What Cyber Security Has to Do with Your Annual Financial Statements

21. February 2024

Inadequate cyber security is one of the biggest risks for companies today. This is the assessment of the World Economic Forum, which ranks cyber insecurity as the fourth biggest risk for the next two years in its Global Risks Report 2024. That is why cyber security issues can often play a role in the audit of your annual financial statements. If your auditor identifies cyber risks in your company that could have an impact on material disclosures in the financial statements and management report, they must respond appropriately. Your auditor will therefore examine how you operate your IT in the company and whether any risks may arise from this. For this reason, we recommend that you include qualified assessments of your IT in preparation for the audit of your annual financial statements.

Cyber security audits and annual financial statements

In the event that cyber security issues should become relevant in your annual audit, it is advisable to prepare well for this together with your IT security officer. Ideally, you have already introduced suitable measures in advance and can provide evidence of this during your audit. The areas that may have an impact on material disclosures in the financial statements and management report include:

  • IT environment and organization
  • Operating processes
  • Data backup
  • Access to software and data
  • Changes to software

Audits during the year

Many business managers and legal representatives have already recognized the need for cyber security assessments and therefore commission appropriate audits. Two types of audit are particularly suitable for a more in-depth examination of the appropriateness and effectiveness of a company's cyber security: the commissioning of supplementary audit areas (e.g. business continuity management, in particular protection against ransomware) as an extension of the annual audit or voluntary cyber security assessments based on common security standards. Both types of audit can help assess your company's cyber resilience, uncover potential for improvement and strengthen your cyber security overall.

Do you need support?

KRITIS Audit von usd AG

As an independent and neutral partner, we are happy to support you in preparing for the cyber security aspects of your annual audit. To this end, we recommend that you have security assessments carried out during the year. This way, you can provide evidence of the measures and activities taken in advance and be optimally prepared for your auditor's questions.

Get in touch.

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...