Internet of Things

TECHNOLOGY SPOTLIGHT

“IoT [Internet of Things] is transforming the everyday physical

objects that surround us into an ecosystem of information that
will enrich our lives. From refrigerators to parking spaces to
houses, the IoT is bringing more and more things into the digital
fold every day, which will likely make the IoT a multi-trillion dol-
1
lar industry in the near future.”
For a while now the world wide web has enabled communications between people, busi-
nesses, and economies. In its infancy, these connections were typically through desktop
computers connected to servers and data centres. The network connections were often
through tethered outlets that confned devices to fxed locations.

But that is changing. People are no longer chained to one location by cables connected to
servers that take up entire foors of ofce buildings. They can connect through nearly any
device that allows you to collect and exchange data. The power of the Internet and advance-
ments in wireless technologies have brought about the age of the Internet of Things.

Description
An IoT device is any computing device with the ability to transfer data over a network. TVs,
security cameras, appliances, light switches, and motion sensors for the home, or industrial
sensors, advanced radio-frequency ID (RFID) tags, beacons, and drones for businesses, are
all examples of IoT devices. According to Gartner, the Internet of Things (IoT) is a network
of dedicated physical objects (things) containing embedded technology for communicating
and sensing or interacting with their own internal states or the external environment. The

1 www.pwc.com/us/en/increasing-it-efectiveness/assets/future-of-the-internet-of-things.pdf

2 www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf
IntErnEt of thIngs 2

connecting of assets, processes and personnel enables the capture of data and events from
which a company can learn behaviour and usage through analytics, react with preventive
action, or augment or transform business processes. 2

Interactions within an IoT System

Source: https://securityledger.com/2014/04/will-ot-big-data-create-darwinian-struggle-for-insurance-carriers/iot-loop/

Importance
With over 20 billion IoT devices expected by 2020,3 IoT devices will become embedded in our
lives and businesses. Appropriate use of IoT devices will support near-real-time data collection
and analysis that will lead to better and more timely data-driven decision making. In addi-
tion, the IoT will further enable automation and allow businesses to transform processes and
increase operational efectiveness (e.g., predictive maintenance). Already there are many real-
world applications for the IoT that can beneft businesses and consumers. These benefts are
not limited to specifc industries even though certain industries like manufacturing, agriculture,
retail and healthcare may be poised to beneft more than others.

3 www.zdnet.com/article/iot-devices-will-outnumber-the-worlds-population-this-year-for-the-frst-time/
IntErnEt of thIngs 3

For CPAs, the immense amount of real-

EXAMPLES OF IOT APPLICATIONS
time data that will be available will lead to
IoT sensors in manufacturing and
improvement in the accuracy of planning retail environments can improve asset
and forecasting exercises. With “things” management by reducing shrinkage and
gaining the ability to communicate, spoilage, ensuring supply chain and store
reporting information such as inventory shelves are fully utilized, and improving
levels becomes more accurate and ef- labour efciency and customer experience.
An IoT-enabled store will be able to monitor
cient. Fraud will be harder to commit
stock levels in real time, reduce employee
and easier to detect by reducing human
eforts to sort and locate missing items and
touchpoints. The IoT will also enable pre- thereby improve the overall customer
dictive maintenance on machines; CPAs experience.
will have a better view of which machines
IoT sensors on the farm can help monitor
may require maintenance and allocate light, temperature, humidity and the soil
budgets accordingly. CPAs will need to moisture of crop felds to intelligently
understand how the IoT can transform the automate irrigation systems. An IoT-enabled
businesses they support and understand irrigation system can optimize water use
how fnance systems need to transform and improve crop yields thereby reducing
expenses and improving revenue at the
along with them.
same time.
IoT sensors on commercial aircraft
combined with analytics on maintenance
Business Benefts and logs and fault messages help airlines
Considerations avoid costly maintenance delays and
In a survey conducted by the World cancellations by enabling predictive
maintenance. A commercial use case of
Economic Forum, 68% of respondents
predictive maintenance is PwC’s solution
indicated the IoT as being strategic or
that can predict 15%-30% of maintenance-
transformational to their business. The related delays and cancellations, leading
top three business benefts selected were up to 0.3%-0.6% improvement in on-time
increased productivity, process automation, performance.4 The application of predictive
and optimization of the value chain.5 maintenance can be transferred to other
industries as well.
• Increase productivity
Applying the right IoT devices will
enable businesses to anticipate breakdowns of capital equipment so that preventive
maintenance can be performed without disruption. This reduces maintenance-related
delays and can improve the timeliness of product or service delivery.

• Automate process

4 www.pwc.com/us/en/industries/transportation-logistics/airlines-airports/predictive-maintenance.html

5 www.weforum.org/agenda/2015/06/what-are-the-business-benefts-of-the-internet-of-things/
IntErnEt of thIngs 4

IoT devices can serve as workfow triggers that initiate processes based on pre-set con-
ditions thereby eliminating the need for human intervention. For example, sensors can
detect the arrival of inventory at a warehouse and automatically collect and send the
relevant information to the inventory tracking system.

• Optimize value chain

IoT devices can improve visibility across the entire value chain (from planning to sched-
uling inventory) as a unifed environment or system. More accurate information and
real-time tracking will help management make data-driven decisions to manage inven-
tory better and reduce waste.

In addition to those benefts, IoT can:

• Improve customer experience

Manufacturers of IoT devices can provide frmware updates that improve functionality
based on customer feedback or provide proactive support if a breakdown is imminent,
thereby improving the customer experience.

• Create new business models

As with any new technology, there is a potential to disrupt existing business models
or create new ones. Technology companies such as Google have developed networked
security cameras and sensors for the home that can replace traditional home security
solutions.

While there are numerous benefts to adopting IoT devices in business, there are still some
important risks to manage in order to efectively unlock the value of IoT:

Risk Areas Risk Mitigation Strategies

IoT devices may increase • Treat IoT devices like other networked devices and imple-
security threats due to: ment appropriate encryption and end-point security.
• outdated software or • Where possible, contract equipment from known viable
frmware and reputable manufacturers or IoT service providers.
Ensure the existence of an appropriate update frequency
• lack of encryption to pro-
for device software/frmware.
tect transmitted data
• Change default administrative passwords from the manu-
• weak authentication
facturer to a password that complies with organizational
requirements
IT policies.
• default administrative
passwords.
IntErnEt of thIngs 5

Risk Areas Risk Mitigation Strategies

IoT data stored in the cloud • Business should specify security and protection require-
may not be adequately pro- ments such as ensuring appropriate controls around
tected when managed by storage, transmission, and access as well as breach notif-
an IoT service provider. cation requirements.
• Service provider should agree to specifc requirements
for cloud security in a contractual agreement.
• Service provider should provide a third-party assurance
report on their cloud security and, if needed, privacy and
compliance with contractual obligations.
• Consider leveraging edge computing to process the IoT
data on a local device to eliminate the amount of sensi-
tive data being transmitted. For example, Apple’s FaceID/
TouchID data is stored on your device; user verifcation is
done locally without the data being transmitted back
to Apple servers for processing.

Network infrastructure may • Each IoT device will utilize a portion of available bandwidth
not support bandwidth on the network. As more devices are added to the IoT
demands from IoT devices. network, businesses must ensure adequate bandwidth is
available to support communication between these devices
and critical applications. Otherwise, network downtime
may reduce employee productivity or provide a negative
customer experience.
• Edge computing moves the processing of data generated
by IoT devices from the cloud back to the device, thereby
reducing bandwidth demands.

The IoT data breached may • Generally, stored data should be encrypted with personally
include personally identifable identifable information stripped out in order to minimize
information. the impact of information theft resulting from
a data breach.
• If personally identifable information is required to be
collected and stored, ensure compliance with local privacy
laws such as the Personal Information Protection and Elec-
tronic Documents Act (PIPEDA) in Canada and the General
Data Protection Regulation in Europe.
• Prepare a data breach response plan that should include
steps to:
— contain the breach
— evaluate the risks as a result of the breach
— notify impacted persons
— prevent future incidents
IntErnEt of thIngs 6

Risk Areas Risk Mitigation Strategies

Employees may gain unau- • Create a separate private network for IoT devices that
thorized access of IoT devices are not shared with the network accessible by employee
through personal mobile devices.
devices.
• Ensure passwords for IoT devices are secure by changing
them from manufacturer defaults to forms that meet
organizational IT policies.

Employees may gain unautho- • Review IoT devices periodically to ensure outer casing
rized physical access to IoT has not been tampered with.
devices.
• Place IoT devices in locations where access controls are
secure and limited to authorized individuals.
• Review logs for IoT devices periodically and investigate
those where the device has gone ofine. Typically, to
maliciously tamper an IoT device would require bringing
it ofine and rebooting it.

This publication is part of the DISCLAIMER

technology spotlight series. This paper was prepared by the Chartered Professional Accountants of Canada (CPA Canada)
as non-authoritative guidance. CPA Canada and the authors do not accept any responsibility
or liability that might occur directly or indirectly as a consequence of the use, application or
reliance on this material.
The entire series covers Copyright © 2019 Chartered Professional Accountants of Canada
technology trends that All rights reserved. This publication is protected by copyright. Written permission is required
to reproduce, store in a retrieval system or transmit in any form or by any means (electronic,
impact CPAs and are mechanical, photocopying, recording, or otherwise).
available on our website. For information regarding permission, please contact [email protected].