Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Three questions start-ups should ask themselves

Mary Ann De Leon, Associate Director, IT Consulting & Lai Kee Yin, Senior Manager, Internal Audit and Financial Advisory, Protiviti | Aug. 2, 2016
Discussions about integrated internal controls, compliance and risk culture need to happen up front rather than as a final step.

Consider also that some start-ups rush to get their systems into production, configuring or failing to configure certain features or functions which are irreversible and required later on in their growth. In addition, after changes in roles and responsibilities
of key departments or people, including corporate restructuring, take place, users may continue to have access to data and systems - and, more critically, the authority to approve transactions - which are not under the purview of their new roles and responsibilities. In such cases, the risk of fraud and override of internal controls is significantly increased.

Other factors may affect the level of control start-ups have as they continue to grow at a rapid pace. These include
the lack of dedicated resources and of specialised in-house knowledge of enterprise software, applications and databases, as well as poor blueprinting of future processes and a lack of accountability during implementation.

3. Is there a storm brewing with our cloud computing solution?

Businesses turn to cloud computing solutions for different reasons: to reduce capital expenditure, to optimise internal IT resources, to improve business continuity and redundancy, and to enable a more rapid deployment of new business services with greater flexibility and scalability, to name a few. Start-ups increasingly adopt cloud computing solutions so they can focus on their core business and not have to concern themselves about keeping up with technology changes.

Selecting a cloud service provider that proactively manages or addresses data privacy and security concerns prevalent with cloud computing services is crucial. Important considerations, such as the need for the service providers to conform to your organisation's policies on handling and encryption requirements of sensitive and confidential data in payment methods, gateways and platforms, must be addressed.

It's important to obtain answers to a number of significant questions about cloud service providers. How do they use customer data for their own activities, and what are the implications to data security and confidentiality? Does the service provider share customer data with third-party service providers? Does the service provider have oversight controls in place to ensure that the confidentiality of customer data is maintained? Does the service provider have adequate incident response procedures to handle exigencies effectively?

Cloud service providers can invest in far more advanced security technologies than what most organisations are able to for their own on-premise data centers. A security breach can be costly in terms of both costs and reputation. Companies should perform due diligence and risk assessments prior to engaging a cloud service provider and regularly throughout the contract period.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.