A collaborative approach to internal controls
Since financial data is a prime target for cyberattacks, strong internal controls are important for reliable and timely reporting. Organizations should establish structures that can continuously assess the impact of cyber threats on internal controls. CFOs and CISOs should focus on these five priorities.
1. Conduct an integrated risk assessment.
Joint risk assessments should thoroughly evaluate cyber risks relevant to internal control over financial reporting (ICFR). This includes analyzing both the likelihood and potential magnitude of threats that give rise to financial reporting risks. Integrating a recognized framework into your financial risk assessment process provides a structured approach, helping to align cybersecurity activities with ICFR obligations.
2. Establish effective internal controls to help mitigate risks.
Control weaknesses often stem from lapses in basic cyber hygiene. Identify and design internal controls that can adapt to changing cyber exposures. These might be driven by business transformations such as system integrations following an acquisition or major technology initiatives that expand the…
