Data security risks
Posted 27 May 16 by Ken Weldin
With the continued reduction of barriers and overhead costs surrounding the outsourcing of business processes and functions, our approach to managing the associated risks facing governance must evolve to meet the changing business environment. Particularly from an SME governance perspective, it is imperative that the risk management processes remains one step ahead of the new opportunities faced by Australian businesses.
Data Security Risk
Risks regarding data security can arise from a range of outsourced relationships; including external or cloud-based data back-ups, payroll service providers and external accounts payable or accounts receivable functions. These types of processes often require confidential information which can be sensitive to the business itself, as well as internal and external stakeholders.
It is typical that as well as outsourcing the administrative resources required to perform business functions, that the responsibility for maintaining appropriate internal controls to minimise risk exposure are also entrusted to a third party. The Victorian Government’s Key advice update No. 1 clearly states that “a service can be outsourced, but the risk and responsibilities cannot”. Management should ensure that an appropriate level of consideration is given to the integrity of external service providers who manage confidential information on an ongoing basis.
On the contrary, an improved level of security and segregation of duties can be achieved through the utilisation of specialised service providers. The engagement of an outsourced party that deals with these controls as part of their core business structure can take advantage of expertise that is not always readily available to SMEs.
While the prospect of reduced overhead costs through the outsourcing of administrative, and other labour-intensive activities can be appealing to SMEs, it is the role of governance to ensure that their policies and procedures prepare their business for the road ahead.
If you have any questions regarding how to manage outsourcing risk from a governance perspective please do not hesitate to contact Charles McKee or Ken Weldi at PKF on 03 9679 2222.