Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
home Insights
exe

Why Crowe Moldova is Investigating Cybersecurity Integration in Financial Audits

28/08/2025
exe

The Republic of Moldova has taken important steps to strengthen its cybersecurity posture, creating a National Cyber Security Agency and ranking 12th in the National Cyber Security Index (NCSI) (EGA, 2024). However, its 112th position in the Global Cybersecurity Index (GCI) highlights critical gaps in resilience, international cooperation, and preparedness. While Moldova is advancing in digital transformation—ranking 70th in both the E-Government Development Index (EGDI) and the Network Readiness Index (NRI)—there is still significant work to be done to strengthen frameworks, infrastructure, and cyber resilience (Presidency of the Republic of Moldova, 2023).

As an independent member of Crowe Global—ranked 8th among the world’s leading audit and advisory networks—Crowe Moldova provides assurance and advisory services across key sectors, including non-banking financial services, telecommunications, agriculture, retail, and NGOs. Our corporate strategy is to differentiate ourselves by offering innovative, value-driven services that go beyond traditional financial audits.

We see the integration of cyber risk considerations into financial audits not only as a response to rising threats, but also as a strategic opportunity for market differentiation in Moldova’s competitive audit market, where GDP is modest at $18 billion and the sector is dominated by the Big 4 alongside a few second-tier firms.

Why This Investigation is Needed

The connection between cybersecurity risk management and financial auditing has reached a turning point (AuditBoard, 2024). Cyber threats are becoming more sophisticated, targeted, and costly, posing serious risks to data integrity, confidentiality, and availability.

Traditional audits—while aligned with International Standards on Auditing (ISA), such as ISA 315 and ISA 240—do not fully address cyber risks and their potential to disrupt financial reporting. This gap results in:

  • Limited detection of cyber-enabled financial fraud.
  • Inadequate IT risk assessments, often limited to basic IT controls.
  • Lack of auditor expertise in cybersecurity risk evaluation.
  • Regulatory pressure for enhanced IT and cyber audit procedures.

Cyberattacks targeting financial systems, accounting platforms, and sensitive client data are often carried out by a combination of cybercriminals, hacktivists, state-sponsored actors, and malicious insiders. In this context, the role of the external auditor is evolving from a financial assurance provider to a strategic advisor on cyber resilience.

Aligning with Global Trends and Regulatory Expectations

Regulators such as the IAASB and the European Commission are increasingly urging auditors to evaluate IT general controls, assess vulnerabilities in cloud-based systems, analyse the financial impact of cyber incidents, and ensure compliance with cybersecurity disclosure requirements.

For Crowe Moldova, integrating cybersecurity into financial audits will allow us to:

  • Provide more accurate risk assessments.
  • Define relevant and forward-looking audit strategies.
  • Deliver greater assurance to clients.
  • Support regulatory compliance and cyber resilience.

This aligns with global industry trends, evolving regulatory standards, and the growing cost of cyber threats, which are projected to reach USD 10.29 trillion in 2025 and USD 15.63 trillion by 2029 (Statista, 2025).

Limitations and Challenges

While essential, this shift comes with challenges:

  • Rapidly evolving threat landscape driven by AI, emerging technologies, and geopolitical tensions.
  • Complexity of cybersecurity and audit standards, with frequent updates to frameworks such as NIS2, GDPR, ISO 27001, and ISA 315.
  • Limited transparency due to underreporting of cyber incidents.
  • Resource constraints, particularly among SMEs, many of which lack mature cyber controls.
  • Need for specialised tools and expertise in cybersecurity risk assessment.

Research Aim and Next Steps

This consultancy project aims to redesign Crowe Moldova’s audit business model by incorporating cyberthreat considerations into financial audits to improve assurance quality, regulatory compliance, and stakeholder trust.

The project will combine Dynamic Capabilities Theory, Resource-Based View, and Agency Theory with international standards such as ISO 27001, NIS 2, and ISA 315 to develop a structured framework.

We will gather empirical data through interviews with auditors, cybersecurity specialists, regulators, and clients, enabling us to identify knowledge gaps, enhance auditor training, and design practical recommendations.

While some benefits will be immediate, measurable outcomes—such as improved audit quality, stronger ITGC testing, and increased auditor readiness—are expected to materialise over the next two to three years.

Crowe Audit Moldova will continue to analyse the intersection of cybersecurity and auditing, sharing further insights and practical guidance through upcoming articles. Our commitment is to lead the way in enhancing the relevance and resilience of the audit profession in the digital era.