Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
The Latest Progress and Concerns Regarding Mobile Technology Auditing
Abstract
The relevance of mobile technology in today’s world cannot be overstated. This is more so the case when it comes to convenience and efficiency enhancement. However, as much as mobile technology presents numerous benefits for organizations operating in today’s increasingly competitive marketplace, it also introduces several unique risks. This text concerns itself with mobile technology auditing. In so doing, it will not only highlight the latest approaches towards risk assessment, but also the controls that are being embraced in an attempt to mitigate risks associated with mobile technology.
Introduction
Smart devices such as tablets and phones have effectively revolutionized organizational processes and functionalities. In essence, a mobile device could be thought of as a “small computing device used for the assistance and convenience of certain aspects of a conventional computer in environments where carrying a computer would not be practical” (Institute of Internal Auditors, 2017). Today, thanks to mobile technology, we have a truly mobile workforce. With the computing power of today’s mobile devices, employees can function remotely as effectively as they would in a centralized physical office setting. It therefore follows that with mobile technology, business can be conducted in a way that is truly mobile via the utilization of a myriad of applications (apps) designed for various functionalities. With this in mind, it is important to note that while some organizations provide employees with mobile devices for the conduction of organizational duties and roles, others permit (or encourage) employees to make use of their own devices in what is commonly referred to as bring your own device (BYOD). Towards this end, it should be noted that whichever policy an organization has in place regarding the use of mobile devices (organization provided or BYOD), mobile technology still remains an expanding technology – effectively meaning that the use of mobile technology still presents a wide range of challenges and risks. This effectively warrants the adoption of a well-defined risk assessment, management, and control plan. The relevance of mobile technology auditing, therefore, cannot be overstated. This is more so the case when it comes to ensuring that the organization has in place strengthened security controls to rein in the various risks associated with the active utilization of mobile technology devices.
Technology Involved
In essence, it is important to note that the risks as well as controls relevant to mobile technology devices form the basis of audit procedures. These inform the direction of audit objectives as well as scope. Therefore, towards this end, the need to evaluate risk exposures cannot be overstated especially when it comes to the assessment of risk exposure. In the past, there have been a number of recurrent risks associated with mobile technology. Senft, Gallegos, and Davis (2012) identify these as “unauthorized access risks, physical security risks, mobile data storage device risk, operating system or application risk, network risk” (600). The nature as well as form of these risks keeps changing over time. In the words of Khan (2016), “in order for the proper controls for mobile apps to be developed and tested, one must first dissect the layers of risk.” As the author further points out, the said layers of risk could be numerous. In general however, in seeking to assess as well as evaluate the technology involved in mobile device security controls, various risks could be grouped into definitive categories.
i. Risks Relating to Information Security
Information security risks relate to not only applications, but also network connections as well as data storage and backup. With regard to applications, it should be noted that there are various apps (mostly developed by third party vendors) that users could download from app stores. Towards this end, if the relevant restrictions or limitations on third-party apps are not put in place by app stores as well as mobile technology platforms, mobile technology devices are left exposed to infections from Trojan horses, viruses, etc. Khan (2016) identifies four mobile app security risk segments – i.e. mobile...
When it comes to network connections, it should be noted that most mobile technology devices have internet connection capabilities. As Antonucci (2017) observes, unsecure Wi-Fi connections have been used numerous times in the past to gain unauthorized access to mobile devices. In the author’s own words, “mobile devices can become an easy entry point for cyber criminals” (329). On this front, data transmitted through cellular or wireless networks could be compromised or intercepted while in transit via untrusted networks. Lastly, on data storage and backup, without the deployment of the relevant security measures, it is possible for data stored in mobile technology devices to be accessed by third parties. Backing up data is also of great relevance for recovery purposes.
ii. Risks Relating to Physical Security
Mobile technology devices are, true to their defining term, mobile. This effectively means that unlike fixed items, these devices are at a constant risk of being stolen or misplaced/lost – which puts the information contained therein at risk of being accessed by an unauthorized party. Antonucci (2017) points out that it is not uncommon for users to have automatic login preferences on their mobile devices or store various login credentials in the said devices. This effectively means that the loss of such a device permits “access to multiple business or private systems and applications” (Antonucci, 2017, p. 329). There is need for there to be a well-defined theft/loss reporting protocol and response measures such as remote deletion of files in lost devices.
iii. Risks Relating to Compliance
It is worth mentioning that even in instances whereby the risks highlighted above are sufficiently addressed via the relevant controls, procedures, and measures, users could still ignore or seek to bypass the said controls and procedures. For instance, an employee could still fail to install the relevant updates even when there is a clear policy recommending such a course of action on a periodic basis.
Having highlighted the various risks associated with mobile technology devices, it would be prudent to assess the current approaches involved in related audits. The planning phase involves the identification of not only the objectives, but also the scope as well as timing of the audit engagement. Further, the resources to be allocated for the entire exercise should be highlighted during this phase. When it comes to the objective, the focus ought to be on specific activity risks (Kim and Solomon, 2016). For instance, it should be noted that given the fast paced nature of today’s business, most organizations deem quick access to various data as a priority. This must not be permitted to get in the way of proper risk assessments and controls. Towards this end, the audit engagement could focus on highlighting and sealing loopholes so as to minimize quick access risks. Scope, on the other hand, has got to do with the extent, timing, as well as form/nature of an audit engagement (Kim and Solomon, 2016). Given the risks organizations are exposed to today as a consequence of mobile technology device utilization, the relevance of ensuring that the various layers of the organization’s information technology architecture have adequate controls cannot be overstated. It therefore follows that the scope of the engagement should be on mobile technology device utilization procedures and policies, proper management of apps and other software, as well as user training. Lastly, adequate resources ought to be allocated for the engagement to be meaningful. Resources in this case, as Kim and Solomon (2016) point out include, but they are not limited to, the skill set (knowledge and expertise) required for meaningful audits. In this case, an organization could deploy internal resources, employ external resources, or embrace a mix of the two. The work program phase of the engagement ought not to commence without proper evaluation and assessment of the deployment as well as utilization of mobile technology devices within the organization. Towards this end, the various enquiries to be made relate to access to the network of the organization using mobile technology devices; BYOD considerations; departments/centers involved in the enforcement…
References
Antonucci, D. (2017). The Cyber Risk Handbook: Creating and Measuring Effective Cyber Security Capabilities. Hoboken, NJ: John Wiley & Sons.
Institute of Internal Auditors (2017). Auditing Your Company's Mobile Devices - Institute of Internal Auditors Raleigh-Durham Chapter. Retrieved from https://chapters.theiia.org/raleigh-durham/News/ChapterDocuments/Auditing%20Mobile%20Devices.pdf
KPMG (2017). Top 10 Internal Audit Focus Areas for Technology Companies. Retrieved from https://assets.kpmg.com/content/dam/kpmg/us/pdf/2017/03/kpmg-top-10-internal-audit-tech-2017.pdf
Khan, M.J. (2016). Mobile App Security—Audit Framework. Retrieved from https://www.isaca.org/Journal/archives/2016/volume-4/Pages/mobile-app-security-audit-framework.aspx
Kim, D. & Solomon, M.G. (2016). Fundamentals of Information Systems Security (3rd ed.). Burlington, MA: Jones & Bartlett Publishers.
Senft, S., Gallegos, F. & Davis, A. (2012). Information Technology Control and Audit (4th ed.). New York, NY: CRC Press.
Tallez, J. & Zeadally, S. (2017). Mobile Payment Systems: Secure Network Architectures and Protocols. New York, NY: Springer
Tysiac, K. (2015). How Internal Audit Can Help Manage 10 Top Technology Risks. Retrieved from https://www.journalofaccountancy.com/news/2015/aug/internal-audit-technology-risks-201512911.html
Ethics Core-Tex is facing a number of problems that could result in negative publicity. At present, the company is facing multiple challenges but has escaped major headlines. Thus, its stock price has not been hit too hard as the result of the accounting accusations. For the CEO, there are a few key things that need to be done. The first move, the muzzling of the C-suite, is essential. From a public
Social Media Presence at LinkedIn Professional Picture Here Ibrahim Swaray Cyber Security Graduate/Cyber Security Officer at University of Maryland Ridgewood Area, Baltimore, Maryland -- Information and Cyber Security Current: University of Maryland University of College Previous: Northrop Tech, CPCI, Education: University of Maryland Send Ibrahim InMail Connect us.linkedin.com/pub/ibrahim-swaray/35/ab7/537 Contact Info Innovative cyber security graduate seeking position as an IT and Cyber Security Analyst to provide cyber, technical and information security advice for your organizations to protect your information assets. A broad knowledge
SAP'S EXTERNAL FINANCIAL REPORTING SAP External Financial Reporting SAP's external financial reporting History of SAP SAP has a proud 40-year history that is founded on their mantra of innovation. Their success has come from their innovative culture. The company was founded in 1972 when five like-minded former IBM employees came together and created a company with the vision of providing clients with technological innovations. The company was called Systemanalyse und Programmentwicklung (SAP) which was
This role is in response to clients' demands for a single trustworthy individual or firm to meet all of their financial needs. However, accountants are restricted from providing these services to clients whose financial statements they also prepare." (U.S. Department of Labor, Bureau of Labor Statistics, 2009) 1. Public Accounting The work entitled: "The Reality of the CPA's Role" states that modern CPAs work "behind the scenes as trusted advisors in
International Financial Reporting Standards (IFRS) Generally Accepted Accounting Principles (U.S. GAAP) US GAAP is the general accounting principles, standard, and procedures that the U.S. companies follow to prepare their financial statements. GAAP has combination of accepted standards that the companies should follow when recording and reporting their accounting information. For example, GAAP has set up the rules that companies should follow when preparing the financial data such as balance sheet, revenue recognition,
Apple Inc. that was previously known as Apple Computer, Inc. is an American multi-national corporation that deals in consumer electronics, personal computers and computer software and was founded in 1976. Steve Jobs was the co-founder of Apple. During his stay as CEO, company launched series of revolutionary technologies. He died on October 5, 2011. Currently, Tim Cook is the CEO of Apple. Before being on this position, Cook was Apple's