What happens when an internal audit uncovers explosive information

By Mag. Helmut Pöllinger on 01. April 2019

Interne-Revision_750x250

It’s easy in theory. Companies – like the rest of us – must obey the law. Especially when it comes to checking their business processes and ensuring they’re always compliant with regulatory requirements. Yet various incidents have shown that it’s not always that easy, with examples including systematic corruption at Siemens or the diesel scandal at VW. One reason is that some firms have an ineffective compliance system, although the whole point of these systems is to prevent companies breaking the law in the first place. That’s why they need ways of controlling and monitoring their business processes.

Independent monitoring entity: internal audits

This is where the internal audit comes in. While compliance is broadly defined as companies obeying the law and adhering to regulations – and defining certain policies and codices itself – the role of the internal audit is to proactively check how effective the company’s compliance system and risk management processes really are.

However, the activity of this enterprise-wide monitoring entity isn’t limited to verifying the overarching control system. The internal audit also takes a close look at operational processes, such as when a particular project’s evolution is getting business-critical or when staff turnover is very high. Its goal is to help minimise business risks while optimising business processes and contributing to an increase in the company’s efficiency and effectiveness.

As it’s independent, objective and has no powers to issue directives, it can verify risky internal processes with a predefined verification plan. The results are then used as input for a verification report. The auditors use these reports to support the company management’s control activities.

The internal audit team also communicates with the company board, given that the audit is a valuable source of information. For the last few years, Germany’s Stock Corporation Act (Aktiengesetz) has even given the supervisory board the power to monitor the internal audit system (§107 AktG), but without encroaching on the company management’s authority. Austrian law (§92 AktG) also allows the board’s audit committee to monitor the internal audit system. And in Switzerland, frequent contact between the internal audit team and the board or audit committee is even more common than in Germany and Austria.

Wanted: confidentiality for audit results

Handling sensitive information is part of the internal audit team’s everyday work. And when they’re investigating wrong decisions or misappropriation of company funds, explosive information can come to light that needs special protection. Against this backdrop, the audit results must remain strictly confidential. That’s why it’s better not to print them out in paper form and send them by post or even email. The information flow in these cases can’t be controlled and the data integrity is violated. In the worst case, the data could fall into the media’s hands and cause the company both image and financial losses.

Instead, companies would be well advised to use digital data storage solutions such as the Brainloop CollaborationRoom. All the audit results are stored in a highly secure cloud-based dataroom and are accessible any time via a web browser. The ability to access and work on documents is only granted to people authorised to do so, thanks to the solution’s dedicated role and permissions system. In addition, Brainloop adds smart attributes to all the audit documents. For example, they can ensure that audit reports are exclusively available in read-only mode and that users can’t download, print or forward them. A watermark in the PDF files gives them additional protection against misuse. When the team wants to share the results with the company’s management or board, they simply send them links to the documents in the dataroom. That way, the information never has to leave its secure environment. As well as being easy to use, the solution provides complete protection and absolute confidentiality for all the audit results.

Looking for a solution that ensures your audit results stay confidential? Then get in touch with us or ask for a demo now.

Request Demo

Collaboration, Secure Collaboration, Information Security

This could also be of interest:

On cloud 9? How we see data storage today

On cloud 9? How we see data storage today

Read more
The key ingredients in secure collaboration software

The key ingredients in secure collaboration software

Read more
Family office: efficient and secure wealth management

Family office: efficient and secure wealth management

Read more