BIoT Canada

Cyber breaches changing all the audit rules: KPMG

January 22, 2015  

Print this page

The traditional relationship between Canadian corporate management teams and their governing boards is being redefined to successfully mitigate company risk, according to KPMG’s new 2015 Audit Trends report released today.

National and international regulatory changes, growing frequency of cyber security breaches at major corporations and increasing scrutiny on tax transparency are all serving to increase pressure on both parties to broaden their scope of responsibility and work more closely together, the firm said.

According to the report, the audit committee mandate is expanding from strictly managing financial risk to a broader risk management role.

“With their already inherent risk focus this broader risk responsibility is a natural step,” KPMG said in a release. “However, many organizations are not equipped with the resources needed to mitigate non-audit risks while capitalizing on potential opportunities. Management teams and boards must understand the implications of continuing trends and cooperate to navigate accordingly.

Canadian companies can mitigate cyber risk by:

* Understanding their assets and realizing that all data is not equal. Identify what is most critical to protect, devote appropriate resources to secure and develop intelligence on key threats those assets may face, to produce actionable information.

* Ensuring management and governance teams receive regular security metrics and cyber incident reports to monitor attacks and trends. Conduct periodic cyber risk assessments and consider the need for an independent risk assessment, with clearly defined roles of involvement for both board and management, from approvals to escalation.

* Implementing internal policies for social media management and monitoring, with clearly defined roles of involvement for both board and management, from approvals to escalation.

“A governance agenda that formerly included working with auditors and overseeing financial reporting and controls is evolving to also consider everything from cyber security and social media, to mergers and acquisitions, fraud and forecasting,” said John Gordon, Canadian Managing Partner, Audit, at KPMG.

“With continually expanding risk-related responsibilities, management teams and their governing boards and audit committees are working together to achieve financial business objectives, while mitigating an ever-changing risk landscape.”

Further information on the report is available at





Print this page


Leave a Reply

Your email address will not be published. Required fields are marked *