Management Today - Spring 2016 - 9


FINANCE & ACCOUNTING //

mt

Spring 2016

these risks, many firms are turning to
their auditors to implement controls to
ensure protection of their assets. These
security data risk dynamics are influencing what managers are expecting and
demanding from their auditors.
Historical Role
Typically the auditor's role has been
to help managers implement internal
controls to protect their assets. Previously, a firm's major asset was only its
cash and inventory. Due to unethical
conduct brought to light during the
Enron scandal, Congress implemented
the Sarbanes Oxley (SOX) Act. One of
the key features of SOX is section 404,
which requires that firms implement
internal controls. These controls, in
2003, focused mainly on physical assets
as previously mentioned. Now, these internal controls encompass the security
of data.
Management Reporting
Section 404 of the act directs the
Commission to adopt rules requiring
each annual report of a company, other
than a registered investment company,
to contain a statement of management's responsibility for establishing
and maintaining an adequate internal
control structure and procedures for
financial reporting; and management's
assessment, as of the end of the company's most recent fiscal year, of the
effectiveness of the company's internal
control structure and procedures for
financial reporting. Section 404 also
requires the company's auditor to
attest to, and report on management's
assessment of the effectiveness of
the company's internal controls and
procedures for financial reporting in
accordance with standards established
by the Public Company Accounting
Oversight Board.
The Commission received more

than 60 comments on the Section 404
proposals that expressed general overall
support for the Commission's approach
to implementing Section 404 of the act.
The adopting release will incorporate
a number of changes recommended by
commenters. Under the final rules, management's annual internal control report
will have to contain:
* A statement of management's
responsibility for establishing and
maintaining adequate internal control over financial reporting for the
company;
* A statement identifying the framework used by management to evaluate the effectiveness of this internal
control; management's assessment
of the effectiveness of this internal
control as of the end of the company's most recent fiscal year; and
* A statement that its auditor has
issued an attestation report on management's assessment.
Advances in technology have led to clients' data becoming available not only
on company servers but also on mobile
devices. Countering this risk has led
many firms to begin storing the computer data on the cloud. In addition,
due to telecommuting - particularly by
accountants, lawyers and medical professionals - many clients' data are now
at risk. Even with the ability to store
information on the cloud, client data
remains at risk. This begs the question
as to how these current technological
advances are impacting how managers think about internal control over
client data.
Impact Today
According to PriceWaterhouse (PWC),
in 2003 there were 21 publicly reported
cases of large-scale loss, theft and exposure of personal data.
"By 2011, the number of incidents had

increased to 1,037, and 2012 looks likely
to beat that total."
Addressing these facts, PWC published an article addressing this issue
entitled "Fortifying Your Defenses." The
role of internal audit is to assure data security and privacy. PWC has stated that
there are three elements that contribute
to risk: management, risk management
and compliance, and internal audit.
PWC further states: "The internal
audit function provides objective
assurance to the board and executive
management on how effectively the
organization assesses and manages its
risks, including the manner in which the
first and second lines of defense operate.
It is imperative that this line of defense
be at least as strong as the first two for
critical risk areas: Without a function
that provides competent and objective
assurance, a company faces real risks
of its information privacy practices
becoming inadequate or even obsolete. This is a role that internal audit is
uniquely positioned to fill. But to do so, it
must have the mandate and the resources to match."
Conclusion
The Enron scandal caused firms to focus on internal control with particular
attention given to the ethical conduct
of employees and management as well
as assuring that they had adequate
controls in place. With the proliferation of handheld mobile devices and
data storage on laptops, telecommuting management now must consider
how to best safeguard clients' data.
This is true not only in medical and
government entities, but in corporations as well. mt
Paul Franklin is EJD and curriculum manager
at Kaplan University. Linda Leatherbury,
Ph.D., is a School of Business and IT faculty
member at Kaplan University.
SPRING 2016 MANAGEMENTTODAY-MAGAZINE.COM

9


http://www.MANAGEMENTTODAY-MAGAZINE.COM

Table of Contents for the Digital Edition of Management Today - Spring 2016

Contents
Management Today - Spring 2016 - Cover1
Management Today - Spring 2016 - Cover2
Management Today - Spring 2016 - 1
Management Today - Spring 2016 - Contents
Management Today - Spring 2016 - 3
Management Today - Spring 2016 - 4
Management Today - Spring 2016 - 5
Management Today - Spring 2016 - 6
Management Today - Spring 2016 - 7
Management Today - Spring 2016 - 8
Management Today - Spring 2016 - 9
Management Today - Spring 2016 - 10
Management Today - Spring 2016 - 11
Management Today - Spring 2016 - 12
Management Today - Spring 2016 - 13
Management Today - Spring 2016 - 14
Management Today - Spring 2016 - 15
Management Today - Spring 2016 - 16
Management Today - Spring 2016 - 17
Management Today - Spring 2016 - 18
Management Today - Spring 2016 - 19
Management Today - Spring 2016 - 20
Management Today - Spring 2016 - 21
Management Today - Spring 2016 - 22
Management Today - Spring 2016 - 23
Management Today - Spring 2016 - 24
Management Today - Spring 2016 - 25
Management Today - Spring 2016 - 26
Management Today - Spring 2016 - 27
Management Today - Spring 2016 - 28
Management Today - Spring 2016 - 29
Management Today - Spring 2016 - 30
Management Today - Spring 2016 - 31
Management Today - Spring 2016 - 32
Management Today - Spring 2016 - 33
Management Today - Spring 2016 - 34
Management Today - Spring 2016 - 35
Management Today - Spring 2016 - 36
Management Today - Spring 2016 - 37
Management Today - Spring 2016 - 38
Management Today - Spring 2016 - 39
Management Today - Spring 2016 - 40
Management Today - Spring 2016 - 41
Management Today - Spring 2016 - 42
Management Today - Spring 2016 - 43
Management Today - Spring 2016 - 44
Management Today - Spring 2016 - 45
Management Today - Spring 2016 - 46
Management Today - Spring 2016 - 47
Management Today - Spring 2016 - 48
Management Today - Spring 2016 - 49
Management Today - Spring 2016 - 50
Management Today - Spring 2016 - 51
Management Today - Spring 2016 - 52
Management Today - Spring 2016 - 53
Management Today - Spring 2016 - 54
Management Today - Spring 2016 - 55
Management Today - Spring 2016 - 56
Management Today - Spring 2016 - 57
Management Today - Spring 2016 - 58
Management Today - Spring 2016 - 59
Management Today - Spring 2016 - 60
Management Today - Spring 2016 - 61
Management Today - Spring 2016 - 62
Management Today - Spring 2016 - 63
Management Today - Spring 2016 - 64
Management Today - Spring 2016 - 65
Management Today - Spring 2016 - 66
Management Today - Spring 2016 - 67
Management Today - Spring 2016 - 68
Management Today - Spring 2016 - 69
Management Today - Spring 2016 - 70
Management Today - Spring 2016 - 71
Management Today - Spring 2016 - 72
Management Today - Spring 2016 - Cover3
Management Today - Spring 2016 - Cover4
http://www.nxtbook.com/nxtbooks/knighthouse/mgt_2016spring
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2016winter
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2014fall
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2012fall
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2012summer
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2012spring
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2012winter
http://www.nxtbook.com/nxtbooks/phoenix/mgt_2011fall
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_20110607
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2011summer
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2011spring
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2011winter
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2010fall
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2010summer
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2010springsummer
http://www.nxtbook.com/nxtbooks/businessmedia/mgt_2010spring
http://www.nxtbookMEDIA.com