Page 8 - ENGLISH MARCH final 2018

P. 8

Knowledge Update Knowledge Update

By: Vishal Thakkar Cyber Risk Management Using
Executive perspectives on Top Risks 2018
the Three Lines of Defense Model
Not too long ago, top risks they are probable to
for C-suite executives were allocate additional Cybersecurity risk should also look at risks at an enterprise
regulatory scrutiny and economic time or resources to be managed like any other risk level. This function monitors
conditions as against today their risk identification and across the three lines of defense how management (first line)
top issues include disruptive management over the i.e. ownership, oversight and is handling cyber risks by
innovation, digitalization, next 12 months. assurance. determining the extent that
organizational resistance to The Three Lines of Defense risks are actively monitored and
change, cyber threats and While respondents for Cyber Risk Management appropriately managed. Pulling fraud out of the
corporate culture. indicated slightly shadows
less concern about 1. Management Control 3. Internal Audit
Key findings of the survey of the overall scale and
board members and C-suite severity or risks for The first line include the The third line of defense is 49%
executives 2018 relative to the two 3. Managing cyber threats information security department internal audit and may include
Based on the survey response, prior years, there are noticeable 4. Regulatory change and and other business units that input from external auditors and/
shifts in what constitutes the
own their cyber risks. This is
the overall global business context top 10 risks for 2018 relative increased regulatory scrutiny often called as management or regulators as well. The third of global organizations say they’ve experienced
is less risky in 2018 relative to the to last year. Overall Top 5 risks 5. Culture may not encourage line can challenge the assertions economic crime in the past two years
two prior years, with respondents highlighted are as follows: control as this function is of the previous lines regarding
across the globe sensing a slight timely escalation of risk issues responsible for managing cyber the adequacy of the controls in 52%
reduction in the scale and severity 1. Increased speed of disruptive risks by executing various place.
of risks in 2018 related to 2017. innovation controls.
https://www.protiviti.com/US-en/insights/
Respondents indicated that 2. Resistance to change protiviti-top-risks-survey 2. Risk Management https://securityintelligence.com/take-a- Of frauds were committed by insiders
The second line of defense load-off-delegate-cyber-risk-management-
Characteristics of Financial Restatements and Frauds consist of risk managers who using-the-three-lines-of-defense-model/ 68%

Corporate reporting quality has been at the most The number of companies with restatements that 7 Factors for Internal Audit’s Role in
important place of the profession since the major had an identifiable impact on earnings increased in of external perpetrators, responsible
corporate accounting scandals such as Enron the post-SOX era but fluctuated greatly. The number for 40% of fraud are frenemies of the
and WorldCom at the beginning of the century. of restatements and frauds has decreased, however, Artificial Intelligence organisation – agents, shared service
Analysis of various characteristics of financial the dollar amounts of losses continue to remain providers, vendors and customers
statement restatements and frauds discovered from significant. Whether we recognize or not, needs to prepare for:
2000 to 2014 which demonstrated how financial
restatements and frauds have been affected by Analysis of Study Results Artificial intelligence (AI) has 1. AI Governance 24%
shifts in the regulatory and economic environment. 1. Increased and improved governance practices arrived in our lives. Many of us
The analysis set out how financial reporting quality under SOX and the enforcement of SOX section experience AI on a daily basis 2. Data Quality
(i.e., the deterrence and detection of restatements 404 may be associated with the increased
or frauds) has been affected by trends in discovery of financial misstatements resulting in through our interactions with 3. Human Factor frauds committed by senior management
restatement and fraud from 2000 to 2014. increased number of restatements and frauds virtual assistants such as Siri, 4. Measuring Performance increased from 16%
Frequency of Financial Statement Restatements 2. Whilst most major causes for frauds did not Alexa, Cortana, or Google, and 5. Reemphasize Cybersecurity Types of Fraud
versus Frauds vary with shifts in corporate reporting and organizations are increasingly Asset Misappropriation
The statistics appear to support the view that with regulations, significant causes for restatements incorporating the advances that 6. Filling the Understanding Gap
the passage of SOX in 2002 and the implementation arose due to changing accounting guidance, the AI brings into operations. The 7. Ethical Issues with AI 45%
of SOX section 404 in late 2004, led to increased unraveling of industry-wide improper accounting
restatements. practices, the macroeconomic climate, or question to ponder: ‘is internal
heightened regulatory scrutiny
Categories of Financial Statement audit prepared to provide https://iaonline.theiia.org/blogs/ Cybercrime
Restatements versus Frauds 3. At least 50% of the financial misstatement assurance over the complex Jim-Pelletier/2017/Pages/7-
cases are by relatively small companies (market
For financial restatements, the most common capitalization of less than $250 million), algorithms this technology relies Factors-for-Internal-Audit’s- 31%
reporting issue related to debt and equity accounts suggesting that smaller companies are of higher on to facilitate organizational Role-in-Artificial-Intelligence.
or quasi-debt/equity instruments with conversion risk of financial misstatement success?’
options (21% of restatements on average) as this aspx?utm_source=SilverpopMailing&utm_ Fraud committed by consumer
category ranked first in 11 of the 15 years. 4. The median percentage of spending on non- Internal audit can provide value medium=email&utm_
Characteristics of Companies with Financial audit services has declined in the post-SOX to organizations by applying its campaign=20170464_TheStandard_ 29%
period, and the relative investment in non-audit
Restatements and Frauds versus audit services has fallen to 15% over skills toward understanding the Profession_120517%20%281%29&utm_co
Companies with restatements were smaller than time organization’s objectives with AI ntent=&spMailingID=17879267&spUserI
those with frauds in terms of total assets and and ensuring that risks are being D=MTEwNTM1NzA5NDgwS0&spJobID=11
https://www.pwc.com/gx/en/services/
market capitalization. https://www.cpajournal.com/2017/11/20/characteristics-financial- addressed. Set out below are 23044105&spReportId=MTEyMzA0NDEw advisory/forensics/economic-crime-survey.
Magnitude of Financial Restatements and Frauds restatements-frauds/ seven critical areas internal audit NQS2 html

06 INTERNAL AUDITOR - MIDDLE EAST MARCH 2018 MARCH 2018 INTERNAL AUDITOR - MIDDLE EAST 07

3 4 5 6 7 8 9 10 11 12 13