Knowledge Update                                                                          Knowledge Update





 By: Vishal Thakkar  Cyber Risk Management Using
 Executive perspectives on Top Risks 2018
          the Three Lines of Defense Model
 Not too long ago, top risks   they are probable to
 for C-suite executives were   allocate additional   Cybersecurity risk should also   look at risks at an enterprise
 regulatory scrutiny and economic   time or resources to   be managed like any other risk   level. This function monitors
 conditions as against today their   risk identification and   across the three lines of defense   how management (first line)
 top issues include disruptive   management over the   i.e. ownership, oversight and   is handling cyber risks by
 innovation, digitalization,   next 12 months.  assurance.  determining the extent that
 organizational resistance to   The Three Lines of Defense   risks are actively monitored and
 change, cyber threats and   While respondents   for Cyber Risk Management  appropriately managed.  Pulling fraud out of the
 corporate culture.  indicated slightly                                                shadows
 less concern about   1. Management Control  3. Internal Audit
 Key findings of the survey of   the overall scale and
 board members and C-suite   severity or risks for   The first line include the   The third line of defense is   49%
 executives  2018 relative to the two   3.  Managing cyber threats  information security department   internal audit and may include
 Based on the survey response,   prior years, there are noticeable   4.   Regulatory change and   and other business units that   input from external auditors and/
 shifts in what constitutes the
          own their cyber risks. This is
 the overall global business context   top 10 risks for 2018 relative   increased regulatory scrutiny  often called as management   or regulators as well. The third   of global organizations say they’ve experienced
 is less risky in 2018 relative to the   to last year. Overall Top 5 risks   5.   Culture may not encourage   line can challenge the assertions   economic crime in the past two years
 two prior years, with respondents   highlighted are as follows:  control as this function is   of the previous lines regarding
 across the globe sensing a slight   timely escalation of risk issues  responsible for managing cyber   the adequacy of the controls in   52%
 reduction in the scale and severity   1.  Increased speed of disruptive   risks by executing various   place.
 of risks in 2018 related to 2017.  innovation  controls.
 https://www.protiviti.com/US-en/insights/
 Respondents indicated that   2.  Resistance to change  protiviti-top-risks-survey  2. Risk Management  https://securityintelligence.com/take-a-  Of frauds were committed by insiders
          The second line of defense      load-off-delegate-cyber-risk-management-
 Characteristics of Financial Restatements and Frauds  consist of risk managers who   using-the-three-lines-of-defense-model/  68%


 Corporate reporting quality has been at the most   The number of companies with restatements that   7 Factors for Internal Audit’s Role in
 important place of the profession since the major   had an identifiable impact on earnings increased in   of external perpetrators, responsible
 corporate accounting scandals such as Enron   the post-SOX era but fluctuated greatly. The number   for 40% of fraud are frenemies of the
 and WorldCom at the beginning of the century.   of restatements and frauds has decreased, however,   Artificial Intelligence  organisation – agents, shared service
 Analysis of various characteristics of financial   the dollar amounts of losses continue to remain   providers, vendors and customers
 statement restatements and frauds discovered from   significant.  Whether we recognize or not,   needs to prepare for:
 2000 to 2014 which demonstrated how financial
 restatements and frauds have been affected by   Analysis of Study Results  Artificial intelligence (AI) has   1.  AI Governance  24%
 shifts in the regulatory and economic environment.   1.   Increased and improved governance practices   arrived in our lives. Many of us
 The analysis set out how financial reporting quality   under SOX and the enforcement of SOX section   experience AI on a daily basis   2.  Data Quality
 (i.e., the deterrence and detection of restatements   404 may be associated with the increased
 or frauds) has been affected by trends in   discovery of financial misstatements resulting in   through our interactions with   3.  Human Factor  frauds committed by senior management
 restatement and fraud from 2000 to 2014.  increased number of restatements and frauds  virtual assistants such as Siri,   4.  Measuring Performance  increased from 16%
 Frequency of Financial Statement Restatements   2.   Whilst most major causes for frauds did not   Alexa, Cortana, or Google, and   5.  Reemphasize Cybersecurity  Types of Fraud
 versus Frauds  vary with shifts in corporate reporting and   organizations are increasingly   Asset Misappropriation
 The statistics appear to support the view that with   regulations, significant causes for restatements   incorporating the advances that   6.  Filling the Understanding Gap
 the passage of SOX in 2002 and the implementation   arose due to changing accounting guidance, the   AI brings into operations. The   7.  Ethical Issues with AI  45%
 of SOX section 404 in late 2004, led to increased   unraveling of industry-wide improper accounting
 restatements.  practices, the macroeconomic climate, or   question to ponder: ‘is internal
 heightened regulatory scrutiny
 Categories of Financial Statement   audit prepared to provide   https://iaonline.theiia.org/blogs/  Cybercrime
 Restatements versus Frauds  3.   At least 50% of the financial misstatement   assurance over the complex   Jim-Pelletier/2017/Pages/7-
 cases are by relatively small companies (market
 For financial restatements, the most common   capitalization of less than $250 million),   algorithms this technology relies   Factors-for-Internal-Audit’s-  31%
 reporting issue related to debt and equity accounts   suggesting that smaller companies are of higher   on to facilitate organizational   Role-in-Artificial-Intelligence.
 or quasi-debt/equity instruments with conversion   risk of financial misstatement  success?’
 options (21% of restatements on average) as this   aspx?utm_source=SilverpopMailing&utm_  Fraud committed by consumer
 category ranked first in 11 of the 15 years.  4.   The median percentage of spending on non-  Internal audit can provide value   medium=email&utm_
 Characteristics of Companies with Financial   audit services has declined in the post-SOX   to organizations by applying its   campaign=20170464_TheStandard_  29%
 period, and the relative investment in non-audit
 Restatements and Frauds  versus audit services has fallen to 15% over   skills toward understanding the   Profession_120517%20%281%29&utm_co
 Companies with restatements were smaller than   time  organization’s objectives with AI   ntent=&spMailingID=17879267&spUserI
 those with frauds in terms of total assets and   and ensuring that risks are being   D=MTEwNTM1NzA5NDgwS0&spJobID=11
                                                                               https://www.pwc.com/gx/en/services/
 market capitalization.  https://www.cpajournal.com/2017/11/20/characteristics-financial-  addressed. Set out below are   23044105&spReportId=MTEyMzA0NDEw  advisory/forensics/economic-crime-survey.
 Magnitude of Financial Restatements and Frauds  restatements-frauds/  seven critical areas internal audit   NQS2  html

 06     INTERNAL AUDITOR - MIDDLE EAST                                                                                                                                MARCH 2018  MARCH 2018  INTERNAL AUDITOR - MIDDLE EAST     07