Don’t miss Part 1 of this series, where we break down what financial executives and business owners need to know about how a cyber incident can impact your audit.

What CFOs and CPAs should do  

If you have a cyber incident during an audit, you will need to demonstrate that the threat has been contained and eradicated and that you have clear knowledge of the company’s risk and exposure.  

Here are the critical questions you need to ask at the time of the incident:  

• What data was exfiltrated?  
• Was any of that data connected to Protected Health Information (PHI) or Personally Identifiable Information (PII)?  
• Do you need to send notifications to clients, vendors, or regulatory agencies, and what costs are associated with them?  
• Should regulatory bodies be involved, and at what point?  
• What is the impact to your internal and financial systems? 
• Can the company manage all the associated short- and long-term financial costs? 

Before an incident occurs 

Be sure your organization has developed and instituted an incident response plan regarding the firm’s financials, as part of the broader, organization-wide plan. This plan should include notifying the financial reporting team as soon as a breach is discovered, along with a solid understanding of the overall cyber response strategy covering the response team, processes, and any external consultants vetted by the firm and ready to be engaged if needed. 

Immediately following a cyber event 

Act quickly. Organizations need to engage their internal incident response teams, including IT, legal, compliance, privacy, and external cyber incident specialists immediately to begin documentation and containment. This can include the date, time, and method of the breach; a record of all actions taken from the moment the breach is discovered; and any communications, containment steps, and system damage, to start. 

Be sure that the forensic analysis includes financial systems and access logs, and coordinate with your audit team to share findings and assess risk to financial data.  

If financial systems are impacted 

If financial systems are impacted, consider pausing the audit until data integrity is validated as your external auditors will need to be confident the incident did not impact the records they are relying on. This often entails working with cyber forensic investigators to review relevant logs and systems to determine if any tampering has occurred and if the data can still be relied on. If forensics is unable to verify the integrity of the records, additional specialists employed by your auditor may need to perform substantive procedures on the affected systems, which can significantly delay the audit.  

If other systems are impacted that connect to or impact the audit 

In many cases, other systems will also be impacted that, in one way or another, connect back to the organization’s financials. These can include human resources, payroll,  outsourced services, benefits platforms, the employees’ 401(k), inventory management, appointment or services booking, or even the company’s CRM platform.  

Each platform should be reviewed to determine whether it belongs in the audit team’s overall assessment in the event of a breach. 

Next steps 

If protected information has been compromised, there are additional steps that will need to be taken, such as familiarizing yourself with the necessary reporting requirements and deadlines, quantifying the scope of affected individuals or entities, and assessing the organization’s insurance coverage – along with the potential financial impact.

How CohnReznick can help

CohnReznick’s Cybersecurity Incident Response (IR) and IT Audit teams are uniquely positioned to support you during these events via:

• Forensic investigations: Our IR team can assess whether financial systems were compromised and provide audit-ready documentation.
• Audit coordination: We work directly with our audit teams to help ensure findings are appropriately integrated into the audit process.
• Risk evaluation: We help CFOs and CPAs understand the broader financial implications of cyber incidents, including regulatory and legal exposure.
• Remediation strategy: We assist in validating system recovery and making sure controls are strengthened post-incident.

With CohnReznick, you gain a unified approach that reduces costs, improves accuracy, and helps ensure your audit can proceed with confidence.