Thursday, October 7, 2010

CardSystems Solutions Hack 2005 - Legal Suit Targetting Auditor

The topic sounds to be shocking, but if you read the article "In Legal First, Data-Breach Suit Targets Auditor" you would be surprised to know the proceedings that led to the Legal Suit. 

It will be really interesting to note the developments from here on as the Auditor may contest that the report was good for "As on Date" of Report and they are not liable for any subsequent breach as they are not keeping an eye on how the organization dealt with the information post the Audit Completion.


But does the role of Auditor end with the submission of report, specifically when the identified organization fails a previous Audit for storing sensitive data in an unprotected manner or in a manner that is not as per the specifications?  

Should not the Auditor go back at the records of previous Audit and identify the reasons that might have led to the failure in complying to the requirement?


Isn't the Auditor supposed to maintain the integrity of Audit Process and NOT overlook serious issue that were being reported for a period of 5 years preceding the Audit?


There are lot of questions that create a eye of suspicion on the role of Auditors.  Many a times the Auditors tend to turn a blind eye towards certain issues that are present due to organizational work culture.  They don't tend to highlight the issues for the reason that they feel they are not responsible for that.


We had earlier seen a law emanating out from the hi-profile case of Enron and Arthur Anderson, where both the companies disappeared from the Market.  As if that was not enough a lesson to be learnt by the Auditors that we often get to know of similar cases, though not of that profile.


Would that mean we will soon see another law stemming out, something that would Regulate and Govern the Audit Scenario?  Should not the Auditors tighten their belts to ensure that the Audits and the Audit Reports are fair and square, resulting in what they are actually supposed to result in, rather than twisting the results one way or other?

It is quite interesting that the Noble Profession of Auditors is fast becoming Commercialized, and at this pace, i would not be surprised to see a License Regime enforced for the Auditors on same line as the Lawyers and Formation of a Regulatory Body Like Auditor's Council to Govern Auditors'.

No comments: