Don’t Risk Your Reputation: The Importance of IT Audits in the Banking & Financial Sector
Failure to perform an audit of all data bearing devices within your organisation can lead to theft, potential data breaches and reputational loss.
‘Do you know how many data-carrying devices exist in your organisation?’
This sounds like one of the most basic questions that an auditor can ask an IT department in any bank around the world and such a request should be answered pretty quickly, and confidently. Yet as technology changes and new devices come on stream, it’s becoming increasingly difficult – and increasingly important – to professionally and competently track all IT assets.
When it comes to securing your information systems, tracking IT assets is an important part of compliance auditing, the process where independent auditors provide objective assurance that a bank’s risk management, governance, and internal control processes are operating effectively.
The Internet of Things (IoT), Software as a Service (SaaS) and Remote working
With the introduction of IoT, the existence of SaaS and the ever-increasing remote working environment, comes the increasing risk of stolen or lost devices and interception of sensitive information. As portable devices such as company laptops, tablets and handheld digital devices are constantly between the office, home and client site, the risk of theft increases and failing to have a reconciliation of devices, their users and potential information carried on the device through an in depth IT Audit, creates exposure to a private information leak and a breach of GDPR.
And for many banks with a global presence, this presents a fundamental challenge: what holds data, and where are the devices?
Physical versus Virtual Audits
When it comes to auditing, IT managers tend to use network crawlers but monitoring various networks in search of devices is not lifecycle management.
Lifecycle management can be defined as follows:
At the point of commission is the precise time an IT Audit should be conducted, reducing the level of effort required to do so later in the lifecycle.
As assets reach End of Life (EOL) it becomes a matter of maximising residual value. By completing an IT audit early in the lifecycle, it not only helps mitigate data breaches and asset control but also makes the process of retiring IT equipment a smooth transition at the optimum time.
The benefits of a physical audit for IT devices in the banking and financial sector are many, such as:
- Reducing theft: If physical audits take place the time taken to realise this theft can be significantly reduced. This not only minimizes the cost of replacing stolen items, it prevents corporate assets ending up for sale and subsequent data breaches.
- Reducing maintenance costs: Checking the physical state of your IT assets allows you to pre-empt any possible breakdowns, thereby preventing costly downtime.
- Software licensing: Reduce the cost of software licensing by only licensing devices that are physically in use.
- Asset Value Recovery: By tracking IT assets throughout the product lifecycle, it enables managers to retire IT equipment at the optimum time in order to maximise residual value.
The damage of an information security failure is both costly in the short-term – when the company attempts to fix the immediate problem – but also in the long-term when customers lose faith and take their business elsewhere.
The cyberattack on the telecoms company TalkTalk in 2015 resulted in a sunk cost of £77 million, with 300,000 customers leaving the firm for another provider.
A survey by Gemalto backs this customers exodus up: of 10,000 individuals questioned, 70% said they would stop doing business with a company that had experienced a data breach.
Auditing your IT Asset Disposition (ITAD) Provider
The key to a physical audit of your IT assets, is your IT Asset Disposition provider, and in particular, choosing the right one for your company’s needs.
It’s vital that your ITAD provider has the global capability to perform a physical audit in all of your locations, regardless of where they are.
Also, the reports which your provider generates should be reconcilable to your fixed asset registers, engineering and accounting system logs.
While IT has allowed the banking and financial sector to evolve in ways unimaginable a generation ago, it has only done so by a huge investment in information security. By performing a physical audit on your IT equipment, you can ensure that your bank protects its customer’s data, corporate reputation, and ultimately, it’s financial future.