Like many small businesses, we use an online bill pay service, which integrates with our accounting package. While reconciling our checking account, I recently discovered that there were several duplicate payments which had been debited from our account. After calling the bill pay service, who transferred me to our accounting package’s support team, who wanted to transfer me to our bill pay service, I gave up trying to get them to own the problem.
But that doesn’t fix the issue. The danger here is that by giving this firm access to our business checking account, the only control we have in place is to periodically audit the books (in the form of a monthly checkbook reconciliation) to catch errors and respond to them promptly. Unfortunately this is only reactive, not proactive, but it is better than no controls at all.
The same holds true for any services which you outsource. Are you having the work performed by your IT team, whether in-house or outsourced, periodically audited? If not, why not? We commonly hear from small businesses that they do not audit because they are not required to by law. That’s understandable, until you weigh the cost of a data loss that may result from mistakes that are not being caught. No matter how good your IT provider is, their work should be reviewed by an independent third party.
When was the last time your IT system system was audited? Want an objective review of your systems now? Contact us for a free evaluation and see how your system would stand up against a real threat to your business.