Monday, January 30, 2012

Three concepts that outline the future of auditing

Auditing Remotely 

Modern technologies have changed the way we communicate and collaborate with each other over the last five years (2007 - 2012) much more than it had done so over the previous twenty years (1987-2007) and even more than the previous 110 years (1877-1987). New ways to collaborate that became available over the last several years include: social networking, tele-presence, virtual group meetings, instant sharing of text, video and audio, as well as virtual content creation. New information technologies pushed the boundaries of what seemed to be impossible in the last century allowing real-time collaboration of people from remote locations. Companies that offer certification, registration, and consulting services increasingly prefer virtual sessions over in-person visits.  These technologies open a world of new possibilities for organizations but also introduce a number of challenges.
Risk-based Auditing

Risk-based audits have been established in different areas including accounting and finance for quite a long time. The concept of risk-based audits was introduced to the area of management system auditing by the standard ISO 19011:2011 Guidelines for Auditing Management Systems. The standard recognizes that organizations need to focus auditing efforts on matters of significance to the management system. Risk management process, as defined by the International Standard ISO 31000:2009 Risk management Risk management - Principles and Guidelines, includes such elements as risk evaluation and analysis. These principles can be incorporated into the auditing process and help prioritize conclusions and results based on strategic goals. The ISO 19011:2011 standard also suggests how the risk management approach can be adapted to the auditing process to evaluate the risk of the process not achieving its objectives and the risk to the potential of interfering with the audited activities and processes.

Handling Confidentiality

The complexity of maintaining confidentiality is constantly increasing with the development of new information technologies. What information should and should not be shared via emails and messages? What levels of information security are provided by different types of software applications for screen sharing and virtual sessions? How to ensure the security of information when large files are shared over the internet? What information security risks are assessed and controlled prior to the beginning of an audit or a consulting engagement?  Every new technology that becomes available raises a new set of security questions that should be addressed by both parties, auditors or consultants and their clients. ISO 19011:2011 states that “auditors should exercise discretion in the use and protection of information acquired in the course of their duties”. Since the information from the client is mostly acquired in an electronic form through the use of information technologies, it prompts auditors and consultants to become technically savvy with proper handling this information.

Please share your experiences and thoughts on the topics discussed.

Natalia Scriabina is Centauri Business Group, Inc. Vice President responsible for overseeing the portfolio of training courses and strategic partnerships.