«
»

Auditor examine thyself!

Having a bit of familiarity with auditing, I’ve always been amazed at the risk that giving data to an auditor presents to a company, and that no auditor ever has that listed in the audit findings. The security controls in most audit shops are horrible. Many (if not most) audit firms send sensitive information to and from client sites via email on the open Internet (something that would almost certainly be an audit finding if the client did this themselves)…

Deloitte & Touche Auditor loses McAfee employee data.

Ernst & Young fails to disclose high-profile data loss.

The only reason these are getting so much press is that they involve personal data loss by audit firms. Businesses out there would be amazed at how carelessly their sensitive data is treated by auditors…

Kind of a “who watches the watchers” scenario, but don’t get me started on the hypocrisy in the auditing biz…

This entry was posted on Monday, February 27th, 2006 at 12:29 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Line and paragraph breaks automatic.
XHTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Comments Protected by WP-SpamShield Spam Filter