COVID-19 Raises Serious Security Risks For Your Client’s Data

With the recent changes to independence rules effectively banning the work of in-house auditors where the accounting firm prepares the accounts, many firms are looking at their options. While all SMSF audits need to be reviewed and signed in Australia, not all firms undertake the work in Australia. Some firms outsource their work to India, China, Vietnam and the Philippines to undertake the bulk of the work using lower-paid foreign workers and sign off their work in Australia. Sounds like a good business model to lower costs but this raises several data security issues. SMSFs hold a significant amount of confidential data.

In the past, overseas businesses reduced the risk of data theft by ensuring workers were kept in large rooms without access to the internet nor mobile phones, so they can only work on files provided. However, this all changed with COVID-19.  Businesses were forced to allow workers to work from home, increasing the risk of data being compromised. A requirement of the Australian Auditing Standards is to evaluate the control environment where work is outsourced, with borders closed its impossible to undertake physical site visits.

The fraud triangle and COVID-19

The fraud triangle is a common framework used in Auditing to explain the motivation behind an individual’s decision to commit fraud. The fraud triangle outlines three components that contribute to increasing the risk of fraud: 1. Opportunity, 2. Incentive, 3. Rationalisation.  With COVID-19, there is a weakening of controls increasing the opportunity.  Staff and their families may have suffered a reduction of hours or income because of the pandemic, increasing the incentive risk. With the chaos that COVID-19 has caused in the world, there would also be an increased rationalisation risk.

What do I need to ask myself if I do outsource?

  • Are you aware of all the places that your/your clients’ confidential or critical data resides?
  • Do you have a level of comfort in relation to your/your clients’ data security given previously relied on security or privacy statements may have changed?
  • Does your administrator/auditor have any control framework in place to make sure third-party service providers handle data with care and quickly report/escalate any data breaches to you so that they can be handled appropriately?
  • Have circumstances materially changed for your administrator/auditor? For example, where work was done in one country is now done by another firm in another country. If yes, full disclosure should be provided.

What do SMSF Trustees want?

A 2017 survey prepared by Superfund Wholesale found that of 560 SMSF trustees surveyed, 95% said they would reconsider the services offered if they were advised their personal financial information would be sent offshore, while 84% were very likely to switch accountants or advisors. These stated they would forego any fee discounts to keep their personal data in Australia. 

For the record, all auditing work undertaken by Partners Wealth Group Audit is 100% completed in Australia at the Partners Wealth Group Melbourne head office by our audit employees. All data is kept in Tier 1 hosting providers residing in Australia.

Partners Wealth Group Audit has been busy preparing for the upcoming busy season and currently have a strong team of dedicated auditors including three ASIC registered auditors, to ensure our commitment to a 10-working day turnaround to either complete the audit or raise our audit queries.

If you would like to discuss your current Audit solution, please contact Alex Swansson on 0430 006 982 or at aswansson@pwg.com.au.

Happy auditing.