"Management Today was so professional in the way they handled coverage of our company. We are impressed with the magazine’s look and content."
Christine Cox, Structura Inc.
"As a business owner concerned about our brand’s image, the quality of the images and print were excellent. The other articles and the cover reflected that same quality."
George Kiebala, Curvy Road
"Management Today is a wonderful publication and I applaud their commitment to highlighting women leaders in business. I felt honored to work with them on this piece."
Juli Spottiswood, Parago
"Just wanted to drop you a quick note to thank you for your work on our article in Management Today. Your organization made the process of making the arrangements, submitting photography, and conducting the interview painless. We are very pleased with the results."
Lisa Paterni, Pitsco
"Management Today has become one of the most influential publications I have read in some time and is a direct influence on the training dialogue I provide. Thank you for creating a value-added magazine. I look forward to each publication."
Dean S. Santopoalo, Development Coach of Focused In Leadership
"We are very pleased to say that our experience with Management Today was simple, no hassle, and more importantly EFFECTIVE!"
Milene Kerley, Playa Blanca Resort
"Working with the experienced, organized and courteous staff at Management Today magazine was a real pleasure. From the interview process to final review and approval of the written article, a high level of professionalism was demonstrated by the staff at Management Today."
Barry Rempel, Winnipeg Airport Authority
"You did a great job of crafting this. In the past having been interviewed, I can get skeptical of what was said vs. what was printed, but you captured it well."
Joel Slank, Rockline Industries
"Thank you for publishing the story about our small business success and significance in “giving back.” The staff was very professional, polite, and respectful while gathering information. The final copy was therefore both accurate and written in an interesting way to share our story."
Andy Wells, Wells Technology
"Working with Management Today was both pleasurable and a learning experience. Their ability to ask relevant and probing questions provided me the opportunity to thoughtfully reflect on the strategic and cultural successes of our company while telling our story of 150 years in a unique and effective way."
Guillermo T. Rodriguez, Bacardi

Taking Charge

FinanceSpring16Who is responsible for keeping sensitive data secure?

Clients’ social security numbers, addresses and telephone numbers are examples of sensitive data that corporations must protect and keep private. International transactions, as well as current and future development plans, may also contain sensitive data. Who is responsible for keeping this data secure and out of the wrong hands? What role does the accountant play in assuring that this data is secure?

These are very important concerns for a firm. Accordingly, companies are hiring firms to assure that this type of data remains secure. Who is ultimately responsible for a security failure? Security breaches within well-known firms, such as Sony Motion Pictures and Target Inc., have been in the news and the resulting loss of customer confidence is difficult, if not impossible, to measure. This article will explore the role the firm’s accountants play in assuring that its assets are secure. In addition, it will explore how these potential security breaches are impacting the role and scope of the firm’s auditors.

Enterprise Risk Management

A common contemporary management technique, studied in many graduate courses, is Enterprise Risk Management (ERM). ERM is a technique that focuses on obtaining a firm’s objectives by examining the entire spectrum of risk to a firm and the possible impact of those risks upon the firm’s finances.

The risk of a data breach to a firm may result in the potential risk of a lawsuit, as well as client loss. To combat these risks, many firms are turning to their auditors to implement controls to ensure protection of their assets. These security data risk dynamics are influencing what managers are expecting and demanding from their auditors.

Historical Role

Typically the auditor’s role has been to help managers implement internal controls to protect their assets. Previously, a firm’s major asset was only its cash and inventory. Due to unethical conduct brought to light during the Enron scandal, Congress implemented the Sarbanes Oxley Act. One of the key features of the SOX is section 404, which requires that firms implement internal controls. These controls, in 2003, focused mainly on physical assets as previously mentioned. Now, these internal controls encompass the security of data.

Management Reporting

Section 404 of the Act directs the Commission to adopt rules requiring each annual report of a company, other than a registered investment company, to contain a statement of management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and management’s assessment, as of the end of the company’s most recent fiscal year, of the effectiveness of the company’s internal control structure and procedures for financial reporting. Section 404 also requires the company’s auditor to attest to, and report on management’s assessment of the effectiveness of the company’s internal controls and procedures for financial reporting in accordance with standards established by the Public Company Accounting Oversight Board.

The Commission received more than 60 comments on the Section 404 proposals that expressed general overall support for the Commission’s approach to implementing Section 404 of the Act. The adopting release will incorporate a number of changes recommended by commenters. Under the final rules, management’s annual internal control report will have to contain:

• A statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company;

• A statement identifying the framework used by management to evaluate the effectiveness of this internal control; management’s assessment of the effectiveness of this internal control as of the end of the company’s most recent fiscal year; and

• A statement that its auditor has issued an attestation report on management’s assessment.

Advances in technology have led to clients’ data becoming available not only on company servers but also on mobile devices. Countering this risk has led many firms to begin storing the computer data on the cloud. In addition, due to telecommuting - particularly by accountants, lawyers and medical professionals - many clients’ data are now at risk. Even with the ability to store information on the cloud, client data remains at risk. This begs the question as to how these current technological advances are impacting how managers think about internal control over client data.

Impact Today

According to PriceWaterhouse (PWC), in 2003 there were 21 publicly reported cases of large-scale loss, theft and exposure of personal data. “By 2011, the number of incidents had increased to 1,037, and 2012 looks likely to beat that total.”

Addressing these facts, PWC published an article addressing this issue entitled “Fortifying Your Defenses.” The role of internal audit is to assure data security and privacy. PWC has stated that there are three elements that contribute to risk: management, risk management and compliance, and internal audit.

PWC further states: “The internal audit function provides objective assurance to the board and executive management on how effectively the organization assesses and manages its risks, including the manner in which the first and second lines of defense operate. It is imperative that this line of defense be at least as strong as the first two for critical risk areas: Without a function that provides competent and objective assurance, a company faces real risks of its information privacy practices becoming inadequate or even obsolete. This is a role that internal audit is uniquely positioned to fi ll. But to do so, it must have the mandate and the resources to match.”

Conclusion

The Enron scandal caused firms to focus on Internal Control with particular attention given to the ethical conduct of employees and management as well as assuring that they had adequate controls in place. With the proliferation of hand held mobile devices and data storage on laptops, telecommuting management now must consider how to best safeguard clients’ data. This is true not only in medical and government entities, but in corporations as well.

Paul Franklin is EJD and Curriculum Manager at Kaplan University. Linda Leatherbury PhD is a School of Business and IT faculty member at Kaplan University. This article appears as the Finance & Accounting feature in the Spring 2016 issue of Management Today.

Current Issue

Check out our latest Edition!

 

Contact Us

Management Today Magazine

100 Cummings Center, Suite 250-C
Beverly, MA 01915
P: 978.299.9800  F: 978.299.9800

Click here for a full list of contacts.

Latest Edition

Spread The Love

Back To Top