The importance of adding cyber security to the traditional audit process

By July 1, 2019Blog

It is our belief that a cyber security penetration test should become part of the audit fieldwork process and we are encouraging our clients to build it into the audit annual process.

“The purpose of an audit is to provide an objective independent examination of the financial statements produced by management, thus increase user confidence in the financial statement, reduce investor risk and consequently reduce the cost of capital.”

Protecting against a cyber attack has become a priority for all businesses, therefore, like the traditional audit process, an independent review of the techniques in place will not only ensure a business is secure but increase customer, investor and staff confidence.

The Institute of Chartered Accountants in England and Wales stated thatThe impact of cybercrime is growing across the economy and cyber risk continues to be high on board agendas. However, businesses are struggling to turn general awareness and concern into effective action. This slow pace of change is increasingly frustrating governments and regulators, and businesses need to show more urgency and take control of their cyber agenda.”

The digital world presents an increasing threat to business continuity therefore it needs to be a topic that is discussed and reviewed at board level.

Reporting requirements

Business owners and investors need confidence that the business is fit for purpose and business growth.   A third-party annual audit and penetration test will endorse and support the efforts of internal IT operations with formal reporting mechanisms.

The extent of cyber security requirements depends on your business model and growth plans.  Working alongside you and your internal IT team experts can ensure that your security is fit for purpose for business growth.

GDPR responsibilities

Following the implementation of GDPR in May 2018, businesses have to report any data breaches to the ICO (Information Commissioner’s Office) with businesses facing substantially increased fines.  Data breaches could be the result of a cyber attack therefore the cost of a data breach is not only your reputation but also a potential substantial fine.

Data breach and leak protection therefore needs to be considered in conjunction with cyber security plans.

If you have any questions about integrating a cyber security penetration test into your audit process please let us know via  We can talk you through the process and we can put you in contact with our colleagues at CyberFocus – a dedicated team of cyber specialists.