What do auditors needs to recognise about client info and working with others?
Need to recognise when to disclose info with our without client’s permission and when to take precautions if acting for competing clients
As well as being able to recognise when to disclose information with or without clients’ permission and when to take precautions if acting for competing clients, what do auditors also need to understand?
Importance of data security
What must be done in relation to data during the course of an audit?
During course of an audit (both internal and external), will be significant amounts of evidence collected which must be stored securely to maintain confidentiality
How is the evidence likely to be stored in 21st century and why?
Increasingly likely to be some kind of electronic or digital storage due to significant advantages of being able to access and share data as part of an efficient audit, sometimes spread across different locations
Why can shared access data create problems?
Cyber threats are becoming more significant and the loss or theft of confidential data can have serious implications for auditors, who must now invest in ongoing cybersecurity controls to ensure they are adequately protected from such threats
What doe the implications of loss or theft of confidential data include?
Range from losing clients to being fined for non-compliance with data protection legislation
What do examples of suitable cybersecurity controls include? (4)
- The appointment of qualified IT staff who can implement and support appropriate policies and controls
- Investment in suitable IT infrastructure such as firewalls and anti-virus software
- Education and awareness of cybersecurity among staff, such as training for staff on neutralising suspicious emails that might contain a cyber threat
- Adoption of suitable cybersecurity accreditation, such as ISO 270001
Define cybersecurity and cyberthreats.
Awareness of the issues surrounding the use of digital means of storing and accessing confidential client information
-
Chapter 1: Section 1, 2, 3 and 442
-
Chapter 1: Section 6.1 - 6.341
-
Chapter 5: Section 1 - Section 2.479
-
Chapter 5: Section 2.5 - 2.1248
-
Chapter 6: Section 131
-
Chapter 6: Section 234
-
Chapter 6: Section 318
-
Chapter 6: Section 4 - 4.233
-
Chapter 2: Section 1 and 284
-
Chapter 3: Section 149
-
Chapter 3: Section 239
-
Chapter 3: Section 326
-
Chapter 3: Section 477
-
Chapter 4: Section 113
-
Chapter 4: Section 238
-
Chapter 4: Section 331
-
Chapter 4: Section 430
-
Chapter 1: Section 6.4 - Members in business14
-
Chapter 1: Section 6.5 - Ethical safeguards25
-
Chapter 1: Section 6.6 - Confidentiality18
-
Chapter 1: Section 6.7 - Conflicts of interest4
-
Chapter 1: 6.8 - Conclusions3
-
Chapter 1: 6.9 - Final note about data security8
-
Chapter 6: 4.3 - Other reporting responsibilities24
