banner_ad

Consideration of cyber security controls in the audit program

Share  

2020 was a landmark year which has created many unprecedented changes in the lives around the world. It had disrupted lives / labour force, business operations, insolvency risks, resulted in inflation and supply chain. The pandemic has introduced us to new methodology of working by introducing a new concept of "Working from home". The introduction of new way of working has resulted in many cyber threats which the auditors need to address while doing the audit subsequent to 2020. High dependency on the internet specifically which are used in residence not having the requisite controls of the organization has increased the vulnerability of cyber attacks manifold.

The cyber risk has potential impact on the financial statement resulting in diminished cashflow, impairment of intellectual assets like patents or copyrights being violated, loss of revenue & market due to ransomware attacks, expenses incurred for investigation etc. While the audit of the financial statements the auditors cannot ignore the risk arising due to cyber attacks in the risk assessment as per the Auditing Standard 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment.

Consideration of cyber security controls in the audit program

This article aids in providing to understand the cyber risk and the audit approach by the auditors to comply with SA 315.

 

Cyber Risks

Audit approach

Entity level

The company may not appoint any responsible person to ensure the cyber security across the organization.

• Obtain the organization chart of IT department

• Ensure that CISO is appointment and check his roles and responsibilities

• Ensure adequate segregation of duties

Unpredictable IT environment for which controls may not be designed or implemented

• Ensure that formal documented policies and procedures are documented covering all IT assets

• These policies and procedures are regularly updated using version controls

Risk of outdated regulatory and license compliance

• Verification of checklist covering all the compliance requirement

• Installation of only authorized software by the

• company

• Regular review of checking unlicensed software

• In case of Working from home, insist on installation of license software by the organization

Cyber Risk

Audit Approach

IT Asset Management

Risk of unauthorized asset usage and intrusion

• Check the list of all the IT assets (including the company assets and personal IT assets used by employees while working from home)

• Segregation of company assets used by employees at home and personal assets used by employees

Risk of redundant list of assets maintained

• Ensure updating of IT assets on regular basis.

• Obtain the physical verification report on regular basis.

• In case of work from home environment, the pic of the asset containing the asset number can be obtained.

Data Management

The data may not be available in case of any failure to the server or the network

• Check the data restoration policy of the company

• Ensure that regular back up of the data are taken including the back up of the data from home.

• The back up data are properly stored by a responsible person.

• Regular testing of the data back up

Unauthorized physical access to the data

• Check for the restrictions of the server room

• Check for the security of server room with CCTV, smoke detectors, Automatic fire suppression system etc

Unauthorized logical access to the data

• Check for the authorization list to the access of applications, operating systems, databases, network infrastructure.

• Check for the mapping of the roles and the access provided

• In case of working from home, check for the VPN privileges provided to the employees.

Change Management

 ;

Due to the work from culture, the change with respect to the way the work is done may not be authorized by the process owner

• Ensure that all the changes are made through proper authorization. Ideally through a "Change Request Form"

• Ensure that changes made in the production environment should be tested and accepted.

• Ensure that Segregation of duties is not compromised due the change introduced.
 
Join the CA Students WhatsApp Community for ICAI Updates, Trending Courses & Notes!
2609 Views Comment   Share Audit   Report


CA Amrita Chattopadhyay

About the Author

Audit & Assurance

Risk analysis and management Audit Assurance

View Articles

CCI Pro
Comments

Related Articles


Loading


Popular Articles




banner

Trending Online Classes

view all classess

CCI Pro
Meet our CAclubindia PRO Members
Subscribe Now


CCI Articles

You can also submit your article by sending to article@caclubindia.com

submit article

Browse by Category



Latest Job Openings

View all
Company
29 April 2026
Internal Auditor

SNCO

Mumbai

CA Inter

View Details
Company
11 May 2026
Post office

Post office

Anakapalle

Others

View Details
Company
25 April 2026
Tax Executive/Manager

BDMV & Co, Chartered Accountants

Mumbai

CA Final

View Details
Company
03 May 2026
Senior Chartered Accountant

Nirmal Jain & Co

New Delhi

CA

View Details
Company
06 May 2026
Account Assistant / Article Clerk

V.K. Ranjan & Co(Chartered Accountants)

New Delhi

B.Com

View Details
Company
Featured 02 May 2026
Senior Executive

hitesh chandwani & co

Pune

B.Com

View Details
Company
ARTICLESHIP 02 May 2026
Accounts and Audit Assistant

Kothawade and Laddha

Thane

B.Com

View Details
Company
ARTICLESHIP 30 April 2026
Article Assistant

J SINGH & ASSOCIATES

Ahmedabad

CA Inter

View Details