Inadequate cyber security is one of the biggest risks for companies today. This is the assessment of the World Economic Forum, which ranks cyber insecurity as the fourth biggest risk for the next two years in its Global Risks Report 2024. That is why cyber security issues can often play a role in the audit of your annual financial statements. If your auditor identifies cyber risks in your company that could have an impact on material disclosures in the financial statements and management report, they must respond appropriately. Your auditor will therefore examine how you operate your IT in the company and whether any risks may arise from this. For this reason, we recommend that you include qualified assessments of your IT in preparation for the audit of your annual financial statements.
Cyber security audits and annual financial statements
In the event that cyber security issues should become relevant in your annual audit, it is advisable to prepare well for this together with your IT security officer. Ideally, you have already introduced suitable measures in advance and can provide evidence of this during your audit. The areas that may have an impact on material disclosures in the financial statements and management report include:
- IT environment and organization
- Operating processes
- Data backup
- Access to software and data
- Changes to software
Audits during the year
Many business managers and legal representatives have already recognized the need for cyber security assessments and therefore commission appropriate audits. Two types of audit are particularly suitable for a more in-depth examination of the appropriateness and effectiveness of a company's cyber security: the commissioning of supplementary audit areas (e.g. business continuity management, in particular protection against ransomware) as an extension of the annual audit or voluntary cyber security assessments based on common security standards. Both types of audit can help assess your company's cyber resilience, uncover potential for improvement and strengthen your cyber security overall.
Do you need support?
As an independent and neutral partner, we are happy to support you in preparing for the cyber security aspects of your annual audit. To this end, we recommend that you have security assessments carried out during the year. This way, you can provide evidence of the measures and activities taken in advance and be optimally prepared for your auditor's questions.
