Over 80% of Fortune 500 companies use SharePoint for workforce collaboration, content management, and critical business applications. Yet few understand how it is deployed or make regular assessment of their SharePoint environment part of their audit plan. Clients store sensitive data in SharePoint but do not secure it. At least 36% of surveyed SharePoint users are breaching security policies and gaining information to sensitive, confidential information that they are not entitled to access. And, 79% of those surveyed said their organizations stored sensitive data in a SharePoint environment, but only 18 percent said they prevented access through the use of technical controls.
Clients are using SharePoint as a business application and therefore, it should be assessed as part of an Internal Audit program as such. With the increasing flexibility and extensibility of the platform, business users are creating SharePoint-based applications to support business functions. Without proper Governance and Security plans in place, many of these systems are created without the awareness of IT or Audit. Examples of recent client discoveries include: