Audit and Risk Committees are the frontline against cybercrime

AuditCyber Security

18 November 2021

The Institute of Internal Auditors (IIA) Australia has recently published a whitepaper on Cyber Risk Readiness, Response and Ransom: An Audit Committee Perspective to assist and prompt thinking and questioning by Audit and Risk Committees (ARCs) on emerging issues in cyber risk.

The document summarises that cybercrime is a fast-moving tide and ARCs are charged with staying abreast of the risk frontier to be able to make relevant enquiries of their organisations.

The whitepaper highlights that there has been significant growth in cybercrime. In its second annual threat report, the Australian Cyber Security Centre (ACSC) has revealed over 67,500 cybercrime reports were made in the last financial year, a jump of 13 percent on the previous 12 months.

Headlines in news bulletins have most recently highlighted the broad range of organisations impacted with meat processors, hospital health services, local government councils and even the news reporting broadcasters impacted by cyber incidents.

Every ARC should have a focus on the current preparedness of their organisation by taking an active role in raising with management questions on:

  • Their organisation’s cyber risk control environment.

  • Cybercrime response projections.

  • Technology risks.

  • Cyber insurance.

  • Cyber ransom policy.

ARC’s are at the front line of risk identification and need to stay up to date on the changing threat landscape and evolving environment.

Crowe has developed the Cybercrime Vulnerability Scorecard Tool on the basis of joint research with Europe’s largest forensic research centre at the UK’s University of Portsmouth. Talk to your adviser or get in touch with us to discuss how we can assess your risk of cybercrime and provide you with a report that outlines your cybercrime vulnerability rating and a checklist of what you need to do.

Author: John Zabala

With over 30 years’ experience, John is a Senior Partner based in our Brisbane office and oversees all Assurance client work in Queensland. With extensive experience across a multitude of industries and specialist skills in the areas of external audit, assurance, risk management, and information technology, John is directly involved in all major engagements throughout Queensland. John has audit experience across a broad range of industries, with clients including ASX listed entities, public companies, large and small proprietary companies and not-for profit entities. He specialises in local government, health and aged care and not-for-profit entities. Additionally, John’s experience blends technical expertise with a commercial perspective to accounting issues, allowing him to provide practical “real world” advice.