Professional Documents
Culture Documents
______________________________________________________
In Partial Fulfillment
Of the Requirement of the Course
AAPRINCIPLES: Internal Auditing (Auditing and Assurance Principles)
_______________________________________________________
Presented to:
Presented by:
_________________________________________________________
Internal Auditing (Auditing and Assurance Principles) 19
TABLE OF CONTENTS
I. Executive Summary……………………………………………………….....3
References
Internal Auditing (Auditing and Assurance Principles) 19
I. EXECUTIVE SUMMARY
advanced technology, potential risks within the company are also evolving and becoming
digitalized. A large number of chief executives stated that cybersecurity risk is considered as
the most alarming concern due to the drastic increasing of cybercrime each year and the
negative economy wide effect it brings. In order to reduce the risk, internal auditors are
determined who has the sufficient skills, experience, and knowledge for risk assessment and
provide an audit plan to address these issue (Institute of Singapore of Chartered Accountants
(2018). It also leads to an added concern that due to demand, there is not enough pool of
qualified internal auditors to take the role according to the study of Protiviti and ISACA
The proposal not only provides an improvement to the profession but also to devise a
solution to address the cybersecurity risk of the supervised company. Technology system
course implemented in schools to produce well knowledgeable future auditors and establishing
training program for newly hired employees will develop their workforce performance.
Moreover, the proposal also suggest an additional process which will strengthen the risk
management assessment of the entity. The accountants are then increase their capability to take
more advanced roles and the companies will then possess qualified auditors.
digitalized auditing is to coordinate with the college administrative staff of the university to
prepare the submission of the paper to the Curriculum Office, then reviewed by the specific
Internal Auditing (Auditing and Assurance Principles) 19
vice presidents in Academic and Student Affairs Office (ASA) and subject for approval to the
Commission on Higher Education (CHED). The process of the other two proposed solutions is
it will undergo approval stage by the Philippine Institute of Certified Accountants (PICPA)
otherwise such as not all universities and students has enough financial resources to include the
proposed course to their curriculum and the firm may think that is not the worth the effort and
investment to establish training program for the recruits and add a new auditing process. The
writers of the proposal concluded to reduce or eradicate these problems regarding the risks of
cyber security in firms and advancing the quality of the audited financial statements in three
ways.
The world is entering a new age wherein technology and machineries considered now
as one of the basic necessities in life. The generation completely embrace the use of it to their
daily lives, even more in application of profession and business industry. Systems and
programs are recently developed norm as an aid for various professions in doing their
expertise. Since March 17, 1923, the day when the accounting profession was formally
recognized in the Philippines (PICPA, n.d.), the practice done by the Certified Public
Accountants (CPAs) are slowly adopting the use of system with integrated application that aids
them to manage and record business transactions. Such software serves as the major operation
Internal Auditing (Auditing and Assurance Principles) 19
that store large pools of information within a company however, it demands consistent
In 2020, Barclay Simpson disclosed that 78% of chief audit executives (CAEs) assessed
that cyber security is one of the top risks to their organizations. From 66% of respondents
conducted previous year, there has been an increasing of threats to intellectual property and
digitalized security to different companies. In addition, nearly 20% have to do with the unease
of compliance and regulatory change (Hornsby, 2019). Cybersecurity is defined by Loo (2018)
as a series of complex web of programs and systems that is expected to counter act against
digitalized threats. The IT department may not have the sufficient knowledge and tools they
require to secure the systems. Numerous firms foreseen and determined the specific profession
assurance to the company regarding to risk management, internal control, governance, and etc.
In extension, internal audit is expected to perform the critical role in increasing the security
through analyzing and establishing new processes or programs. Internal auditors reports back
to the audit committee and board of directors with regards to the updates of control and
continuing proper function of the system as it is within the managements’ duty to be aware of
because the huge potential risk it can be bring to their company if not addressed wisely
(Deloitte, 2017).
A study did a rough calculation that approximately cybercrime has the potential to lose
over $2 trillion by the year 2019 which increased significantly from the year 2015 (Deloitte,
Internal Auditing (Auditing and Assurance Principles) 19
2017). Cybercrime threats the hacking of confidential information such as financial statements
and supporting evidences which are not yet intended to release in the public. Furthermore,
malicious virus can corrupt an entity’s software that can destroy financial reporting data, alter
or stole the system’s code, unrecovered client’s information that will lead to large detrimental
effect especially if the company do most of its operations with the help of the system. Aside
from the thousands to millions of losses, companies are at risk to preserve their reputation
which is assumed to have a longer negative outcome and hence, limiting the chances of
With the abovementioned scenarios and situations, the main purpose of this proposal is
to recommend ways further to strengthen the system’s security against threats, to increase the
number of knowledgeable and competent internal auditors to counteract and minimize the
risks.
Cybersecurity risk, as stated by Adelman & et al. (2019), originates from hostile
intention to cybernetic attack that can give rise to disturbance and failure of systems and
ultimately cease the activity of the supervised entity. Evidences revealed that cybercrime has
been increasing and advancing as the companies continues to depend on the information and
communication technologies. Especially into these information age, practically every entity
manages their whole operation with the utilization of technology and Internet connectivity
which made them prone on cybersecurity risk whether they are big or small. Only those who
Internal Auditing (Auditing and Assurance Principles) 19
run their business traditionally or manually are not expose to the threat of cybercrime (Institute
and agencies that lost significantly of their resources and capital as well as get their image
tainted due to these. Based from these scenarios, chief executives ascertained that improving
their cybersecurity should be one of the top priorities of their company. Floods of reports from
analytics and Accenture, a consulting firm, discovered on a survey that almost 90% of the 450
financial firms intended to focus their funding on risk management to regards in preventing
On the other hand, although recognizes the essential on developing their company’s
cyber security, some chooses not to allot their spending on such. For instance, one of the top
shipping companies in Japan termed it as a “cost”. Other 64% of entities, in all sizes, also
stated the same opinion that they see it as an expense rather an investment based on the
Nevertheless, it is viewed that internal auditor plays a crucial role because as stated by
Institute of Singapore of Chartered Accountants (2018), auditors should not overlook the
importance of cybersecurity risk for it is part of assessing the risk management of the business.
Alongside to above mentioned general consequences, it can cause damaged on managing the
financial statement that can turn into fundamental effect to the company. One instance scenario
is the undetected malware that may tamper the financial statements. Therefore, internal auditor
Internal Auditing (Auditing and Assurance Principles) 19
ought to examine the possible repercussions of the risk to the auditing of financial statements
Famous accounting firm, Deloitte (2017), expressed its opinion on the advantages of
requiring the services of internal auditors to combat the issue. The internal audit is capable of
examining and providing a comprehensive cyber risk assessment that extends to introducing
sound accurate discoveries and viewpoint to the company’s audit committee and board of
directors. Gathering those findings to construct a detailed audit proposal to decrease the
cybersecurity risk that could last for a single or multi-year audit period.
Internal auditors are called for to provide their expertise in reducing the level of risk the
cybercrime possess and which means several firms are in need of pool of competent internal
auditors. In addition to Deloitte’s (2017) statement, internal audit professionals with the
sufficient knowledge, skills, and experiences are in demand for they play a vital role to the
firm. Moreover, they are considered as “indispensable resource” if they are familiar to engaged
in the virtual world and has the proficiency to perform assessments. These was echoed with the
same sentiment by the IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP,
CCSA, CRMA, based from the excerpt of Horwath (2018), "The evolving responsibilities of
internal audit in addressing cybersecurity issues mean that audit professionals must develop a
clear understanding of the principles of data security and the cyber frameworks that apply
Alongside with the increasing concern of cybersecurity risk, chief executives also pose
a challenge to recruit qualified professionals. Findings of a study conducted by the Protiviti and
Internal Auditing (Auditing and Assurance Principles) 19
governance, risk and information security space, entitled “2019 Global IT Audit Benchmarking
Study” stated the number of enterprises that are encountering insufficiency of skilled internal
auditors and discovered the most demand top five skills the corporations are looking for the
position.
Conducted survey revealed that entities with ranging from US$ 100 million to $ 1
billion net incomes, almost 32% of them are with limited resources and skills of professionals
in constructing an annual audit plan. The results indicates that even the executive big
corporations are dealing with the same issue as any other enterprises. The following are the
findings regarding the five skillsets in demand for internal auditors: expertise in advanced and
enabling technologies, critical thinking, data science, agile methodology, and communications
Just like any other fields, auditing has also evolved with technology to constantly meet
the changing business models, new sets of requirements, and as strong defense for
cyberattacks. In order to help entities in assuring that they are coping up with this challenges,
internal auditing must evolve as well not just for the sole benefit of the organization, but also to
enhancing their credibility to build meaningful engagements. However, issues such as quality
of auditing with minimal human intervention, and cyber security, are commencing through this
advancement. With these, the proposers came up with this motion that will contribute on the
Since the world is in the midst of Skills Revolution, the skills needed are changing
relying on software and cloud-based services are emerging that is why it’s important to have
auditing. This way, students are already undergoing training to prepare them in engaging at
today’s demand, because technical skills are hard to find. This course is a better way for
greater understanding of the technical aspects of the work, and students who completed a
digitalized auditing course will give themselves a boost on their job performance when the
time comes. This proposal can contribute in the improvement of the profession because
nowadays, there is a big challenge in acquiring people with adequate skills in operating
automated solutions, and that is mainly because of the shortage in talents about the use of
digitalized processes. If students will have this course, it will heightened their ability to adapt
to this threatening productivity, and expand their minds to fresh skill sets that will give solution
to the global talent shortage, in order to attain sustainability and growth in engaging auditing
services.
Internal Auditing (Auditing and Assurance Principles) 19
Another way that the proposers address this shortage issue is to implement or enhance
trainings among newly hired auditors and existing auditors to familiarize themselves more on
the system. Auditors must expand their skillsets more effectively to reduce risk and improve
controls within the organization. Companies must invest more in ensuring that the workforce
are reskilled by having workforce development program to future-proof their skills to avoid
being left behind. This learnings among the auditors will help them to become more aware on
how to maximize the use of auditing system and utilized it for performing quality
engagements. According to the World Economic Forum, the entities who are successful in
workforce transformation will be able to “harness new and emerging technologies to reach
higher levels of efficiency of production and consumption, expand into new markets, and
compete on new products for a global consumer base composed increasingly of digital
natives.”
One of the issues also encountered in today’s profession is the threat on quality of auditing
emerging technology. These threats in cyberattacks also continuously evolving that is why the
management have to set policies on how to address the capabilities of the firm in managing
these associated risks. The proposers suggested to have two process in conducting auditing to
increase the quality of auditing and that is to first have it on the digitalized process, and the
next one is to have a auditor who will still assess the information. These auditors plays crucial
role in helping organizations in the battle against managing cyber threats by giving
enterprise.
Internal Auditing (Auditing and Assurance Principles) 19
GOAL: To address cyber security risk by making accountancy students and auditors
This action plan identify the specific steps needed to take in order to achieve the goals and
objectives of the proposal.
Today in the digital world in the year 2020, ICAEW (2020) stated that all
organisations, big and small, are investing in technology to improve their business. The auditor
rely on that technology and are required to test its operating effectiveness. Companies often
encounter problems arising from cyber security. It is where confidential information not to be
Internal Auditing (Auditing and Assurance Principles) 19
known in public are usually hacked and used as threats to the competitors. It is through the
enhancing trainings among newly hired auditors and existing auditor and the execution of two
process in auditing financial statements will improve the protection against the risks in cyber
security.
Proposing to have courses in digital auditing and the enhancement on their training,
auditors are now equipped with experts on different software applications and platform
technologies to inform their clients on the strengths of their security or change controls and to
duties. Having the right level of expertise of new technology allows us to provide the highest
quality of audit. Investment in people skills is the real secret to quality technology audit.
Having the two system process will lead to reduce the risks in compliance with the latest data
protection regulations to protecting the business against unauthorised access. Having the
system processing and human intervention in auditing will increase the quality of the audited
financial statements.
here in the Philippines, not all universities can afford to have this as a course. Also in other
countries people may say that it is expensive to have this as a course for using such softwares
and tools in digital auditing. The feasibility may be a problem to other universities just like in
Internal Auditing (Auditing and Assurance Principles) 19
state universities, a survey presented by Marcus (2018), that college students in state
universities cannot afford such courses that are kinda expensive with its laboratory expenses.
As for the two process in auditing financial statements, the managers or the administration or
any person interested in the firm may complain that it is time consuming as they are used to
have their audited financial statements fast with only automated machines and less human
intervention. Unfortunately continuing the way they want may degrade the quality of the
As our technology develops with innovation and inventions, the impact of solely
relying in it, problems may arise just like the risks in cyber security. It is very rampant today in
firms with technological advancement to experience problems with their security especially in
the cyber world. It is very alerting to address this problem for it will affect all of us including
the firms and the society. The writers of the proposal concluded to reduce or eradicate these
problems regarding the risks of cyber security in firms and advancing the quality of the audited
financial statements in three ways. First is to implement digital auditing course which is not yet
made available here in our country that is really needed for as we all know auditing digitally is
a trend today in every firms but we lack of people with expertise in digital auditing. The
writers firmly believe that if there would be such course, there'll be an increase of auditors with
expertise and vast knowledge digitally. The second part of the proposal which is the
enhancement of training to the auditors regarding digital auditing is aligned with the
implementation of the said course. As auditing is very crucially significant because of its
Internal Auditing (Auditing and Assurance Principles) 19
opinion provided on the financial statements, auditing digitally today must be introduced and
be part of the training of the auditors regularly for them to be updated with our new technology
and work efficiently and effectively. Lastly, the third part of the proposal is to have a two
process in digital auditing. The first process is to let the automated system to audit the financial
statements and followed by the second process where the auditors will double check the
audited financial statements by the machine / software. This two process of auditing addresses
the problems regarding the increase of errors and advancing the quality of the auditing of
financial statements.
References:
Adelman, F., Gaidosch, T., Morozova, A., Wilson, C. (2019). Cybersecurity Risk Supervision.
Deloitte (2017). Cybersecurity and the role of internal audit: An urgent call to action.
Retrieved
from https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-cyber-
ia-urgent-call-to-action.pdf
Hornsby, D. (2019). Top 5 key risks for internal auditors in 2020. Retrieved from
https://www.barclaysimpson.com/blogs/top-5-key-risks-for-internal-auditors-in-2020-
92829102719
Horwath, C. (2018, March 12). Internal Audit's Growing Engagement in Cyber Management.
Internal Auditing (Auditing and Assurance Principles) 19
https://link.gale.com/apps/doc/A530688887/GPS?u=phhau&sid=GPS&xid=2f163051
ICAEW. (2020). A simple revolution for digital auditing and auditing digital.
https://www.icaew.com/technical/audit-and-assurance/faculty/audit-and-beyond/audit-
and-beyond-2019/audit-and-beyond-december-2019/a-simple-revolution-for-digital-
auditing-and-auditing-digital
cyber-security-risk-report.pdf
https://www.lanecc.edu/curriculum/course-approval-process
Loo, Alex (2018). Why are cybersecurity audits important?. Retrieved from
https://www.echoworx.com/blog-are-cybersecurity-audits-important/#:~:text=Why
%20conduct%20cybersecurity%20audits%3F,should%20be%20reviewed%2C%20and
%20why.
https://www.manpowergroup.com/workforce-insights/the-future-of-work-and-skills
Marcus, J. (2018). New data show some colleges are definitively unaffordable for many.
Internal Auditing (Auditing and Assurance Principles) 19
https://www.google.com/amp/s/hechingerreport.org/new-data-show-some-colleges-are-
definitively-unaffordable-for-many/
Menlo, P. (2019, October 15). IT Security, Privacy and Data Management Ranked as Top
Challenges Facing IT Audit Function, According to Survey from Protiviti and ISACA.
https://link.gale.com/apps/doc/A602726973/GPS?u=phhau&sid=GPS&xid=0621a15a
Milano, M. (2019b, March 12). The digital skills gap is widening fast. We Forum.
https://www.weforum.org/agenda/2019/03/the-digital-skills-gap-is-widening-fast-
heres-how-to-bridge-it/
http://www.picpa.com.ph/content.html?article=History&page=About
Pundmann, S. (2019, February 26). Cybersecurity and the role of internal audit. Deloitte
United
States. https://www2.deloitte.com/us/en/pages/risk/articles/cybersecurity-internal-audit-
role.html
The Economist. (2020, July 18). The other virus threat; Cyber-security, 54(US).
https://link.gale.com/apps/doc/A629635596/GPS?u=phhau&sid=GPS&xid=21f953ce
Courses.
Internal Auditing (Auditing and Assurance Principles) 19
https://westerncommunitycollege.ca/blog/5-unexpected-benefits-of-information-
technology-courses/
Wilhelm, C. (2015, May 12). Cybersecurity, Fraud Top of Mind for Bank Execs: Report.
u=phhau&sid=GPS&xid=4ee72162