auditors and auditing
AUDITING AND AUDITORS
(NEWLY ASSIGNED ROLES IN INFORMATION SECURITY AND FRAUD PREVENTION)
Auditing and auditors has recently been assigned a new role by the unseen hands of business reality and challenges that is continually changing.
Auditing and auditors new role is necessitated by the fact that computers control almost all that we do in this new age. You rarely see a thing that does not have an e-version nowadays.
The deployment of computer applications and IT infrastructures in the process of business operations (accounting, marketing, production, etc) has significantly increased the risk associated with information security and fraud prevention. This is as a result of an increased vulnerability created by the use of this ‘gizmo’ computer.
Computer has become the primary working tool of our time. By simply pressing one red or blue button somewhere, a systems’ security can be greatly compromised there allowing fraud to take place.
Auditing is an aspect of assurance service that attempts to lend credibility to information. Stake holders in business needs assurance about assertions made in information meant for their consumption.
Auditing is the process of reviewing the use of a system (laws, standards, rules and principles), not a check of performance, but, rather to determine if misuse or abuse has occurred in the use of a system.
OFFICIAL DEFINITION (AMERICAN ACCOUNTING ASSOCIATION)
“Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and communicating the results to interested users”
Success of a business is purely measured by its ability to meet its ability to meet its objective(s). These objectives can be financial or non-financial.
Arguably, one of the most important objectives of companies is to protect their asset which includes information. Information is exposed to a number of dangers- it can be; compromised, stolen, misused, accidentally deleted, intentionally or unintentionally disclosed to competitors, etc
Fraud is an intentional deceptive act of an individual or group of people that is backed with the sole aim of taking advantage of others. Fraud is not the same thing as unintentional error(s).
OFFICIAL DEFINITION (DICTIONARY)
“Fraud is a generic term, and embraces all the multifarious means which human ingenuity can devise, which are resorted to by one individual, to get an advantage over another by false representations. No definite and invariable rule can be laid down as a general proposition in defining fraud, as it includes surprise, trickery, cunning and unfair ways by which another is cheated. The only boundaries defining it are those which limit human knavery.”
The above dictionary definition of fraud shows that fraud is a deceptive act with following elements; A representationabout a material point which is false and intentionally or recklessly so which is believed and acted upon by the victim to the victim’s damage.
The question now is, what are the roles of auditors and auditing in the quest to reduce information risks and the incidence of fraud?
Before I go on answering this question, I will like to point out one regrettable fact about ‘traditional auditing’ – the continuous widening ‘audit expectation gap’. Expectation gap is a term used to describe the gap between what people expects from audit and what audit is actually doing, which is to express professional opinion and to lend credibility to piece of information.
This has however slightly changed. Hence, this article
AUDITING AND AUDITORS ROLE
- Fraud fighting/fraud fighters.
Fraud on the news has become rampant this days and a lot of calls have been made on authorities to re-write accounting and auditing curricular so that auditors will be well prepared to fight the fraud that is threatening to take over the business community.
There are skills that auditors need to acquire in other to be prepared for this enormous challenge.
Some of them are; analytical skills, communication skills, technology skills, proper understanding of accounting and business, a well honed ability to speak and understand foreign language, a working knowledge of civil and criminal laws, criminology, privacy issues, employee right, computer forensic tools, fraud statues and other fraud related issues.
This may however seem not going to be easy at first but is highly achievable. The above skills if acquired will place an auditor in a better position to meet the challenge of the new and ever changing business environment.
- INFORMATION SECURITY OFFICERS
Accountants and Auditors are now called information professionals. This is to reflect the new role that accountants and auditors play in modern day business community. And as information professionals, there are skills that are indispensable for auditors to meet the requirement of this new role.
Some of such skills are; networking skills, a little programming skill, database management skills, use of basic security technology (VPN, Firewalls, IDS, Access control, etc)
- SYSTEMS CONSULTANTS.
As business becomes more complex, the need for people with the ability and skill to develop and analyse systems become even more important. It is a known fact that those that commit fraud are people that have good knowledge of systems and how it works.
- BUSINESS ADVISORS.
Business will definitely be better off if those that advise the business managers are themselves knowledgeable about business. Some business skills are a must for an auditor.
Wow! This is quite a lot of challenge that the new business world has given to the auditors and auditing as a profession. Well, if that is what is needed to restore the lost glory of Accounting as a profession, why not auditors face it squarely?
I have a blog post on auditing for information security loopholes you can check it out