|
|
Modern technologies have changed the way we communicate and collaborate with
each other over the last five years (2007 - 2012) much more
than it had done so over the previous twenty years (1987-2007)
and even more than the previous 110 years (1877-1987). New ways
to collaborate that became available over the last several years include: social
networking, tele-presence, virtual group meetings, instant sharing of text,
video and audio, as well as virtual content creation. New information
technologies pushed the boundaries of what seemed to be impossible in the last
century allowing real-time collaboration of people from remote locations.
|
|
Companies that offer certification, registration, and consulting services
increasingly prefer virtual sessions over in-person visits. These technologies
open a world of new possibilities for organizations but also introduce a number
of challenges.
|
|
Risk-based audits have been established in different areas including
accounting and finance for quite a long time. The concept of risk-based audits
was introduced to the area of management system auditing by the standard ISO
19011:2011 Guidelines for Auditing Management Systems. The standard recognizes
that organizations need to focus auditing efforts on matters of significance to
the management system. Risk management process, as defined by the International
Standard ISO 31000:2009 Risk management Risk management — Principles and
Guidelines, includes such elements as risk evaluation and analysis. These
principles can be incorporated into the auditing process and help prioritize
conclusions and results based on strategic goals. The ISO 19011:2011 standard
also suggests how the risk management approach can be adapted to the auditing
process to evaluate the risk of the process not achieving its objectives and the
risk to the potential of interfering with the audited activities and processes.
|
|
The complexity of maintaining confidentiality is constantly increasing with the development of new
information technologies. What information should and should not be shared via
emails and messages? What levels of information security are provided by
different types of software applications for screen sharing and virtual
sessions? How to ensure the security of information when large files are shared
over the internet? What information security risks are assessed and controlled
prior to the beginning of an audit or a consulting engagement? Every new
technology that becomes available raises a new set of security questions that
should be addressed by both parties, auditors or consultants and their clients.
ISO 19011:2011 states that “auditors should exercise discretion in the use and
protection of information acquired in the course of their duties”. Since the
information from the client is mostly acquired in an electronic form through the
use of information technologies, it prompts auditors and consultants to become
technically savvy with proper handling this information.
|
Natalia Scriabina is Centauri Business Group, Inc.
Managing Director responsible for overseeing the portfolio of training courses
and strategic partnerships. |