Security Risk Management in Auditing Processes

Abstract

Financial auditing processes manage a wealth of confidential data from various stakeholders, making it imperative to ensure the security of this information to prevent unauthorised access, leaks, or misuse that may result in severe consequences for both the auditing organisation and its clients. Centralised systems, traditionally employed in these processes, are susceptible to various security risks, including unauthorised access, data misuse, and privacy breaches. This thesis examines traditional, centralised tools and blockchain technology in the context of security risk management for audit processes. The analysis of the traditional, centralised approach focuses on identifying valuable business assets and applying security risk-oriented patterns to identify security risks and derive security requirements. Possible solutions to mitigate the security risks identified in the centralised design are also discussed. Blockchain technology, a decentralised and transparent system, offers potential benefits in enhancing the security of financial auditing processes. However, its limitations, such as confidentiality and scalability, necessitate exploring permissioned blockchains as a viable solution for securing sensitive audit information. Therefore, this study investigates the R3 Corda platform, a permissioned blockchain, as a potential solution for managing security risks in audit processes. This research shows that implementing the R3 Corda platform in the financial auditing process, specifically for receiving information and documents from clients, can offer valuable insights into the impact of blockchain technology on security risks. The analysis reveals that the Corda platform provides enhanced data integrity, traceability, and availability compared to traditional centralised systems, while also addressing the confidentiality requirements of sensitive audit information. This thesis demonstrates that the implementation of the Corda platform in the auditing process results in improved security measures and risk mitigation. Furthermore, comparing centralised and blockchain-based countermeasures provides a deeper understanding of suitable approaches for securing audit information. The findings contribute to the ongoing discourse around the practical implementation of blockchain technology in financial auditing processes and security risk management. This knowledge can help stakeholders make informed decisions when considering implementing blockchain technology in the context of financial auditing and security risk management, offering a secure and reliable alternative to traditional centralised systems.