The Public Company Accounting Oversight Board may begin asking auditors to vouch for cybersecurity controls at the companies they audit.
PCAOB board member Kathleen Hamm called recently for more auditors to get involved in performing cybersecurity risk assessments after high-profile data breaches in recent years at all too many companies.
“We know some auditors are laser-focused on cybersecurity and have taken steps to specifically consider cyber-threats when assessing the risks of a material misstatement in the financial statements of public companies,” she said at a financial reporting conference at Baruch College in New York on Thursday. “Whether or not a cyber-incident has occurred during the planning process, an auditor must perform a risk assessment, and I believe that assessment should consider any cybersecurity risks that could have a material effect on the company’s financial statements.”
Hamm highlighted a data breach at Yahoo that occurred in 2014: The company initially reported the breach in 2016 and said it affected at least 500 million user accounts, later upping the estimate to about 1 billion accounts. Then in 2017, Verizon, which had…
