Just as auditors would consider, as part of risk assessment, an entity’s business risks in a financial statements audit, cyber security risk is an equally important risk area that cannot be ignored. As highlighted in the previous section, cyber incidents can result in financial consequences and therefore, have an effect on the financial statements. The financial impact on businesses can be massive and can cause fundamental enterprise-wide damage to entities. Cyber attacks can even go undetected,
resulting in financial implications to the entity that may not have been reflected in the financial statements
As such, cyber security risk assessment is an essential consideration in every financial statements audit. Auditors should consider and assess the impact of such risk to the financial statements audit and where necessary, the extent of audit response required to address the risk.