AUDITING CYBER SECURITY RISKS AND ITS IMPACT ON AUDITING PROCEDURES IN IRAQI BANKS (BAGHDAD NATIONAL BANK AS A MODEL)

Abstract

Iraqi banks have a technical development in providing banking services and the purpose is to link cyber security risks and audit procedures to the tasks and responsibilities of the auditor and to identify the most important threats and address them The most important conclusions reached are that there is a relationship between cyber security risks and the professional responsibility of the auditor, the most important of which is that most financial and banking entities have not identified or disclosed cyber security risks and the absence of a binding law or legal framework, which affects the audit procedures and the opinion of the auditor. This affects the professional responsibility of the auditor, as well as the failure to disclose these risks, which exposes them to threats. These risks and procedures in cyber security were not addressed in corporate laws, and the most important recommendations were to amend the laws or issue a law or framework obligating financial entities and banks to identify cyber security risks, as well as the auditor's audit program for the purpose of identifying cyber threats and risks and the most important measures taken by governance and in terms of keeping pace with the technical cyber development in order for the procedures to be at the level of the role that creates an environment of trust between him and the users of the reports and obligating the auditor through laws or instructions to exercise the necessary professional care to identify these risks as they are important risks for all Companies and proposed a cyber-security risk audit program according to the Iraqi environment .