X
Audimation Services has been acquired by Caseware International Learn More.
Challenges of Auditing in a Virtual World
Welcome to our virtual world. These days, our company information, financial details, employee records, and client files are stored across physical, virtual, and cloud environments. They can be accessed at all hours of the day and night. Or walk straight out the door without anyone noticing.
The options are evolving at dizzying speeds. But protecting and auditing your data in this complex and connected environment is full of challenges. Let’s take a look at three of the most critical areas for mitigating risk, and areas where CaseWare IDEA® is most useful.
Remember – good external auditors get the job done. Great external auditors help inspire the rest of us and lift up the entire profession. Do you have the above traits? If the answer is yes, then you are probably already a great auditor.
The headlines are filled with reports of costly data and online security breaches. Such incidents can cost an organization millions of dollars in legal fees, new security measures, and reconstructing the integrity of the compromised data—not to mention intangible losses in reputation and customer loyalty.
But it isn’t just customer data that is at risk. A recent Protiviti survey of internal auditors indicated significant concerns about the cloud and the potential for fraud in critical areas such as billing, cash disbursements, purchasing and receiving, vendor setup, and access controls, and the desire to use data analytics to stay on top of these areas.
As a result, most organizations have implemented strict new protocols for handling data. But is anyone checking to make sure the protocols are actually being followed? The stakes for internal auditors have never been higher. Many of us will need to ramp up yet another new skill set, this time in data privacy and cybersecurity controls—not to mention keeping up with all the related legislation and reporting requirements being passed and revised each year.
We don’t necessarily have to fight this battle on our own. These days, our organizations can complete millions of transactions a day. We’re accumulating vast arrays of data with no paper trail to back them up. We can use tools like IDEA to continuously monitor critical areas for fraud and other risks. But information technology staff plays an equally critical role, setting up firewalls, intrusion detection, encryption, and device configuration to keep the data safe in the first place.
Personal relationships ranked as the most important aspect of a successful partnership between auditors and IT.
We all know that in practice, the partnership between the auditing function in a company and the IT function gets complicated. Most of the time, the two functions belong to different parts of the organization and have different reporting requirements and expectations.
With this in mind, it’s not surprising that a study by the Canadian firm J.E. Boritz Consultants Limited indicated that personal relationships—rather than organizational structure—ranked as the most important aspect of a successful partnership between auditors and IT. This presents a great opportunity to refine your communication skills. Here are a few tips to get the bridge-building started.
Personal relationships ranked as the most important aspect of a successful partnership between auditors and IT.
Most of us can reach into our pockets and pull out more computing power than NASA possessed for the moon landing in 1969. But with great power comes great responsibility. With the proliferation of smartphones, tablets, and laptops, many organizations simply allow their employees to BYOD (bring your own device).
The convenience comes at a price. How well are these off-network devices secured against malware and spyware? Can an employee simply move sensitive data to their own cloud storage in order to work on it at home or on the road? What about records management for e-mails and discussions about issues related to government regulations or potential litigation? What if a device full of sensitive information is lost or stolen?
If you work for a large organization, you may already have a mobile device management (MDM) policy on how your data is accessed and ways to audit whether the protocols are being followed. More and more companies now require their employees to install software that segregates business data from an employee’s personal files, as well as maintain a company firewall and install encryption and other security measures. Even without a technical enforcement solution, you can educate your employees about what is expected to keep your company data secure. But let’s face it—mobile computing and the attendant risks are evolving on a daily basis, and accountants, auditors, and IT professionals are scrambling to catch up with ways to secure our information and monitor employee compliance.
Finally—IDEA is leading the way, not only as an analytics platform but in facilitating your collaborations in the virtual world. IDEA Server allows an entire audit team to share a data set in a flexible but secure environment, as well as share and store analytic approaches and logic in a single workspace. Our data may be living in the virtual world—but by learning, communicating, and keeping our focus always on integrity and effectiveness; we can provide relevant valuable leadership.
888.641.2800 • [email protected] • audimation.com
This website has been designed for modern browsers. Please update. Update my browser now