For this month’ service line highlight we talked with Muhammad Ayoob our senior Manager in the Queensland Audit division about audit, data and cyber security. In his long career, Muhammad has worked on a diverse range of audit clients including listed companies, foreign controlled entities, local government, private companies and self-managed superannuation funds. His expertise has expanded beyond the accounting sphere in recent years to also include information systems audit and cyber security.

1. What do you do that benefits mid-sized clients?

We offer a fresh set of eyes on a client’s financial management systems and the information recorded and reported while highlighting business improvement opportunities along the way.

Whether we are formally acting as external auditors by providing an independent report on whether a client’s financial statements are true and fair, or working alongside a client to analyse and improve how certain areas of the business are operating, we offer many benefits to the organisations we work with.

These include a fresh perspective on how a business is run and operated, providing insight on inefficient or ineffective business practices, mistakes or even fraud or providing stakeholders with independently certified financial statements to better inform their decision making when it comes to their business.

2. Data mining is certainly a big topic at the moment, could you explain what this is and how it can help small to mid-sized businesses?

Data mining or data analytic techniques allow us to analyse data in search of patterns and relationships between variables. Such procedures can unearth hidden and useful knowledge for decision making. In addition, these procedures are often used to identify instances of fraud.

With technology rapidly changing the way business is conducted it is very hard for a business manager or owner to stay on top of every business transaction. The key advantage of data analytics is that one can draw conclusions on reviewing an entire population of information using software rather than manually reviewing individual transactions.

3. Still on the topic of data, could you explain what cyber security is and how it affects business?

Cyber-security is all about protecting digital assets and has become a hot topic in recent times following some high-profile cyber-attacks with major economic and reputational ramifications on businesses.

The introduction of the mandatory data breach notification scheme in Australia has highlighted the importance of data protection by businesses for which breaches may result in serious penalties.

Cyber-crime may involve stealing data or having this held hostage, in attempts of receiving a payout. Not only can this be an immediate financial hit, but damage to your company’s reputation and brand name may be far more severe in the long run. Intellectual property such as ideas, marketing strategies or business plans can be exposed to your competitors costing your business a lot of hard work and may be impossible to repair.

4. Do you have any tips for business owners to protect their companies’ data?

It’s much easier to enter a well-guarded castle through the front door someone if has inadvertently left open, than it is to break in yourself. It is no different with cyber-attacks and this is the approach a typical hacker will take. If often involves the use of social engineering in conjunction with phishing emails to target the workforce, which is the greatest point of vulnerability.

An astounding 9 out of 10 cyber-attacks begin with a phishing email. These are designed to look legitimate by mimicking the format used by the actual organisation or person that the hacker is pretending to represent. The email could have a link to a fake website asking the person to enter personal information or even prompt the person to download a piece of malicious software. This provides the hacker with the information they need to exploit a person’s identity and compromise their personal and work network and data.

Cyber-security awareness is very important and the lack of formal education and training for our workers in relation to this leaves our organisations more vulnerable to cyber-attacks. Our employees should be empowered through cyber-security awareness programs to ensure they are our first line of defence.