click to edit master title style sat. june 10, 2017 stream session … · 2017-06-09 · click to...
TRANSCRIPT
1
Click to edit Master title style
1
DigitizationSmart Business needs Smart AuditFranz Rauchbauer, Martin Obermoser, and Johannes Göllner
European Meeting Budapest 2017Sat. June 10, 2017Stream Session "Digitization"
2
Smart Business needs Smart Audit
Franz RauchbauerMulticont Revisions- und Treuhand GmbH, Vienna/AT
Martin ObermoserMulticont Revisions- und Treuhand GmbH, Vienna/AT
Johannes GöllnerMulticont Revisions- und Treuhand GmbH, Vienna/ATZRK – Zentrum für Risiko- und Krisenmanagement, Vienna/AT
3
Smart Business needs Smart AuditAGENDA
Understanding the Business of our Clients in the Smart Economy
Big Data, new Technological Concepts and Business Instruments, Smart Agents
Audit Profession not prepared for Digitization
Changes in the Audit Approach (Smart Audit) and New Services
Opportunities and Consequences
4
Understanding the business of our clients (ISA 315)• The auditor should obtain an understanding of the entity and its
environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures
• The Auditor has also to form his own point of view on the risks in the business (e.g. through research)
5
Understanding and evaluating internal control• Once we understand what management is trying to achieve and
the risks they face, we ask the question: How does management get comfort?
• Understanding how management gains comfort requires us to consider all components of the entity's internal control
• It is important that he has an understanding of how information flows through the entity’s systems and how it may be changed and/or reported on
• This includes mapping the linkage between the management information / financial statements and the business processes (systems / applications and computer environments)
6
Click to edit Master title style
6
Smart,-versus Cyber-Economy-Visions, Trends, Concepts and Risks
7
The 10 largest global business risks in 2016
1. Operational and supply chain interruption: 38% 2. Market development (volatility, competition, stagnating
markets): 34% (NEW)3. Cyber events: 28%4. Natural disaster: 24%5. Legal changes: 24%6. Macroeconomic developments (commodity prices, austerity
programs, deflation, inflation): 22% (NEW)7. Reputational risk: 18%8. Fire, explosion: 16%9. Political risks: 11%10.Theft, fraud, corruption: 11%
Source: Allianz Global Corporate & Specialty in Allianz Risk Barometer: Die 10 größten Geschäftsrisiken 2016
8
Threats and fear as driver for future conflictsTypical topics in future threat discussions in industrialized countries
Typical topics in future threat discussions in non industrialized countries
• Terrorist attacks• Cyber attacks• Espionage• Organized crime• Sound pollution• Light pollution• High tech threats• CBRN• Financial market instability• New technology discussions• Instability in resource markets
• Environmental damage
• High technology waste
• Climate threats
• Extreme weather
• Resources scarcity
Source: Goellner Johannes, Klerx Joachim: Emerging Risks and Disruptive Trends in (Global) Supply Chain Networks, NATO Strategic Foresight Analysis Workshop, 21-22 October 2015, Helsinki, http://www.act.nato.int/futures-ws-3
9
Cyber Economy is result of: • Smart Economy: Smart Cities-based in relation with:• Cyber Development
ICT- und Knowledge based Economy, where ICT catalyze and accelerate social, political and
economic development
Cyber Economy
10
Global Supply Chain Networks
Copyright by Goellner, Peer 2016 based on Goellner 2015
11
GE: Enterprise 4.0-Investments until 2020 per anno: EUR 40 Billion, in sum approx. EUR 160 Billion
Article: Controller Magazin, 05/06 2016
GE: until 2025-2030: approx. 50% unemployed blue coloured workersin production industry, based on extensive robotics-integration
Study: PwC-PricewaterhouseCoopers in 09/2016
ad Smart Logistics:
12
Complexity of Interactions/Networks
Source: Goellner Johannes, Qurichmayr Gerald: META-RISK: Meta-Risiko-Modell für kritische Infrastrukturen, ICT-Security Conference 2016, St. Johann i./Pongau, Salzburg, Austria,12.10.2016
13
5-stage-model: generic strategic disaster & crises management process model
pre-executionphase
executionphase
follow-upphase
IMPACT
prevention- & initialization
phase
postventionphase
operational intervention &management phase for impacts
perception-, information- & analysis process
•Evaluation•Lesson Learnt•etc…
turn back loop to prevention- & initialization phase after finishing postvention phase
strategic level
Source 1: first design by Göllner Johannes, 09/2012, National Defence Academy/Dept. ofCentral Documentation & Information of the Austrian Ministry of Defence and Sports;Source 2: Göllner J. & Peer A., 10-12/2012 for KIRAS „LMK-MUSE“-research project proposal;Source 3: published: EISIC 2013, Uppsala, SWE, 09/2013, dissemination activity: KIRAS QuOIMA;Source 4: Göllner J. & Peer A., published: HMS 2014, paper,-id: 40, p.3, Bordeaux, France, 09/2014;
•Laws / act generating•Standardisation generating•Stand By-functions•Preparatory actions•Strategic capabilitydevelopment•Capability management•Resource management•etc…
14
Future public infrastructure and governance
Globalized Migration: Complex Human
Transfers
Peer to peer nets against
surveillance
Globalisatio and strategic sourcing
Future public infrastructure
2030Establishment of international armed forces to protect supply chain networks
2020New forms of supply chain networks and increasing interdependence between these networks
2035Conflicts about power and influence in the new supply chain networks
2025A new power on the horizon –Information management for supply chain networks
New players in the struggle about political influence
Disruptive
EventsTrends
Nuclear espionage of non state actorsThe shape of Islam in the
21st century
Uncontrolled Uncontrolled release of
nuclear waste Dirty Bombs and CBRN terrorism
Dirty Bombs and CBRN terrorism
Threats TrendsSocial NeedsSocial Needs Weak Signals
The Risks of WMD Proliferation and Terrorism
Declining recruitment rates of armed forces
Epistemic networks in organized crime
Increasing power of transnational corporations
Globalization of criminal networks
Digitalization with increasing speed
Globalization and strategic sourcing
Political and commercial
disinformation
Democracy and terrorism
Source: Goellner Johannes, Klerx Joachim: Emerging Risks and Disruptive Trends in (Global) Supply Chain Networks, NATO Strategic Foresight Analysis Workshop, 21-22 October 2015, Helsinki.
15
Physical Internet: FP 7-Project MODULUSHCASupply Chain Application
New Concept for logistics operations:http://www.modulushca.eu
16
Supply Chain Security(FOCUS PROJECT - Foresight Security Scenarios: Mapping Research to a ComprehensiveApproach to Exogenous EU Roles, EU-FP 7 programme)
The “threat side of the Supply chain security equation” – includingexogenous threats to EU - is not well covered in the literature today.Instead, most of the literature refers vaguely to “terrorism threat” or“cargo crime” as main reasons behind Supply chain securityprograms, standards and regulations.
(see D5.1 www.focusproject.eu , page 99, point 8.3, Ending Date: 31/03/2013)
17
Capability development optionsDevelopment of a monitoring solution:
• First guideline of Working Group: Supply Chain Risk Management of the Risk Management Association, Munich, Germany (2013-2015) (https://www.rma-ev.org/Veroeffentlichung-zum-Download.696.0.html)
• „Supply Chain Monitoring Solution“, e.g. in analogy to the first guideline of Working Group: Supply Chain Risk Management of the Risk Management Association, Munich, Germany (2013-2015)
• „Strategic situation awareness center for permantly global analysis of strategic resource/raw material-SRA“ (www.kiras.at, 2014-12/2015)
18Source: Dr. Joachim Klerx, Emerging Risks and Disruptive Trends in (Global) Supply Chain Networks, NATO SFA WS, Helsinki, 10/2015
Crypto currencies as disruptive trend for international supply chain networks
19
Future threats and developments in cyber security
Right to be informed
Right to Right to deleteProactive
protectionProactive
protection
Clear identity Clear identity rules Clear rules
for usage
AnonymityFreedom of speech
IPR for data
Cyber Future
2030Geoshifts in cyber innovation, from industrialized countries to new economies
2040A new power on the horizon - Global virtual communities
2020Virtual currencies, infiltrated by organized crime
2035Intelligent sensors and tracking: finding anything, anywhere, anytime
2025New advanced persistent threats (APT) with intelligent autonomous bots, reconnaissance of future hybrid wars
Competition of large scale SIGINT systems
End of exponential increase of computing powerUbiquitous but filtered information
Increasing amount of mobile and embedded clients
Increasing asymmetric knowledge in cyber security
Factual unlimited storage in the cloud
Disruptive
EventsTrends
Prices explosion of Zero day exploits
A droid for all seasons
Dark-nets Global black hacker industry
Insider Insider attacks
Cyber Cyber warfare
Black markets for information
A society of surveillanceA society of surveillance
Network Network breakdown –accidental or
natural
Threats TrendsSocial NeedsSocial Needs Weak Signals
Quantum computing
Magnonic Computing
Ultra-paranoid computing
Source: Goellner Johannes, Klerx Joachim: Emerging Risks and Disruptive Trends in (Global) Supply Chain Networks, NATO Strategic Foresight Analysis Workshop, 21-22 October 2015, Helsinki.
20
The 2016 Digital Banking Readiness Index
21
Network Analysis of Banking & Finance Networks
Source:
22
Legal Compliance for Cyber, ICT & Supply Chain networksPolitical and content Levels of the Internet Administration
• Stability of the Infrastructure and Development Cooperation
• Internet-Security Policy
• Human- and Civil Right in the NETWORK
• Legal Development
Four levels of Internet-Regulation: (intern./national)
• Level 4: Level of Content: Content of User
• Level 3: Application-oriented level: Software Applications
• Level 2: Logical level: Technical Standards
• Level 1: Infrastructural level: Hardware
Source: Wer regiert das Internet? Akteure und Handlungsfelder, Friedrich Ebert Stiftung, Bonn, 2016
23
Big Data, new Technological Concepts and Business Instruments, Smart AgentsCYBER: H2020-Projekt: (project-partner: Zentrum für Risiko- und Krisenmanagement)
ASGARD-Analysis System for Gathered Raw Data:ASGARD has a singular goal, contribute to Law Enforcement Agencies Technological Autonomy and effective use of technology. Technologies will betransferred to end users under an open source scheme focusing on Forensics, Intelligence and Foresight (Intelligence led prevention and anticipation).ASGARD will drive progress in the processing of seized data, availability of massive amounts of data and big data solutions in an ever more connectedworld. New areas of research will also be addressed. The consortium is configured with LEA end users and practitioners “pulling” from the Research andDevelopment community who will “push” transfer of knowledge and innovation. A Community of LEA users is the end point of ASGARD with thetechnology as a focal point for cooperation (a restricted open source community). In addition to traditional Use Cases and trials, in keeping with opensource concepts and continuous integration approaches, ASGARD will use Hackathons to demonstrate its results. Vendor lock-in is addressed whilst alsorecognising their role and existing investment by LEAs. The project will follow a cyclical approach for early results. Data Set, Data Analytics (multimodal/multimedia), Data Mining and Visual Analytics are included in the work plan. Technologies will be built under the maxim of “It works” over “It’s the best”.Rapid adoption/flexible deployment strategies are included. The project includes a licensing and IPR approach coherent with LEA realities and Ethicalneeds. ASGARD includes a comprehensive approach to Privacy, Ethics, Societal Impact respecting fundamental rights. ASGARD leverages existing trustrelationship between LEAs and the research and development industry, and experiential knowledge in FCT research. ASGARD will allow its community ofusers leverage the benefits of agile methodologies, technology trends and open source . (Abstract)
ASGARD aims to create LEA Technological Autonomy, by building a sustainable, long-lasting community form the LEA and research and developmentindustry that will created (at little or no cost to LEAs), maintaining and evolving a best of class tool set for the extraction, fusion, exchange and analysis ofBig Data including cyber-offenses data for forensic investigation. ASGARD will help LEAs significantly increase capabilities. With forensics being a focusof the project, both intelligence and foresight dimensions will also be tackled by ASGARD.
(Data analysis; data fusion; data intelligence; big data; event detection; content and visual analytics; NLP; sentiment analysis; multimedia analysis; digital forensics; foresight; signal analysis; )
Project Costs: EUR 11,9 Mio
Project Duration: 01.09.2016-2019/2020 (36-42 PM)
Link: http://www.asgard-project.eu/ & http://cordis.europa.eu/project/rcn/203297_en.html
24
Capability development optionsDesign or re-design the supply chain network stuctures:
• Peer to Peer structure (decentralized) vs centralized managed supply chain networkremark: but loss of state sovereignity because of increasing peer to peer structure of supply chain network.
• How to protect and attack decentralized supply chain network?
25
Digitization - The World without Borders
Smart Factory
SmartContract
Industry4.0
Smart Mobility
Smart Grid
Smart Home
IoTShopping
4.0
26
Understanding the Business of our Clients in the Smart Economy
27
• Ransomware, esp. Crypto-Ransomware
• DDoS Botnet, Cloud, Internet of Things
• Phishing
• CEO- / CFO- / CxO-Fraud
• Hacking
• Trustworthy Sources
Threats
28
Audit Profession not prepared for Digitization?
Auditing is used to create trust for stakeholders
Annual audits (ex post) sufficient?
Cyber risks described in annual reports?
Are well-educated financial, business and legal experts able to assess complex digital business processes and risks?
Is our profession prepared for the new requirements?
29
Audit Profession not prepared for Digitization!
Fundamental changes are needed
Legislation and professional standards
Annual audits replaced by continuous audits
Regular reporting and information regarding the effects on the annual financial statements including cyber risks
IT knowledge as a key factor in the audit team
30
Shopping 4.0
Attractive forbeginners
Industry4.0
Virtual Audit Teams
Smart Audit for Smart Companies
IoTSmart Audit
Smart Factory
SmartContract
Smart Mobility
Smart Grid
Smart Home
AutomatedAudit
Innovative Services
IT-Knowledge
Data-networking: Client - Auditor
ContinuousAudit
31
Opportunities and Consequences
prevention products
intervention-productspostvention
productspre-execution execution phase follow-up
strategic operativly strategic operativly strategic Operativly Strategic Operativly Strategic Operativly
Soft Hard soft hard soft hard soft hard soft hard soft hard soft hard soft hard soft hard soft hard
1st Line of Defense
x
x x x x
x
2nd Line of Defense
x
x
x x
3rd Line of Defense x x
Consulting Products and Auditing Sevices
32
Opportunities and ConsequencesNew innovative services
• Cloud Computing: Security Audits / Consulting Services
• Big Data analysis
• Cyber & ICT Security Assessments
• Cyber Defence Consulting
• Supply Chain Security Assessment & Consulting
• Services for analysis of supply chain networks
• Legal compliance in the area: Cyber-, ICT and supply chainnetworks
• Audit of blockchain-applications
• Penetration tests
• Fintech-Audits
33
Opportunities and ConsequencesNew innovative services
• Forensic services
• Trend monitoing services for• decision building & making• Pre-aquisition and due dilliguence
• and so on.
More value added to the clients through
• continuous audit: deficiencies are reported immatediatly
• automated data analysis: less effort for the client, full coverageof the audited transactions
34
Opportunities and Consequences
Fundamental changes in the personell resources (audit teams) areneeded
IT Knowledge as a key factor – Smart Audit needs IT Experts
Education of Auditors – legal and economic know-how is not enough
Virtual teams – experts consult regardless of their location
35
Thank you for your attention !
36
Key Points for the Roundtable DiscussionTax Consulting
integrated business process, central database
bookkeeping and tax work on client's systems
client will reduce staff
new kind of work for taxconsultants, specialists w. overview will be needed
what can we do?
more IT-knowhow required
Research skills
Use the remaining time
Audit
Digitization changes the world
Big Data, new technological concepts and business instruments
New business risks
Audit profession is not prepared for Digitization
Changes in the audit approach are needed
Smart Audit for Smart Companies
New innovative Services