Concerned auditors are missing the big picture when assessing the effectiveness of a company’s internal control over financial reporting (ICFR), the chief accountant at the Securities and Exchange Commission (SEC) called on the profession—and company managers—to take a holistic approach to assessing risks.

Paul Munter, in a statement published Friday, said the SEC is “troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting while disregarding broader, entity-level issues that may also impact financial reporting and internal controls.” He urged company managers to “take a holistic approach when assessing information about the business and avoid the potential bias toward evaluating problems as isolated incidents, in order to timely identify risks, including entity-level risks.”

The crux of Munter’s remarks is that one-off incidents—i.e., a data breach—might not be part of traditional ICFR assessments but still could pose a significant impact to financial reporting. The call for auditors to take on more responsibility in assessing such matters falls in line with increased pressure placed on the profession to serve as gatekeepers holding management accountable, most notably with the Public Company Accounting Oversight Board’s proposed standard updates to require auditors to enhance scrutiny toward potential instances of company noncompliance, including fraud.