While I was reading these two articles, I was thinking that more in depth IT audits could definitely help companies that are in industries that are being targeted by cyber-spying and cyber-theft. The tradition IT audit just focuses on internal controls that are put in place the keep the company’s employees from accessing information and doing things they aren’t authorized to do. I feel that IT audits should begin to really focus on the measures put in place to keep outsiders from hacking into the computer systems. An unnamed oil company in the Popular Mechanics article, was victim to hacks and was later outbid for several acquisitions by Chinese oil companies by just a few thousand dollars. The investigation by the government found that the most common motive for hacking corporations was to steal technology. This is going to lead to U.S companies losing billions of dollars of revenue and decreasing economic growth in the U.S. If more rigorous standards are enforced during IT audits, some of the cyber-theft could be prevented, potentially saving the company millions of dollars.
While it is the government’s job to do everything they can to get China to stop committing acts of cybercrime, it is the responsibility of the corporations to do everything in their power to prevent an attack or alert the company that their networks have been breached. Many of the hacks into corporations went undiscovered for months. I feel that a more rigorous and expanded IT audit could help in both of these areas. A more in depth IT audit would help ensure that a company has put in place necessary and adequate prevention and alert measures. Although increasing the scope of an IT audit would increase the costs of the engagement, the benefit definitely outweighs the cost of losing billions of dollars in revenue and technology to foreign competitors. Do you agree?