise-wide risks, as well as management’s response to those risks in the form of controls, benefit our ability to provide confidence in that information to the stakeholders at large.”

The AICPA Cybersecurity Risk Management Framework can help corporations in that process by permitting companies to “communicate in a common language about their cybersecurity risk management programs,” Ide said.

In the constantly evolving area of information technology, as companies face increased cyberattacks and heightened data susceptibility, auditors will need every imaginable tool to help corporate practitioners fight growing cybersecurity risk, Ide said.

To contact the reporter on this story: Todd Cheney in Washington at tcheney@bloombergtax.com

To contact the editor responsible for this story: S. Ali Sartipzadeh at asartipzadeh@bloombergtax.com

Copyright © 2018 Tax Management Inc. All Rights Reserved.

Request Financial Accounting