Auditoría y ciberseguridad

Martín Santiago Ghirardotti; Juan Ignacio Renna

doi:10.24215/27188647e014

Authors

Martín Santiago Ghirardotti Profesor titular de la Diplomatura en Governance, Compliance, Control & Assurance - Universidad de San Andrés. Argentina.
Juan Ignacio Renna Facultad de Ciencias Económicas. Universidad Nacional de Cuyo. Argentina.

DOI:

https://doi.org/10.24215/27188647e014

Keywords:

audit, cybersecurity, risks

Abstract

This essay aims to be an argumentative discussion on a present issue, which involves both companies, regulatory bodies and external auditors, and for which the latter are beginning to adapt the planning and execution of some of their work. It will also try to analyze the issue from a context that is new and changing in Latin America at times, but trying to provide an understanding of the issue from the observation of how this situation has begun to be addressed by regulatory bodies and auditing firms in the United States. and Europe.

On the other hand, this essay tries to provide a vision of the future on how new needs for assurance work could begin to emerge from companies and provide some tools that the external auditor could count on to carry out their work in cybersecurity audits.

Downloads

Download data is not yet available.

Author Biographies

Martín Santiago Ghirardotti, Profesor titular de la Diplomatura en Governance, Compliance, Control & Assurance - Universidad de San Andrés. Argentina.

Contador Público - Facultad de Ciencias Económicas de la Universidad Nacional de Buenos Aires. M.B.A. (UDESA). Programa de Alta Dirección PAD (IAE). Posgrado en Management Estratégico (Universidad de San Andres).Especialización en Normas Internacionales de Información Financiera (UBA). PEF - Programa de Especialización en Finanzas (IAE). Certification in Risk Management Assurance™ (CRMA®). C.E.O. de Resguarda - Servicio de Reporte de Irregularidades. Profesor titular de la Diplomatura en Governance, Compliance, Control & Assurance - Universidad de San Andrés. Secretario General en Federación de Auditores Internos de Latinoamérica -FLAI. Presidente del Instituto de Auditores Internos de Argentina 2013-2015. Vicepresidente de INICIA - Emprender para el futuro. Asociación Civil que apoya a emprendedores. Docente del Programa de Especialización en Detección de Fraude y Auditoría del Consejo Profesional de Ciencias Económicas de la Ciudad Autónoma de Buenos Aires.

Juan Ignacio Renna, Facultad de Ciencias Económicas. Universidad Nacional de Cuyo. Argentina.

Contador Público Universidad Nacional de Cuyo (UNCuyo). Certificate in International Auditing –CertIA– (ACCA). Curso de Posgrado en IFRS (UCongreso). Desarrollo Gerencial (ADEN). Habilidades Directivas (ADEN). Curso de Posgrado Estrategia Financiera (UNCuyo). Curso de posgrado contabilidad en industria minera (CPCE San Juan/PwC Bussines School). Docente adscripto cátedra auditoría UNCuyo (2019-Presente). Docente adscripto cátedra auditoría Universidad del Aconcagua (2022-Presente). Gerente Administración Autotransportes Andesmar (2017-2019). Coordinador contable José Cartellone Construcciones Civiles (2014-2017). Jefe de Administración y Finanzas VEB – Grupo Andesmar (2013-2014). Assurance Senior PwC Argentina (2010-2013).

References

Accenture (2018). From Bottom Line to Front Line (Archivo PDF), p. 13. https://www.accenture.com/t20180910T083815Z__w__/us-en/_acnmedia/PDF-85/Accenture-CFO-Research-Global.pdf

American Institute of Certified Public Accountants (s.f). En System of Control for Cybersecurity. Recuperado de https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/cybersecurityforcpas.html.

American Institute of Certified Public Accountants (s.f). SOC for Service Organizations. https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations.

Computer Security Resource Center (s.f). Cyber Attack. En Computer Security Resource Center’s Glossary. Recuperado de https://csrc.nist.gov/glossary.

Deloitte (s/f). Corporate Boards May Be More Likely Than Regulators to Scrutinize Cybersecurity Program Effectiveness This Year.

European Union Agency For Network and Information Security (2017). Cyber Security Culture in Organizations.

Information Systems Audit and Control Association (s.f). Cybersecurity. En Information Systems Audit and Control Association´s Glossary of terms. Recuperado de https://www.isaca.org/resources/glossary.

NIA 315 (Revisada en 2019). International Auditing and Assurance Standards Boar, parr. A224.

NIA 400. International Auditing and Assurance Standards Board, Sistemas de contabilidad y control interno.

NIA 720 (Revisada en 2020). International Auditing and Assurance Standards Board, parr. 11.

Ponemon Institute LLC (2018). Cost of a Data Breach Study: Global Overview, p. 33.

Reuters (2021). Wide-Ranging SolarWinds Probe Sparks Fear in Corporate America. https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/

Securities Exchange Commission (2018). Accounting and Auditing Enforcement Release No. 3937 (Archivo PDF). https://www.sec.gov/litigation/admin/2018/33-10485.pdf