Date posted: 20/09/2017 5 min read

Auditors and accountants are the new custodians of data

Adopt, adapt and protect – auditors and accountants have an important role to play to safeguard data and organisations.

In Brief

  • Use tools to protect data stores against the threat of cybercrime.
  • NZ businesses being increasingly targeted by cyber-criminals.
  • Develop an individual data strategy for your enterprise.

Data management and cyber security are top of mind in the accounting and audit industries. It is no longer a matter of whether data will play a part in the future of audit and accounting.

Technologies have arrived and are already redefining the traditional roles of these professionals, generating new opportunities for growth and effective solutions to everyday business problems. 

The increased use of information technology requires audit and accounting professionals to manage large amounts of increasingly complex and sensitive data that is dynamic and under constant interrogation. 

This presents the opportunity for deeper and more accurate insights, providing greater transparency and understanding to all stakeholders in the industry, including professionals carrying out the work, clients and companies requesting it, and the regulators monitoring quality standards. 

Craig Fisher FCA, Audit Director at RSM New Zealand, says implementing tools that provide this functionality is the essential way forward for the industry, as they “enable a much more efficient and cost-effective process”.


(Pictured: Craig Fisher FCA, Audit Director at RSM New Zealand.)

Humans and machines can flourish together, but with great opportunity also comes risk. As information is digitised, data stores must be protected against the increasingly sophisticated threat of cybercrime. Security should be on every organisation’s agenda, and NZ businesses in particular are being increasingly targeted.

Philip Whitmore CA, Partner – Cyber Security at KPMG New Zealand, says this is because “the security of organisations in New Zealand [is] typically less robust than their equivalents in similar overseas countries”.

Related: Let’s celebrate #AuditorProud

International #AuditorProud Day is on 28 September and it’s an opportunity to celebrate the value of the audit profession globally.

While organisations have often limited visibility over the effectiveness of their security systems, cyber-attacks are growing ever more sophisticated and difficult to detect before sensitive data is compromised.

At the same time, organisations face the additional challenge of the lack of tolerance existing for those who experience breaches. The perception is they must simply do better to protect themselves and their stakeholders. 

(Pictured: Philip Whitmore CA Partner – Cyber Security at KPMG New Zealand.)

Philip Whitmore encourages organisations to first understand the value of their data and their exposure to data loss through every technology, venture or third party partnership, because this will help to guide the appropriate security approach. 

For example, when it comes to implementing cloud computing, a business or practice needs to ask whether the third party that is managing and storing their data is correctly equipped to protect it. 

An individual data security strategy is required, rather than a one-size-fits-all approach. With the migration towards digital assets: “Most organisations have a robust crisis plan for events such as floods, fires or sudden executive departures; but very few have strategies for handling digital security issues,” says Whitmore.

You’re accountable for the security of your data, no matter where it resides
Philip Whitmore Cyber Security at KPMG New Zealand

“Organisations will need to go above and beyond simply including security clauses in outsourcing contracts in order to get peace of mind. You cannot outsource accountability for security – you’re accountable for the security of your data, no matter where it resides,” he adds. 

Accountants and auditors have a big role to play in protecting their organisations. In order to develop appropriate protocols for data protection, it is not enough to understand information technology. Without detailed knowledge of the nature of the data and the business processes that underpin it, effective systems cannot be implemented, so accountants and auditors must play an increasingly critical role as custodians of the system. 

As a result, the roles of accountants and auditors are transforming. They will need to develop outside the traditional skillsets to embrace the opportunities and appropriately protect their organisations from the risks of cybercrime.

Related: Big Data for Finance Conference

Hear industry experts and finance leaders discuss the future of finance in the digital age. Live and recorded streaming also available. 

The accounting and audit professions have always relied on professionals’ ability to understand and respond to business change in order to be effective – and Craig Fisher believes it is no different this time around. 

“Cyber security and data management are just two forces impacting current business practices. Things have always changed and probably always will, but I believe that the speed and scale of change has increased.” 

Fisher says there is now a greater risk of being left behind or becoming irrelevant. Organisations and professionals must keep learning and be open to changes.