Earlier this week, I came across a random thought which puzzled me. A significant number of Australian businesses, by law, are required to conduct audits and Financial audits must have its annual financial report audited yearly.
According to ldb.com.au: An audit provides an impartial examination and evaluation of your financial statements to ensure that they are fairly presented and meet generally accepted accounting principles.
This is a baseline description of the principles of financial auditing. This has helped to ensure companies can maintain compliance, up to codes, standards and everything is done by the book.
So why aren’t security audits a required, or regulated practice? If all companies followed baseline rules on cybersecurity practices and maintained general security rules, this will surely increase the base strength of companies as a whole and ultimately increase the nation’s economic defence as a whole. Increasing engagements in cybersecurity practices will increase awareness and make good security become the standard.
The NSW government has its own cybersecurity auditing policy, but this needs to extend to a national regulator, such as ASIC and the finance industry.
References:
https://www.audit.nsw.gov.au/our-work/reports/compliance-with-the-nsw-cyber-security-policy
https://asic.gov.au/regulatory-resources/financial-reporting-and-audit/
https://www.ldb.com.au/audits/what-is-a-financial-audit-and-why-is-an-audit-required