The Institute of Chartered Accountants of the Caribbean (ICAC) and IFAC held a joint workshop on June 21, 2017 in Guyana with representatives from 10 professional accountancy organizations in the region. Participants gathered together with the twin objectives of examining the role of the accountant in a changing world along with the trends (technological, economic, social, etc.) impacting the profession and tomorrow’s accountant as well as to discuss the challenging issues facing the accountancy profession and the future-readiness of today’s accountant and professional accountancy organizations.
1. The Impact of Technology on the
Profession
ICAC/IFAC PAO MEETING
JUNE 22, 2017
Presented by Shawn M. Mahler, CA, CISA
2. Technology continues to impact the accounting profession in new and
challenging ways.
In my view, the profession can only be future ready if it embraces
technological advancement and the changes it brings to the global
marketplace while also adapting to the associated risks and threats with
continued advancement.
The number 1 threat in our current and future business reality is
Cybersecurity.
In 2016, the Chief Knowledge Officer of the Information System Audit and
Control Association, Dr. Ron Hale stated that cyberattacks are inevitable to
every organization. The data shows us that the answer is a bit unclear.
Cyberattacks are still pervasive. We are still experiencing many of the
same attack types that have plagued organizations for years.
3. 2016 was a remarkable year for info security. There were
allegations of US election hacking, IT botnets, SWIFT banking
heists, Yahoo breach disclosures to the tune of 1.5 billion
passwords, and rampant ransomware incidents. With every story
playing out in the media
4. Cybersecurity incidents continue to rise. According to PwC’s Global
State of Information Security Survey 2015, attacks rose
internationally by 48 per cent in 2016 resulting in huge remedial and
reputational costs to the companies and governments concerned.
5. Despite clearing annual global statistic on the matter, the Caribbean
remains woefully unprepared, with governments and parts of the
private sector declining to take the matter seriously until subject to
an attack.
However, we only has to consider the enormous sums of money
transferred regularly through the region’s offshore financial centers,
the commercially sensitive documents held in registries and
lawyers’ offices, matters of national security and criminality that all
governments regularly engage with, the expansion of citizenship
programs, and the millions of daily commercial banking
transactions, to immediately see the dangers cybercrime poses to
small nations.
6. The past has proven the Caribbean is not immune to attacks.
While few Caribbean cases of DDoS or cybercrime ever become
public, because of the perceived reputational damage such as:
theft from banks;
the hacking of government websites in the Bahamas and St
Vincent by a group claiming to be supporters of ISIS;
ransomware attacks on some Caribbean tax authorities
the publication online of 1.3 million files from the Bahamas’
corporate registry.
7. These revealed not just the lack of appropriate security within
government portals, but the existence of outmoded IT systems and
software with the potential, some experts suggest, to have
compromised government’s internal communications.
They also highlighted the region’s vulnerability, and the absence of
local expertise or financial resources to address weaknesses,
leaving others to be invited in to provide the necessary technical
support and to remedy problems.
8. According to a joint study by the Center for Strategic Studies and
McAfee published earlier this year, Latin America and the
Caribbean (LAC) has become a new frontier for cyber-attacks and
crime at an estimated cost of around US$90 billion per year.
9. In trying to address what is a growing global threat, some
governments and companies are being proactive. Following the St
Vincent attack, for example, the St Lucia government has said it is
strengthening its cyber security and is encouraging collaboration at
a national, regional and international level.
The Bahamas has said that it recognizes the need for professional
monitoring, and Jamaica is utilizing international technical
assistance, is developing a national cyber security strategy, has
established a cyber incident response team, and has drafted
relevant laws.
10. Despite 2014 and 2015 reports on the subject produced by the
Organization of American States (OAS) the region has a very long
way to go, or that for the majority, the pace of the response is slow.
The OAS’s April 2015 ‘Report on Cyber security and critical
infrastructure in the Americas’ makes clear that the threat is moving
on and attacks on critical infrastructure increasingly represent a
serious new vulnerability for the region.
11. By this what is meant is that government’s databases and email
communications, national commercial banking and financial
systems, the control of the energy supply and other utilities, and
communications at a national and dedicated level, are now subject
to attack from cybercriminals seeking financial gain or by those
undertaking hostile political acts.
12. As governments encourage the growth of digitized knowledge-
based, services-oriented economies in which government and
connectivity are used to drive productivity and growth, the
suggestion is that despite hard pressed budgets, national cyber
security is now seen as a core cost for governments and just as
important as physical security. In response the OAS and IDB
reports on the state of cyber security in the region, CARICOM has
directed more spending on more proactive efforts such as
improving legislation and organizing national and regional response
team to cybersecurity.
13. Recent developments also demonstrate that there has to be closer
public sector-private sector co-operation of a kind not usual in much
of the Caribbean, to develop systems and secure forms of
information exchange as cyber security touches both the viability of
nations and individual enterprises.
14. The global survey on the state of cybersecurity indicates that both
public sector and private sector lack the expertise in properly
scoping cyber security in it risk management strategy.
The global survey also indicates that over 50% of cybercrimes are
motivated by financial gain. Another 37% of incidents are motivated
toward identity theft.
These glaring statistic exhibit the reason the accountancy
profession needs to adapt to the impact cybersecurity has on data
integrity.
15. The Global community of Cybersecurity experts all agree that the
impact on data integrity will increase.
Future prediction by one expert stated that “Trust in Systems will be
broken as bad guys move from exfiltration data to changing it.
16. Therefore, it is imperative that our industry moves a strategy to
counter the impacts of cybersecurity has on financial data.
17. Key strategies that PAO must adopt include:
1. Determine the skill set gaps of accounting professionals on cyber security risk
assessment and risk management and implement strategy.
2. Get involved as a key stakeholders in national cybersecurity forums
3. Get involved in legislative changes over cybersecurity
4. Develop and disseminate more audit guidance in the assessment of internal
control over financial systems in light of evolving cybersecurity threats.
5. Develop CPD events on cybersecurity on an annual basis