La idea es explorar un escenario hipotético en el que, el valor en libros contables de los activos de una empresa se viera afectado por los resultados de las auditorías de seguridad. ¿Cómo actuaría el Consejero Delegado? ¿Cómo cambiaría el rol del auditor? ¿Cuál sería el régimen de responsabilidad de los auditores?
14. Financial audit is to verify and
determine whether the annual accounts
(accounting) express the true and
fair picture of the financial position of
the audited entity.
13
18. Vulnerabilities not resolved in
corporate’s information systems
reduce assets value proportionally to
vulnerability severity
17
19. 130
140
Losses affect to
Shareholders loss value of
organization’s share value
their shares
/financing ability
110 120
Organizations have to Organizations have to
recognize losses for asset reduce equity to balance
depreciation accounts
100
Severe vulnerabilities
reduce assets value
18
20. Neither CFO (CxOs in general), nor
sharleholders, do not desire to have any
vulnerability in organization’s corporate
information systems
150 160
CxOs bonus depends on Shareholders hapiness
shares values depends on shares values
130
140
Losses affect to
Shareholders loss value of
organization’s share value
their shares
/financing ability 19
22. 230
Auditors are liable for their opinions about
organization’s systems security
220
Auditors have to analyse the
security of organization’s
systems prior to provide an
opinion
200
210
Auditors have to provide an
Auditors are liable for
opinion about organization’s
their opinions
assets value
21
25. Exercise control
and discipline of
auditing activity
[…] and financial
auditors, through
technical controls
and sanctioning
power…
(R.D 302/1989,
art. 2.d)
24
27. Organization’s systems security becomes a
subject of responsibility and auditors pay
broader attention to the security
assessments they perform.
240
ICAC (or equivalent) will 230
supervise auditor’s opinion Auditors are liable for
about security of information their opinions about
systems and could sanction organization’s systems
them if they do not achieved security
minimum quality criteria. 26
28. Thank you!!
Antonio Ramos
antonio.ramos@leetsecurity.com
@antonio_ramosga
27