It’s easy in theory. Companies – like the rest of us – must obey the law. Especially when it comes to checking their business processes and ensuring they’re always compliant with regulatory requirements. Yet various incidents have shown that it’s not always that easy, with examples including systematic corruption at Siemens or the diesel scandal at VW. One reason is that some firms have an ineffective compliance system, although the whole point of these systems is to prevent companies breaking the law in the first place. That’s why they need ways of controlling and monitoring their business processes.
Independent monitoring entity: internal audits
This is where the internal audit comes in. While compliance is broadly defined as companies obeying the law and adhering to regulations – and defining certain policies and codices itself – the role of the internal audit is to proactively check how effective the company’s compliance system and risk management processes really are.
However, the activity of this enterprise-wide monitoring entity isn’t limited to verifying the overarching control system. The internal audit also takes a close look at operational processes, such as when a particular project’s evolution is getting business-critical or when staff turnover is very high. Its goal is to help minimise business risks while optimising business processes and contributing to an increase in the company’s efficiency and effectiveness.
As it’s independent, objective and has no powers to issue directives, it can verify risky internal processes with a predefined verification plan. The results are then used as input for a verification report. The auditors use these reports to support the company management’s control activities.
The internal audit team also communicates with the company board, given that the audit is a valuable source of information. For the last few years, Germany’s Stock Corporation Act (Aktiengesetz) has even given the supervisory board the power to monitor the internal audit system (§107 AktG), but without encroaching on the company management’s authority. Austrian law (§92 AktG) also allows the board’s audit committee to monitor the internal audit system. And in Switzerland, frequent contact between the internal audit team and the board or audit committee is even more common than in Germany and Austria.
Wanted: confidentiality for audit results
Handling sensitive information is part of the internal audit team’s everyday work. And when they’re investigating wrong decisions or misappropriation of company funds, explosive information can come to light that needs special protection. Against this backdrop, the audit results must remain strictly confidential. That’s why it’s better not to print them out in paper form and send them by post or even email. The information flow in these cases can’t be controlled and the data integrity is violated. In the worst case, the data could fall into the media’s hands and cause the company both image and financial losses.
Instead, companies would be well advised to use digital data storage solutions such as the Brainloop CollaborationRoom. All the audit results are stored in a highly secure cloud-based dataroom and are accessible any time via a web browser. The ability to access and work on documents is only granted to people authorised to do so, thanks to the solution’s dedicated role and permissions system. In addition, Brainloop adds smart attributes to all the audit documents. For example, they can ensure that audit reports are exclusively available in read-only mode and that users can’t download, print or forward them. A watermark in the PDF files gives them additional protection against misuse. When the team wants to share the results with the company’s management or board, they simply send them links to the documents in the dataroom. That way, the information never has to leave its secure environment. As well as being easy to use, the solution provides complete protection and absolute confidentiality for all the audit results.
Looking for a solution that ensures your audit results stay confidential? Then get in touch with us or ask for a demo now.
Collaboration, Information Security