IGAF Home Page
.
IGAF Worldwide Home Member Login Contact Us Site Map
  Events Calendar
  IGAF News
> Member News
quick find

Becoming a Member

Events Calendar

Member Directory

Annual Report
Search
Site Map | Contact Us
NEWS & EVENTS >> MEMBER NEWS

More Stolen Laptops; Tidwell DeWitt Says Breach of Data Security Can Be Avoided With Special SAS 70 Audit


FOR IMMEDIATE RELEASE


ATLANTA, GA--(BUSINESS WIRE)--June 27, 2006--Recent breaches of data security that have resulted in hundreds of thousands of files of personal information falling into the hands of data thieves on stolen laptops could have been prevented with better internal controls that are part of a special risk analysis called a SAS 70 audit.

"With the right internal controls tested and verified under a rigorous SAS 70 audit, personal data stolen on those laptops would have never been authorized to be downloaded onto laptops in the first place," said A. Mitchell Poole Jr., Atlanta Managing Partner of Tidwell DeWitt, a leading accounting and business advisory firm that has a specialty in the Statement of Auditing Standards No. 70 (SAS 70). "A good internal control environment includes IT due diligence, periodic review, user control applications and other rigorous checks at various levels that are part of the standard SAS 70 process."

Poole said in a rigorous SAS 70 environment, the IT team periodically conducts user appropriateness tests of employee laptops and hard drives to assess the risk of information theft by outsiders. The SAS 70 is an auditing tool that outsourced financial service providers use to demonstrate to their clients the integrity of their processes.

Tidwell DeWitt's SAS 70 "swat teams" can come into a firm that warehouses personal data for its clients and customers - or for a third party - and determine quickly what information may be in jeopardy of compromise.

Laptops stolen this year from large financial services firms, the U.S. Veterans Administration and the Department of Energy contained private, personal information - including Social Security numbers - on hundreds of thousands of individuals.

Such crimes can be avoided, Poole said, if government agencies, private and public firms that house personal data will undergo a SAS 70 audit. "One of the user appropriateness control objectives within the IT environment in a SAS 70 audit would have identified the potential for these security breaches. Something failed," said Poole.

The SAS 70 was first developed by the American Institute of Certified Public Accountants in 1992. Following implementation of the Sarbanes Oxley Act in 2002, SAS 70 audit reports became essential to full compliance with the act's external service control requirements, Poole said.

Tidwell DeWitt (www.tidwelldewitt.com), with offices in Atlanta and Birmingham, is one of the fastest growing regional accounting and business advisory firms in the Southeast.

<< Return to MEMBER NEWS

 

Home | About | Members | Services | News & Events
Member Login | Lawyers Cooperation | Contact Us | Site Map | Privacy

Copyright © 2006 IGAF Worldwide. All Rights Reserved.