X
Icon

The 21st Minute


Blog


Do You Know Where Your Data Is Tonight?


Challenges of Auditing in a Virtual World

Welcome to our virtual world. These days, our company information, financial details, employee records, and client files are stored across physical, virtual, and cloud environments. They can be accessed at all hours of the day and night. Or walk straight out the door without anyone noticing.

The options are evolving at dizzying speeds. But protecting and auditing your data in this complex and connected environment is full of challenges. Let’s take a look at three of the most critical areas for mitigating risk, and areas where IDEA is most useful.

Remember – good external auditors get the job done. Great external auditors help inspire the rest of us and lift up the entire profession. Do you have the above traits? If the answer is yes, then you are probably already a great auditor.

Welcome to our virtual world. These days, our company information, financial details, employee records, and client files are stored across physical, virtual, and cloud environments. They can be accessed at all hours of the day and night. Or walk straight out the door without anyone noticing.

The options are evolving at dizzying speeds. But protecting and auditing your data in this complex and connected environment is full of challenges. Let’s take a look at three of the most critical areas for mitigating risk, and areas where IDEA is most useful.

Remember – good external auditors get the job done. Great external auditors help inspire the rest of us and lift up the entire profession. Do you have the above traits? If the answer is yes, then you are probably already a great auditor.

Information Security

The headlines are filled with reports of costly data and online security breaches. Such incidents can cost an organization millions of dollars in legal fees, new security measures, and reconstructing the integrity of the compromised data—not to mention intangible losses in reputation and customer loyalty.

But it isn’t just customer data that is at risk. A recent Protiviti survey of internal auditors indicated significant concerns about the cloud and the potential for fraud in critical areas such as billing, cash disbursements, purchasing and receiving, vendor setup, and access controls, and the desire to use data analytics to stay on top of these areas.

As a result, most organizations have implemented strict new protocols for handling data. But is anyone checking to make sure the protocols are actually being followed? The stakes for internal auditors have never been higher. Many of us will need to ramp up yet another new skill set, this time in data privacy and cybersecurity controls—not to mention keeping up with all the related legislation and reporting requirements being passed and revised each year.

Partnering With IT

We don’t necessarily have to fight this battle on our own. These days, our organizations can complete millions of transactions a day. We’re accumulating vast arrays of data with no paper trail to back them up. We can use tools like IDEA to continuously monitor critical areas for fraud and other risks. But information technology staff plays an equally critical role, setting up firewalls, intrusion detection, encryption, and device configuration to keep the data safe in the first place.

Personal relationships ranked as the most important aspect to a succussful partnership between auditors and IT.

We all know that in practice, the partnership between the auditing function in a company and the IT function gets complicated. Most of the time, the two functions belong to different parts of the organization and have different reporting requirements and expectations.

With this in mind, it’s not surprising that a study by the Canadian firm J.E. Boritz Consultants Limited indicated that personal relationships—rather than organizational structure—ranked as the most important aspect to a successful partnership between auditors and IT. This presents a great opportunity to refine your communication skills. Here are a few tips to get the bridge building started.

Personal relationships ranked as the most important aspect to a successful partnership between auditors and IT.

  • Learn the language of IT. Develop the technical knowledge necessary to relate to the IT staff, and ask for what you need in their own terms. This doesn’t mean you have to become an expert, but you should learn enough to ask the right questions and demonstrate that you are curious and genuinely interested in what they do. They will begin to see you as a trusted partner.
  • Be able to explain clearly what the goal is and why it’s important to the organization, not just to you. For example, if you are establishing an electronic audit trail for invoices, you need to be able to explain exactly what the steps are in the life of an invoice and why you need to know if something goes awry. Your IT staff has probably never thought about these issues before, nor why it’s important to have that information to your job properly.
  • Most importantly, embody the attitude that "we’re all in this together." Invest the time to get to know your IT colleagues as individuals. You need ongoing dialogue, not quick fixes. There may even be opportunities to mutually help one another – combining your skills to reach common goals.

Personal Devices

Most of us can reach into our pockets and pull out more computing power than NASA possessed for the moon landing in 1969. But with great power comes great responsibility. With the proliferation of smartphones, tablets, and laptops, many organizations simply allow their employees to BYOD (bring your own device).

The convenience comes at a price. How well are these off-network devices secured against malware and spyware? Can an employee simply move sensitive data to their own cloud storage in order to work on it at home or on the road? What about records management for e-mails and discussions about issues related to government regulations or potential litigation? What if a device full of sensitive information is lost or stolen?

If you work for a large organization, you may already have a mobile device management (MDM) policy on how your data is accessed and ways to audit whether the protocols are being followed. More and more companies now require their employees to install software that segregates business data from an employee’s personal files, as well as maintain a company firewall and install encryption and other security measures. Even without a technical enforcement solution, you can educate your employees about what is expected to keep your company data secure. But let’s face it—mobile computing and the attendant risks are evolving on a daily basis, and accountants, auditors, and IT professionals are scrambling to catch up with ways to secure our information and monitor employee compliance.

Finally—IDEA is leading the way, not only as an analytics platform but in facilitating your collaborations in the virtual world. IDEA Server allows an entire audit team to share a data set in a flexible but secure environment, as well as share and store analytic approaches and logic in a single workspace. Our data may be living in the virtual world—but by learning, communicating, and keeping our focus always on integrity and effectiveness; we can provide relevant, valuable leadership.

1250 Wood Branch Park Dr., Ste. 480, Houston, TX 77079

888.641.2800 • [email protected] • audimation.com


Best Practices



Posted By

By


Related Posts
Wayfair Woes One Year Later
Jul 24 The rise in online shopping has sharply impacted state sales tax revenue. Rather than increasing the tax rate, states are setting parameters to define nexus, wh...
Tech Tip: Understanding Join and Visual Connector
Jun 19 Using IDEA’s Join and Visual Connector features can help you search for matches and correlations between different data sets, but they are often confused with...
Uncovering Fraud Using Fraud Data Analytics
May 15 The days of exploring data, hoping to stumble across a fraud scheme have ended. In fact, auditors are now expected to integrate fraud detection into the audit p...
BROWSER NOT SUPPORTED

This website has been designed for modern browsers. Please update. Update my browser now

×