Do you think nature pushed new norms for how staff work for organizations? Working mode and style have changed with the pandemic that disrupted the world’s health, economic conditions.
Do you think nature pushed new norms for how staff work for organizations? Working mode and style have changed with the pandemic that disrupted the world’s health, economic conditions. New norms and new lifestyle and work models is evolving. Organization having employees work from home or remotely is no more a luxury, it is a new standard, may be for years to come.
Auditors are no exception. However, unlike other functions, the way auditors work is different. A day in an auditor’s life would include one or all of the activities such as audit interviews, sampling and testing, and documenting. Interviews used to be in person and face to face, confidential information would need to be accessed and reviewed at times, and applications or repositories where information resides would need auditors to be on the company’s networks.
In order to enable an audit team to work remotely, basic elements such as policies, logistics and technologies are needed.
Policy controls: Auditors working remotely need to ensure that the organization have policies such as remote work policy, acceptable use policy. If the engagement is co-sourced, and a Non-Disclosure Agreement (NDA) is required. Auditors need to be aware of data classification policies of the organization and the security control requirement needed for digital transmission of information. Policies related to information classification, bring your own device (BYOD), bring your own application (BYOA) will aid in empowering, enabling and managing the remote workforce
Working Space: Auditors need to identify a suitable working space at home or available facility. As auditors might be involved in sensitive audits and potentially reviewing confidential information, it is inevitable to ensure that the working space identified provides ample physical security and privacy.
Technology Hardware: Auditors need mobile computing capabilities such as laptops, tablets for executing their work. As auditors will be conducting audit interview meeting with management and senior personnel, its is highly advised to use headsets to avoid conversation being over heard by others. Access to printers and scanners is required, although not mandatory. A BYOD (Bring Your Own Device) policy will allow the use of personal asset for organizational purposes. It is advisable to consult the Information Security / IT Department for existence and applicability of such policies.
Software Applications: For fulfillment of audit engagement remotely, software solutions such as the ones listed below will be useful.
- Audit management software, that can be remotely accessed or can be used in offline mode
- Remote access to communication solutions such as corporate email
- online meeting and collaboration solutions
- secure file transfer solutions
- Data analytical tools.
Auditors need to be aware of the solutions and applications approved by the organization for use. A BYOA (Bring Your Own Application) is a concept where organization allows employees to use personal cloud apps for official work purposes. This is an outgrowth of the BYOD concept. Existence of policies that support BYOA can be verified with the orgnaization’s information security function.
Information Security : Auditors may have access to sensitive information as part of audit engagements. Ensuring adequate level of information security measures is important in the events of working remotely. This includes use of
- Virtual Private Networks (VPN) to secure access to corporate networks over internet.
- Dual Factor Authentication (DFA) can be used to secure access to corporate applications and systems. This will aid in minimizing the risks if user credentials gets compromised.
- Encryption solutions should be used to encrypt hard drives and files stored locally. This will aid in minimizing the risks of access to data stored in the laptops in case of asset loss.
- Data Leak Prevention (DLP) and Mobile Device Management (MDM) solutions can be used to detect and prevent data leak and enable organization for remotely managing corporate information on mobile computing devices such as laptops, tablets and mobile apps.
Conclusion:
Organizations should ensure adequate level of governance and management controls in place to enable remote work for auditors. Organization should also ensure adequate level of information security controls are as well in place to ensure confidentiality, integrity and availability of information. Auditors should practice due diligence and due care while accessing, processing, sharing and communicating during remote work and remote auditing. Adequate level of etiquette have to maintained during online meeting.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?
About the Author
Abdul Jaleel Puthenpurayil has 20+ years of experience delivering business values through Information Technology and Information Security practices. Expertise in IS strategy and frameworks, vulnerability assessments and penetration testing, project management, IT service management and business continuity. Innovative team leader with business acumen, successful in aligning information security and technology to organizational goals.