Technology and Risks

Earlier this year, the NSW Stage Government announced the release of the NSW CSP 4.0. One of the key drivers for this Policy is the uplift of cyber resilience in government in response to the significant increase in cyber attacks in Australia. 

Cybersecurity and data privacy issues continue to make headlines, and the risks surrounding them are only increasing. The demands on chief information security officers and chief technology officers expand as data moves from in-house systems to cloud computing, mobile devices, remote work setups, and new technologies including artificial intelligence and robotic process automation.

In our ever-evolving society, organisations are becoming increasingly reliant on online operations, leaving them more vulnerable to cyber threats than ever before. 

RSM's experience in completing Consumer Data Right (CDR) information security accreditation reports and applications has informed a recent submission to Treasury on CDR rules amendmen

Many who have responsibility for fraud and corruption control within their business (whether private or public sector) will know of the better practice guidance from the Australia Standard AS 8001 Fraud and Corruption Control.

Roger Darvall-Stevens, Partner and Head of Fraud and Forensic Services, met with the team at Fraud Today for an interview to discuss his latest global webinar on the topic of Fighting Insider Fraud: Using the Right Technologies. 

As the past few years have shown, no organisation is exempt from the dangerous and malicious actions of criminal cyber entities. 

Technology has brought many advantages to the way we work – from helping us be more efficient, to providing a suite of new ways to serve customers.

After a slow start, investor and regulator attitudes towards environmental sustainability have started to evolve. It is no longer seen as just a nice to have - changing regulations mean environmental sustainability credentials will have a significant impact on investment decisions. 

Developing your internal information technology (IT) infrastructure correctly is an essential component for your business.

In February 2021, the Australian Cyber Security Centre (ACSC) released a Cyber Security Guide tailored for small businesses.

As cybersecurity continues to affect the bottom line of many companies, the need to continually assess and improve your security posture is paramount. As cybersecurity threats and data security events continue to evolve, understanding the costs and resources necessary to respond to a data breach is essential.

The fundamental step in protecting an organisation and mitigating fraud and corruption control risks is understanding the type of fraud and corruption control risks that are prevalent to the organisation and assessing the counter measures currently in place to mitigate those risks. 

While it’s assumed that your business may have risk management practices in place to identify and manage various risks associated with the business environment, have you considered your cyber security risk exposure?

In 2020, we witnessed many high-profile organisations on the front page of newspapers due to poor risk management practice. So, what can you do to prevent your organisation from the same failings in 2021?

Selecting and implementing the right technology in your business can be overwhelming and confusing. As technology continues to advance, the choices become endless and it is understandable many businesses choose to throw it in the ‘too hard basket’ and continue doing business the way they have done in the past.

It turns out this month's US election will bring an era of significant changes to address the pandemic, expand domestic health care, modernise infrastructure and adopt expansionary fiscal policy—all of which will define the economic policy landscape over the next two years. And it seems the ASX agrees with those sentiments, with renewed confidence only seen prior to the pandemic.

Are you worried about probity?

The new IIA Three Lines Model provides businesses with a reminder that in decision making, upside risk should be considered alongside those negative risk factors. 

As the CDR ecosystem expands, organisations are asking what models are available to access the Consumer Data Right (CDR) Open Banking data. A summary of options available for product owners is outlined below.

Ransomware threats remain prevalent within small to medium enterprises, taking multiple forms and requiring organisations to take a more proactive stance to protect key data and intellectual property.

Organisations are becoming increasingly confident in their current security measures to safeguard both their company and customer’s data, despite the consistent rise in data breaches and other cyber incidents.

With our Agile methodology embedded in our day-to-day way of working, we move quickly and easily to meet and exceed your expectations.

As the Consumer Data Right (CDR) Rules continue to evolve, RSM submitted a response to the request for submissions related to the draft ‘intermediary’ Rules, which were published in June 2020.

Audit Committees, Senior Executives and Boards need to understand the impact of the coronavirus pandemic on internal controls. The pandemic has caused many to transition to a work-from-home arrangement, and your most important internal controls may not have kept pace with these rapid process changes. Now is the time to ensure that any issues with underlying transactions, data or controls are identified and corrected, to prevent misappropriation or fraudulent activities.

RSM partners with Peak Performance International, a Melbourne-based people and culture consultancy, to conduct Risk Culture Indicator (RCI) surveys.

Data privacy awareness and compliance are crucial to handling emerging threats, and are fast becoming a major area of consideration among organisations and individuals.

Obtaining assurance on the security of your CDR data environment. With CDR going live on 1 July 2020, Accredited Data Recipient (ADR) applicants must demonstrate the security effectiveness of their people, processes and technology. The key is to demonstrate security, whilst minimising the cost.

User credentials of millions of users have been compromised over the years as a result of cyber incidents.

With the emergence and escalation of COVID-19 as a global pandemic, organisations have been required to implement strategies that respond, adapt, and protect core business functions and their employees.

With the magnitude of security and data breach cases highlighted regularly in the media, most executives of real estate companies are aware that they will likely become a victim of a cyberattack.

People are considered a company's most valuable asset, being instrumental to its success and failure. With extensive disruption caused by the COVID-19 outbreak, people have been significantly impacted resulting in workforce management instantly becoming more important than ever.

The frequency and scope of cyberattacks are growing rapidly and breaches are a significant threat to any organisation’s reputation and sustainability. While media reports largely tend to focus on large-scale breaches, smaller organisations are at a higher risk of being breached.

Business Continuity Plan (BCP) experts at RSM bring some of the deepest and most thorough understanding of underlying risk and incident management issues.

With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

As Australians are beginning to gain confidence in the response to the coronavirus, which has caused widespread disruption for the last few months, public conversation is quickly and rightly swinging to economic recovery. We will watch carefully the impact this has on economic recovery as restrictions begin to be unwound. Our clients need us now, as we face this crisis together. Drawing on our experience during the global financial crisis, we know that taking early and decisive action to manage risks is critical. 

In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

With most businesses across Australia suffering a steep blow to cash flow in the current climate, it’s never been more important to eliminate wasteful spending.

2020 saw ransomware gang, REvil, strike Travelex in a hack that forced the foreign exchange company to go offline as the gang held its customers’ sensitive data hostage.

An important COVID-19 fraud update from the Fraud & Forensic Services team at RSM 

Digital. Fintech. Open Banking. Just a few of the buzzwords currently floating around in the banking industry.

The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.  

In a recent article in The Age, it was reported that Australian business leaders are becoming increasingly anxious about the threat of climate change. Recent research indicates that Australian business leaders view climate change as the biggest issue facing society.  

Darren Booth, National Head of Security and Privacy Risk Services at RSM Australia, will be presenting at the upcoming South Pacific and Asia Conference 2020 (SOPAC®) on 'The latest news in cyber security'. This presentation will cover the following:

The rapid evolution of regulatory requirements, business standards and best practices presents unique challenges for companies who must protect and grow their organisations. Have compliance, risk and audit functions become hostage to a process-based focus?

The need for organisations to be nimble and responsive has never been more necessary. The pace of technological advancements, the global and mobile nature of today’s marketplace and rising regulatory burden mean that having resilience and continuity plans are critical.

Regardless of their digital footprint, any business with a reliance on technology is at risk of cybercrime.

Major corporate failings that have dominated the media in recent years including safeguarding, whistleblowing and Board transparency have raised serious concerns for stakeholders including regulators, shareholders, employees and the non-executive community, with questions being asked regarding how to improve governance to address these and ot

The bushfires have had a devastating impact with 25 people killed in NSW and thousands of homes damaged. Now, the government of NSW has announced an independent six-month inquiry into the bushfires which will examine causes as well as the preparedness and response. It is expected that the inquiry would consider how climate change, human activity and other factors had contributed to the blazes.

In November 2019, the Audit Office of New South Wales (AONSW) released a report summarising sector-wide findings and recommendations relating to internal controls and governance from their 2018-19 financial audits of the 40 of the largest public-sector agencies in NSW.

A good governance is a combination of processes and structures implemented by the Board to inform, direct, manage and monitor the activities of the organisation toward the achievement of the organisation’s objectives. The Audit Committee plays a pivotal role in ensuring good governance by overseeing the organisation’s

Digital assets like cryptocurrencies are a new asset class with a volatility and global availability that excites the investment community.

There are now legal requirements for companies to have whistleblower avenues in place and ensure whistleblower protection when receiving, managing and investigating reports, which bring companies up-to-date and beyond the whistleblower requirements for the public sector.

Many organisations currently outsource their information technology services to a Managed Service Provider (MSP), with the uptake of organisations engaging an MSP increasing significantly over time.

Health care companies must train staff to be vigilant around security. 

To insure, or not to insure? Cyber Liability Insurance, that is the question. Cyber-attacks are becoming increasingly more sophisticated and organisations are struggling to stay ahead of the latest threats to their business operations.

Experts predict that worldwide, cybercrimes of all kinds will cause losses of $6 trillion annually by 2021.

Five ways Technology, Media and Telecommunication (TMT) Organisations Can Protect Their Information

The Internal Audit (IA) should provide a comprehensive review of your Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) program

The sharing economy has grown significantly in recent years, facilitating innovation, job growth and more choices for consumers. It started with taxis and hotel rooms, but will financial services follow soon? Or has it already begun?

Information security under CPS 234 From 1 July 2019, the boards of the Australian Prudential Regulation Authority (APRA) and regulated entities will be held accountable in the event of a cyber security incident by the new Information Security Prudential Standard (CPS 234). 

RSM Australia (RSM), one of the largest mid-tier accounting firms in Australia, has announced a senior appointment to its risk advisory team.

Middle market businesses, government and the not-for-profit sector need to proactively leverage technology and data to achieve business and strategic goals. Failure to do this could lead to falling behind the competition or not meeting stakeholder expectations. 

The essential art of articulating security issues in business language.

Welcome to our first edition of Risk Insider. Recently we have seen some interesting developments around the world that have redefined how companies and government entities view risks. It has been a busy period for risk and compliance professionals. There have been a significant number of changes that Boards, Chief Executive Officers and Chief Risk Officers have had to deal with which has accelerated change and the need to access the right risk and compliance advisors has never been as strong. 

Within its latest Information Paper, APRA finds that embedding effective frameworks and controls to identify, manage and mitigate non-financial risks is a challenge for all institutions regardless of size, complexity or industry.

Climate change and the environment are topics continually making headlines on a regular basis.

Over recent years we have strived to create resilient, high performing teams, fully engaged, agile, workforces and above-the-line actions to collaboratively achieve a future vision.

The complexity and challenges presented by cyber security risks are both many and multi-dimensional.  However, there’s no single solution that is the panacea as organisations assess their cyber security risks.  The importance of adopting a strategic and holistic approach is more important than ever.

Following an increase in the frequency of information security attacks, a new Australian Prudential Regulation Authority (APRA) Information Security Prudential Standard (CPS 234) is coming into effect on 1 July 2019. 

Running a business in the digital age means that, on top of operational and customer delivery, there is another layer of complexity in the form of ensuring data security within your business is strong.

Franchisees and franchisors often face key challenges around hitting financial targets, deciphering complex financial reports, meeting reporting deadlines alongside managing daily operations, managing client data, and identifying key financial trends to understand what actions can help increase the bottom line.

An analysis of the Banking Royal Commission (BRC), what has arisen so far and lessons for organisations.

From cryptocurrencies to tokenisation, the level of discussion, perceived potential and interest from regulators in regards to blockchain technology solutions is at an all time high. 

With the release of the Banking Royal Commission (BRC)’s interim report, a fresh wave of consumer backlash against the big four banks has surfaced along with cries for retribution, condemnation and large financial penalties.

An analysis of what has arisen so far with the Royal Banking Commission and Lessons learnt for organisations. Learn More >

Digital advancements have resulted in consumer data being created, collected and stored within seconds. It is increasingly important to have clear laws and safeguards in place given the growing digital economy and associated cyber security risk.

Blockchain and the evolution of Cryptocurrencies is still a work in progress.

In the wake of recent events, real estate agents are now under greater scrutiny from regulatory authorities, as well as the general public. As the threat of cyber crime attacks increases, the security of your client monies is critical to your business reputation. How we can help

An auditor is a watchdog, not a bloodhound...

This month, Roger Darvall-Stevens, Partner and National Head of Fraud & Forensic Services at RSM, is featured in Financier Worldwide’s Corporate Fraud & Corruption Annual Review. In the feature, he talks about regulatory developments in Australia, fraud & corruption risks and offers advice to businesses on how to mitigate t

Perhaps one of the absolute truisms is that we live in a changing world. 

Mind the KRACK – How damaging is the KRACK Wi-Fi attack?

Mind the KRACK - How the KRACK Wi-Fi exploit highlights the core vulnerabilities of the internet.

RSM Australia was proud to recently sponsor a Boardroom Hypothetical presented by the theresolution.com.au around a major cyber incident.

RSM Australia was proud to recently sponsor a Boardroom Hypothetical around a major cyber incident.

You will have noticed significant media coverage of an outbreak of ransomware globally which impacted 10,000 organisations in over 150 countries including Britain’s National Health Service and automaker Renault.

Rather than putting a black mark against them, Australian firms should recognise the power of whistleblowers as an early warning system in the fight against fraud and corruption.

Blockchain is one of the more exciting—and more misunderstood—emerging technologies.

Focus on compliance culture and approach, not just transactions Regulators are taking a different approach to examinations at banks and credit unions. Where, until recently, they focused almost exclusively on files and transaction testing, they are now also taking a harder look at each institution’s overall compliance approach.

In a competitive business environment, all organisations must implement Enterprise risk management processes to manage risk effectively in order to achieve business and strategic objectives. Your organisation encounters business risks on a daily basis; assuming risk in the pursuit of profit is the essence of a business.

ASIC published a media release on 16 December 2016 highlighting the need for action on three major new accounting standards.  The three standards are: AASB 9 Financial Instruments (applies from years commencing 1 January 2018)

What is best practice and where do Australian companies currently rate?

On the 3rd of November, the Australian Prudential Regulation Authority (APRA) released updated governance requirements for APRA-regulated superannuation trustees (RSE licensees) with a final revised prudential standard and prudential practice guide on governance. 

Reposition the focus from the “how to” to the “outcome”. Innovate ways to partner with stakeholders to reach the desired outcome. Embed the need for business acumen in order to provide practical advice and insight which creates value.

Fundamental changes to how reporting entities collect ‘Know Your Customer’ (KYC) information

Managing a project in accordance with relevant methodologies and standards, ensures that:

New Regulations for the Securities Market

Learn how to identify and understand red flags that could result in significant lost revenue

As well as being cost-effective, augmenting or completely replacing the internal audit function can deliver improved outcomes

As cyber attacks become more frequent and sophisticated, RSM advisors discuss how to protect your organisation against 2016’s emerging cyber threats.

The purpose of an audit is to confirm the validity of financial statements and help determine the value of an organisation. The auditor’s role is to express an objective opinion on whether the organisation’s management has fairly presented the information in financial statements.

RSM’s Fraud and Forensic Services’ Roger Darvall-Stevens and Probity Adviser Michael Shatter share their thoughts on the public examinations of Operation Dunham, Victoria’s Independent Broad-based Anti-Corruption Commission’s (IBAC) investigation into the Department of Education and Training’s $180 million Ultranet project.

Franchises are currently under the spotlight following breaches by high-profile brands. As a result, franchisors should take steps to ensure their franchisees are complying with all legal and contractual requirements.

There are many organisatons with a gap in their risk management strategies that is affecting the security of sensitive and private information according to RSM Australia.

On 13 January 2016, the IASB published the long-awaited IFRS 16 Leases.  The project to issue a new leases standard began in 2006, primarily in response to user concerns about off-balance-sheet assets and liabilities arising from operating leases.

The role of the CIO is changing from being a provider of IT services to being a broker of IT services, making the importance of having a solid understanding of the cost of delivering IT services more significant.

Delivering sustained cost reduction strategies for your organisation through identifying, prioritising and eliminating waste.

Under AASB 119 Employee Benefits, all for-profit entities and not-for-profit private sector entities are required to discount employee liabilities using the rate applicable to high quality corporate bonds. Where there is no deep market for those bonds, government bond rates are used.

Fraud by CEOs, CFOs and others in the ‘C-suite’ is a dirty little secret which is rarely discussed but happens with disturbing regularity. It is one of those once in a lifetime events that seem to happen regularly!

Government (at the Commonwealth, state or territory, local levels with municipal councils, and agencies and other government entities) has been leading the way in mitigating the risks of fraud, bribery, corruption and improper conduct.

Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical.