Thanks to the folks at eRider for this reminder on the role that IT plays in governance and financial accountability. Auditors watching how organisations manage IT risks.

As It systems become critical to daily operations, they also become critical to the survivability of any organisation that comes to depend on them, not just on a daily basis, but on much broader time scales.

Computer systems will increasingly be the subject attention during an organisation's annual audit . Changes in the way auditors do their work means all systems with[in] an organisation are subject to some level of scrutiny. Lindsay, our roving IT professional, heard from a few organisations he visited recently that auditors had been asking about back-up and data security.

An approach to the Institute of Chartered Accountants helped to explain this trend. Kerry Price, Grant Thornton Audit Partner, and member of the Not for Profit Sector Advisory Committee set things straight:

An auditor has always had the obligation under professional standards to at least document the clients systems and processes and this includes IT systems. Data integrity is crucial to most organisations where total loss could possibly result in the failure of the organisation to continue altogether.

An auditor is asserting confidence to the public that an organisation is a going concern beyond the date of the audit report so anything placing that assertion at risk is of concern to the auditor.

This scope of enquiry and level of understanding of a clients systems, processes and internal controls has significantly increased in the last 1-2 years as the auditors professional standards (previously a NZ set of standards) are being phased into International Auditing Standards. You can expect these sorts of enquiries to only increase in future.

The Wellington e-rider IT service is available to give you advice on the robustness of your systems, and recommend options to address any shortcomings.

At 2020 trust we are going through an exercise right now in shifting and updating our IT systems and we are going right back to our chart of accounts to make sure that it is properly accounted for and is reporting what we need to make good decisions.

Among the changes are updating our file server for file backups but also considering a "Cloud" based service for automatic backup from staff machines to have the data in at least 3 places at any one time.

We are also interested to see if we can extend the eRider tech support to NFP's around the country. I'd be interested to hear more from you on how you manage that for your organisation.

How is you IT handled by your auditors and, more to the point, how do you handle the data security and reporting issues? Comments open as usual.

Welcome back to Groupings blog. Now that you are a regular, please feel free to comment on any story that you feel comfortable with.