Academic journal article Journal of Accountancy

Securing Remote Devices: Remote-Access Technologies - Such as Smartphones, Tablets, Laptops and At-Home Desktops - and Automated Processes Have Made the CPA's Job More Efficient and Convenient but Also Have Created More Opportunities for Fraud and Theft. These Control Procedures Can Help Mitigate the Risks

Academic journal article Journal of Accountancy

Securing Remote Devices: Remote-Access Technologies - Such as Smartphones, Tablets, Laptops and At-Home Desktops - and Automated Processes Have Made the CPA's Job More Efficient and Convenient but Also Have Created More Opportunities for Fraud and Theft. These Control Procedures Can Help Mitigate the Risks

Article excerpt

* Don't trust too much in virtual private networks (VPNs). VPNs provide a secure connection into an organization's firewall and encrypt communications. However, mobile devices, including laptops, are carried out in public, making them vulnerable to physical access by hackers, who could infiltrate the organization's network via the mobile devices' VPNs. VPN-connected desktops at remote locations always should be inside the firewall and isolated from networks outside the firewall. Otherwise, for example, family members surfing the Web could bring an infection into your home-based work desktop and, thus, your organization's network.

* Require personal identification numbers (PINs) or swipe codes on all mobile technologies. Enforce this policy through Active Directory or Lightweight Directory Access Protocol (LDAP), which is an Internet protocol that email and other programs use to look up information from a server. The iPad, iPhone and Android devices all support Active Directory and LDAP.

* Have an auditor, owner or senior manager review audit trail reports periodically. Download and inspect audit logs from remote devices. In some cases, this can be done automatically, but most organizations aren't doing it at all, leaving a big hole in internal controls. Evaluate transactions to make sure that anyone who has signed off on them has the authority to do so. Scour the time and date logs for irregularities.

* Require an owner or senior manager to review detective reports periodically. Among the reports that should be examined are credit-memo, inventory-adjustment, new customer, new vendor and change-of-address reports.

Consider restricting remote devices from creating or making changes to these records. Access to these reports from remote devices could make it too easy for fraudsters to make changes that are not inspected. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.