Over 80 percent of Fortune 500 companies use SharePoint for workforce collaboration, content management, and critical business applications. Yet few understand how it is deployed or make regular assessment of their SharePoint environment part of their audit plan. Clients store sensitive data in SharePoint but do not secure it. At least 36 percent of surveyed SharePoint users are breaching security policies and gaining information to sensitive, confidential information that they are not entitled to access. And, 79 percent of those surveyed said their organisations stored sensitive data in a SharePoint environment, but only 18 percent said they prevented access through the use of technical controls.
Clients are using SharePoint as a business application and therefore, it should be assessed as part of an Internal Audit programme as such. With the increasing flexibility and extensibility of the platform, business users are creating SharePoint-based applications to support business functions. Without proper Governance and Security plans in place, many of these systems are created without the awareness of IT or Audit. Examples of recent client discoveries include: