The Quaestor - Volume 14, Issue 3

You might be surprised by the answer – you don’t! There is really nothing that you have to actively do to be ready for an audit.

Auditing by its nature is historical – we review documentation for transactions and actions that have already occurred. By looking at the historical activity, we are able to evaluate the normal state of processes and procedures. And, from that review, we can provide feedback on the adequacy of the internal controls surrounding those processes.

So, the state to strive for is to always be ready for an audit. How would you do that, you ask? Well, as part of your normal course of operations, doing the following often equates to a positive outcome in terms of an audit:

• Establish and implement sound policies, procedures, and practices that are consistent with RIT policies and incorporate an appropriate level of oversight. DOCUMENT THESE!!
• Follow your established procedures as well as RIT policies, consistently. The expectation of all employees is that they will follow policy – if you don’t know the policy, find out – ask, before you act!
• Use good judgment in areas that might not be covered by policy – a.k.a. exercising common sense!
• Document, document, document- this is key! Let’s discuss this a bit further…….

In terms of transactional documentation, ensure that you have captured the “who,” “what,” “where,” “when,” and “why.”

The “why” often gives people the most challenges; this should clearly define the business purpose, in other words – how does RIT benefit from the transaction.

From a non-transactional perspective (e.g., strategic/operating decisions), it is important to document your thought processes on why you decided to take a specific approach (e.g., a cost/benefit analysis), who was involved with the decisions, what their input was on the decision, and the ultimate outcome. The goal is to ensure that down the road, if needed, your decisions will be explainable and that there will be sound documentation to support them.

Although it should be rare, exceptions to policy do occur. In these cases, it is imperative to ensure that the decision to deviate from policy is clearly documented and approved by the appropriate office and/or level of management. This documentation should include an explanation as to why the deviation was necessary.

Following these simple suggestions will help your audit go as smoothly as possible; however, regardless of whether or not you are ever audited, implementing these few tips will help you to strengthen your internal control environment! And, lastly, when it comes time to be audited, prepare to work together as a team. IACA’s motto is “Achieving Excellence Through Collaboration” - together we can establish a strong control environment and identify opportunities for continuous improvement!

iOS Mobile Security

Mobile device security is becoming increasingly important as more people store personal and confidential information on their phones. However, it is sometimes challenging to navigate different operating systems in order to set up strong security measures. This article introduces four simple ways to begin to protect your iPhone’s security.

Create a stronger passcode

The default setting on most iPhones is to use a six-digit PIN. This should be replaced with a strong alphanumeric code that has a mix of numbers, letters, and symbols.

To change your current passcode to something stronger, go into Settings > Touch ID and Passcode (or Face ID and Passcode), Passcode), scroll down and tap Change passcode. It will prompt you to enter your current pin and then ask you to enter your new passcode. Tap Passcode Options and select Custom Alphanumeric Code. Enter your new password.

Enable Automatic Updates

Any mobile device that isn’t updated can become a security risk. (They are computers that can be used as phones.) Updates regularly include fixes to poor security features in the device (or app) software. If those weaknesses aren’t updated, they may provide a way for malware to infect your device. Make sure that your iPhone is always up-to-date and secure by enabling automatic updates.

To enable automatic updates, go to Settings > General > Software Update. Scroll to the bottom and tap on Automatic Updates and toggle on.

Turn on Find My Phone

The built-in Find My Phone app gives you some control over your phone even if it is lost or stolen. If your phone goes missing, this app lets you lock it remotely and displays a message telling the finder how to return the phone. If you choose to enable Location Services, you will also be able to see a map of where your missing device is. If you believe your device has been stolen, the app even has the option to erase your phone. This would ensure the safety of any personal or confidential information you store on it. Overall, this powerful app makes sure that you have control of your device and personal information even when your phone goes missing.

To turn on Find My Phone, go to Settings > [your name] > Find My and toggle on.

To turn on Location Services, go to Settings > Privacy > Location Services. Toggle on, then scroll until you see Find iPhone. Make sure that Location Access is allowed “While Using the App.”

Turn on Two-Factor Authentication

Your Apple ID gives you access to many vital services both on your phone and online. Some of these services include: iTunes, App Store, iCloud (all your photos, notes, and information), and Find My Phone. This makes keeping your Apple ID secure crucial. To help ensure that you and you alone have access to your Apple ID and all the services that come along with it, turn on Two-Factor Authentication. This will send a verification code to your phone every time you – or someone else – attempts to log on to your Apple account from a new device. That way, if a cybercriminal steals your credentials and attempts to log on to your account, they will not be able to access your information without first acquiring the verification code sent only to your personal phone.

To enable Two-Factor Authentication on your iPhone, go to Settings > [your name] > Password & Security.

Enter your password, then tap Turn On Two-Factor Authentication.

Conclusion

These four simple methods set you on the path to better protect your iPhone and personal data from possible cybercriminals and thieves. There are many additional steps you can take to better protect your devices as well. Future steps you may consider taking to protect your information include setting up a Virtual Private Network (VPN), installing a mobile security app, or using a password vault. To learn more, visit the Mobile Device section of the RIT Information Security website.

Sources:
https://support.apple.com/en-us/HT210400
https://support.apple.com/en-us/HT207198
https://staysafeonline.org/stay-safe-online/securing-key-accounts-devic…
https://us.norton.com/internetsecurity-mobile-iphone-tips-for-ios12.html