Australia’s setter of auditing and assurance standards, the Auditing and Assurance Standards Board (AUASB), has released its first publication taking a close look at the issues auditors must examine when checking the integrity of data.
The publication comes at a time when cyber security issues, including threats to government departments, not for profits, and listed companies by cyber criminals, are the subject of repeated government warnings by authorities.
Release of the guidance on data integrity also comes as the international standard setter is modernising its own guidance for auditors but the Australian body has chosen to issue a publication that fills a gap while the international body responsible for setting audit and assurance standards finalises its revisions.
The board says technology has advanced to the point where audit and assurance rule makers need to provide clarity on how existing principles for the gathering of evidence should be applied.
“Being able to access and utilise client data, in some instances, is becoming fundamental to executing a quality audit and is being facilitated by technology which allows auditors to capture, store and analyse data in a more effective way,” the publication says.
“Where previously the process to collect the underlying accounting and other relevant client information for the audit was often very manual with information collected in paper form or packs provided via email or USB, the nature of how client data is being accessed by auditors has expanded well beyond what was initially envisioned in the auditing standards.”
Guidance has become necessary, according to the AUASB, because of the greater intensity of regulatory focus on the area of data integrity.
The AUASB issued a guidance publication earlier this year looking at what the auditor must do to assess the security of the information systems of a client for which they are conducting an audit.
That 14-page publication examined what auditors need to bear in mind when they are looking at the possible impact of fraud and financial crime if a company’s financial systems are compromised by bad actors from outside a company.
The issue of the publication on data integrity by the auditor’s rule making body happened in the same week that the Australian Cyber Security Centre issued a warning that scammers were impersonating the government body.
A statement from the ACSC says that the scammers are asking people to download remote access applications so that they can access a victim’s computer remotely.
“The scammer will then persuade the individual into revealing sensitive personal information by asking for copies of identity documents, or by suggesting the individual to log into their bank account,” the ACSC observes.