A KPMG REPORT shows that audit committees believe poor quality data is hampering cybe protection efforts across businesses.
The KPMG UK Audit Committee Institute finds that the number of auditors with concerns about cyber security has doubled in the last year and businesses are losing the battle against cyber crime as a result, Accountancy Age’s sister title Computing reports.
The survey of audit committee members found the quality of information provided to auditors is becoming increasingly unsatisfactory, raising fears that cyber safety has taken a step back and making the task of minimising risk much more difficult.
Almost half (47%) of auditors believe they need better information about cyber risks, a figure that has doubled from 24% the previous year.
Additionally, half of the audit committee members surveyed said it is “increasingly difficult” to oversee the risks of cyber security in addition to the rest of their reporting. It’s a trend Stephen Bonner, partner at KPMG, is concerned about.
“Given the rapidly growing public, political and media profile of the cyber threat, it is very worrying that audit committee members feel more concerned now about the issue than they did a year ago,” said Bonner, head of information protection and business at the Big Four firm.
“It shows that either companies are losing the battle against cyber criminals, or they are still not yet fully engaging with the threat.
“It is a difficult issue that takes many executives and non-executives out of their comfort zone. However, it is simply too big and fast-growing a risk for companies to tackle half-heartedly,” Bonner added.
Timothy Copnell, head of KPMG’s UK Audit Committee Institute, pointed out that auditing is a difficult enough task in itself, even without businesses withholding information about cyber threats.
“Audit committee agendas are not getting any lighter. Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself,” he said, adding that if things continue the same way, auditing might not even be possible.
“This survey suggests that many audit committee agendas may be reaching a tipping point, and that it’s time to step back and assess whether audit committees are able to exercise even their fundamental responsibilities in an appropriate manner”, Copnell concluded.
KPMG’s survey was conducted amongst approximately 1,500 audit committee members in 34 countries between September and November 2013.
A previous KPMG report, released last month, suggested that government, businesses and consumers all need to think more carefully about cyber threats because 2014 will see the most advanced attempts at hacking and cyber crime yet.
While everyone values audit quality highly we must be be careful that we don’t let it deter talent. We need to guard against its commoditisation and the threat to a unitary profession
The Practitioner’s uncensored thoughts come from within their own practice – having left a regional firm in the heart of England
Commissioning and preparing an asset valuation for financial reporting should involve a three way dialogue between the client, valuer & auditor
As a change-agent, internal audit has a lot going for it, but many internal audit functions need to upgrade their skills.