.png?sfvrsn=dd675fd5_2)
.jpg?sfvrsn=d4038e84_0)
-(1).png?sfvrsn=db949de5_0)
-(5).png?sfvrsn=3162fbc9_0)
/business-management-global-connection/istock-1167579720-c.jpg?sfvrsn=ff93f9a5_2)
/audit-assurance/istock-1169206203-c.jpg?sfvrsn=1d6f9b25_2)
/professionals/istock-845530100-c.jpg?sfvrsn=46efdedd_2)
/ethics-and-professionalism/istock-1141115724-c.jpg?sfvrsn=4e54d691_2)
/business-management-global-connection/istock-1079974636-c.jpg?sfvrsn=e9fea23b_2)
.png?sfvrsn=905ee1bd_0)
/legal-secretarial/istock-866706340-c.jpg?sfvrsn=d7f57b8c_2)
RISK MANAGEMENT
As the national accountancy body, ISCA continues to entrench itself as an influencer and active contributor in the global profession and ecosystem, proactively being at the forefront not only in terms of profession-driven capabilities and knowledge, but sustainability and corporate citizenship as well.
ISCA strives to maintain good working relations and hold regular dialogues with key local stakeholders such as government bodies and agencies, policymakers and regulators to advance the accountancy profession in Singapore. Internationally, ISCA has cultivated and strengthened ties with leading member bodies of the global accounting profession, IFAC – the global organisation for the accountancy profession – and relevant accountancy groups such as Chartered Accountants Worldwide (CAW), ASEAN Federation of Accountants (AFA) and the Jeju Group. These interactions not only help to facilitate the identification of mutually beneficial areas of collaboration and the sharing of best practices, but also enable ISCA to represent our members and provide insightful perspectives regarding accountancy matters that are of interest to the profession on global platforms. In addition, our standing as a global PAO positions us to be at the forefront of sustainability when it comes to the profession.
Moving forward, ISCA will engage more in sustainabilityfocused research and publications to enhance its thought leadership in the arena. ISCA will also focus more on sustainability as a whole across the organisation, and embed sustainability-oriented content into our CPD courses, seminars, events and programmes, raising awareness in Sustainability and climate change, and creating a better ecosystem.
As the voice for our members and the profession, ISCA works closely with standard setters, regulators and the industry to actively shape and maintain high ethical and professional standards within our financial ecosystem. For instance, ISCA regularly submits comment letters on exposure drafts drawn up by international standard-setting bodies, and issues guidance on relevant accounting and auditing standards.
In order to constantly deliver value to our members through quality initiatives and services, ISCA actively monitors the trends and developments affecting the profession and further refines our initiatives to remain relevant and prepare members to be future-ready.
The COVID-19 pandemic has driven a shift towards remote work, and cybercriminals see this as an opportunity to proliferate their criminal activities and exploit the vulnerability of employees working from home.
To manage cybersecurity risks, ISCA conducts an annual Tabletop Exercise that evaluates our cyber crisis processes, tools and proficiency in responding to cyberattacks – from both an executive strategic perspective and a technical incident response perspective.
ISCA also conducts awareness training for our staff, enabling them to identify phishing emails and report them to ISCA’s Technology department. We have also implemented antivirus and malware scanning tools to pro-actively detect and filter malicious incoming emails.
In addition, ISCA’s corporate devices are equipped with virtual private network (VPN) technologies, requiring employees to log in before they can access corporate data. Frequent checks are conducted on the vulnerabilities of ISCA’s servers and applications are proactively scanned. Any vulnerabilities that are discovered will have patches applied as soon as possible.
While preventive measures are important, there is also a need for cyberattack detection, response and recovery capabilities. ISCA reviews our response and backup plan annually with our management, as well as with professional cybersecurity firms.
The Institute is preparing to obtain ISO 27001 certification. The ISO 27001 certification demonstrates that an organisation has invested in the people, processes, and technology (e.g. tools and systems) to protect its data. It provides an independent, expert assessment of whether the organisation’s data is sufficiently protected. ISCA expects to achieve ISO27001 certification in the latter part of 2022.
To promote a culture of vigilance when handling personal data, we hold training courses for employees related to the PDPA. New employees are required to watch a training video on PDPA as part of the staff induction programme. We also send email reminders to employees about our personal data protection policies, such as encrypting and securing files containing personal data. We encourage good password hygiene among our staff as a simple but consequential way to prevent data breaches, and to stay vigilant against phishing scams and other malicious communications that can expose the Institute to devastating ransomware attacks.
Workforce planning and ensuring a sustainable talent pipeline is part of our comprehensive talent management strategy. We recognise that if individuals are to remain valuable to our team, they need to continue to strengthen their skills. Hence, ISCA continually focuses on training and developing our staff for long-term success and supports each individual’s career aspirations.
We take steps to retain talent and ensure that each member of our team is recognised for his/her achievements, treated with dignity, and maintains work-life balance.
Our reputation is one of the Institute’s most valuable assets. The positive perception of ISCA in the minds of our members, regulators and other stakeholders is vital to our success and the trust and relationships we have built with them.
Managing this strategically starts with building an accurate picture of our strengths and weaknesses to quantify the impact of identified risks on our reputation and to create a baseline for measurement and improvement.
The Institute has an ongoing process to detect and manage issues that can affect our corporate identity and reputation. We also manage, protect, and improve our reputation through sound corporate values as well as robust policies and processes to identify, assess and respond to risks in a manner that is consistent with the Institute’s culture.