Authenticated Record of What You See When You See It
How should an auditor record his observations as he inspects evidence online?
A multinational auditor in Hong Kong, BDO Limited, needed to inspect the online bank account of a publicly-held Chinese company China-Biotics Inc. (which is traded in the US). The auditor needed to confirm how much cash the company possessed. But when the auditor used a web browser to access the online bank account identified by the company, the auditor became suspicious that the bank web page was fake! Michael Rapoport, “Auditors Sharpen Queries In China,” Wall Street Journal, June 29, 2011.
The auditor resigned on grounds that: “In connection with BDO’s review of the Company’s bank account through the Company’s e-banking system using the Company’s computer, BDO was directed by the Company to access a suspected fake website for the bank.”
Audit Evidence is Now Online
The evidence an auditor must examine is, increasingly, online.* The evidence, such as a web page, could show one thing now and something different an hour later. Auditors need more credible methods for capturing and authenticating what they see. Sure, they can make screenshots, but screenshots are cumbersome and don't capture the full interaction of the web.
The following video demonstrates an alternative. It shows how an auditor can capture a real-time screencast of his observations as he inspects web pages, mobile apps or e-banking accounts. It allows the auditor to bind his observations with simultaneous, eyewitness testimony as to the steps he was taking and his interpretation of what he was witnessing.
Notice the auditor legally signs the final video record (like an affidavit) so that it is authenticated for future use, even if the auditor himself is not available later to vouch for the record. See details.
Mr. Wright teaches the law of data security and investigations at the SANS Institute.
Sometimes online evidence is considered OSINT (open source intelligence).