ICAEW.com works better with JavaScript enabled.

Can you risk it?

Cyber security and risk should be a board-level issue – and according to the latest Audit Insights report there is a growing role for auditors.

The democratisation of digital technology has turned business inside out. The ubiquity of broadband internet access; elastic IT resources provided by cloud; available and affordable smartphones, tablets and apps; and the spread of social media, have all helped to create enormous opportunities for businesses. But the digital technologies that enable businesses to operate globally across increasingly complex supply chains with greater speed and efficient have created a new risk landscape.

This new risk landscape has not been met with new approaches to risk. According to the latest Audit Insights report from the IT Faculty and the Audit & Assurance Faculty, many organisations still see cyber security as an operational IT risk and responsibility rather than a strategic business risk and a board-level responsibility. "Organisation need to define clear lines of responsibility and accountability as well as draw up response plans. Management and board members must communicate with IT professionals so they better understand the potential threats," says Richard Anning, Head of the IT Faculty.

This is an extract from an article in the February 2016 edition of Audit & Beyond, the magazine of the Audit and Assurance Faculty.

Find out more

Members of the Audit and Assurance Faculty and subscribers of Faculties Online


To read the complete article, subscribe to Faculties Online or join the Audit and Assurance Faculty and get access to this article in full, plus all future publications, events, webinars and services.