Assessment & Audit
In our digital-first world, organizations’ websites, both internal and external, become the face and nucleus of the organization. It is critical that these sites be assessed regularly to ensure security, stability, accessibility and compliance. Over 80% of Fortune 500 companies use Microsoft Office 365 and SharePoint for workforce collaboration, content management, and critical business applications. Yet few understand how it is deployed or make regular assessment of their environment part of their audit plan.
Web Accessibility is identifying and addressing accessibility gaps so that your websites, both internal and external, are accessible to all people, including those with disabilities such as vision impairments, mobility impairments or hearing impairments. In 2017, more than 800 lawsuits were filed against companies nationwide whose websites violated the Americans with Disabilities Act (ADA). Most companies aren’t pro-active about accessibility, yet the cost of testing and remediation is far less than the potential legal ramifications.
With Protiviti’s Web Accessibility Audit, our skilled user experience professionals apply advanced principles to the observed structure, accessibility and operation of your website.
Governance & Security
Clients store sensitive data but do not secure it. At least 36% of surveyed users are breaching security policies and gaining information to sensitive, confidential information that they are not entitled to access. And, 79% of those surveyed said their organizations stored sensitive data in an environment, but only 18 percent said they prevented access through the use of technical controls.
Clients are using Microsoft Office 365 and SharePoint as a business application and therefore, it should be assessed as part of an Internal Audit program as such. With the increasing flexibility and extensibility of the platform, business users are creating applications to support business functions. Without proper Governance and Security plans in place, many of these systems are created without the awareness of IT or Audit. Examples of recent client discoveries include:
- Employee On-boarding and Off-boarding: Processes that manage user permission changes, thus granting and removing access.
- Vendor Management: Solutions that manage the entire vendor management lifecycle. This includes the vendor identification, risk assessment, contracting, and payment activities.
- Change Requests: Applications that manage changes to the firewall, ERP, and other critical systems.
- Incident Management: Systems that track operational activity that may introduce a compliance risk