Optus, Medicare, and The Smith Family – just some of the victims of recent cyber-attacks. No entity is immune. Cyber-attacks can result in class actions, reputation damage, additional costs, and heavy penalties.
Recent surveys have shown that IT skills relating to governance and awareness of IT risks are lacking. Auditors need to be familiar with how auditing standards and guidance affect audit risk and the provision of IT-related non-assurance services. Action needs to be taken now to ensure that cyber-security risks are understood and effectively managed.
The session will:
- Look at some recent cybersecurity attacks and see what lessons can be learnt
- Highlight key findings of recent surveys into IT skills involving governance
- Discuss what preventive steps can be taken to minimise risks
- Review what needs to be done once cyber-attacked, and
- Examine the role of external auditors in relation to cyber-security, including ASA 315 Identifying and Assessing the Risks of Material Misstatement, and AUASB bulletin The Consideration of Cyber Security Risks in an Audit of a Financial Report.