Cyber threats are a growing risk to businesses, and cyber security is now part of the day job for accountant.
A recent global survey conducted by PwC shows that the number of attacks reported by midsize companies – those with revenues of between £64.5m ($100m) and £645.6m ($1bn) – in 2014 jumped 64% since 2013.
Accountants and other financial institutions are particularly attractive to cyber criminals. In fact, PwC estimate that financial institutions are over 30% more likely to be targeted than other companies.
In light of this rapidly changing environment, the ACA syllabus for 2017 has continued to evolve. Some highlights include:
Audit and Assurance
Cyber security and concerns about cyber-attacks are now some of the most commonly reported concerns by businesses. The key concerns expressed are general business risks, not just narrow information processing risks. Assurance over such risks has therefore become a key aspect of operational and functional controls, as well as financial controls, as part of overall resilience of a business to cyber-attacks.
Cyber security has therefore moved from being a low level technical issue, to become a high-level matter of corporate governance for the board. This has been highlighted by recent publicity surrounding a number of high profile cyber-attacks which have had major reputational impact for companies.
The Audit and Assurance syllabus for 2017 introduces new syllabus requirements about risk identification with respect to cyber security, business risk and business process risk. It also highlights the need to assess the implications of cyber-attacks and the need for expertise in cyber security.
The Corporate Reporting syllabus for 2017 has added emphasis on the causes of, and controls over, cyber-attacks. This includes the need to analyse and evaluate preventative and detective control mechanisms and processes relating to cyber security risks.
Business and Management
Business risk arising from an IT strategy is a key issue in Strategic Business Management (SBM). For the 2017 syllabus, the changes in this context return to the theme of cyber security. The emphasis in SBM is from the perspective of information strategy, including the consequences and risks arising from cyber attacks. In particular, the new material for 2017 considers exposure to cyber attack from external sources, arising from business relationships (eg from the integration of information systems in the supply chain; within strategic alliances; and between business partners)
ICAEW Cyber security resource centre
Cyber crime is an increasing threat to businesses around the world and an attack can have devastating consequences. The cyber security resource centre has some of the latest information, best practice and guides available for ICAEW members.