As technology continues to develop, with this the regulatory environment evolves to meet the changing risks. For example, the new European Data Protection Regulations comes into force soon, with changes in the scope of the data protected and significant increases in the sanctions available to the regulator.

As regulations change, how the board and business stakeholders stay abreast of the requirements to assess the adequacy of the controls in place will be key to the future vulnerabilities faced by each business.

BDO has developed a methodology to help businesses untangle the regulations impacting IT services, the vulnerabilities they bring to each organisation and the controls or procedures that will minimise the risk of a regulatory breach.

The approach focuses on three basic principles:

• Which regulations create the greatest threats to your business (software licence breach, data protection, copyright)?
• Does the Board or Senior Management receive appropriate insight to help them understand the vulnerabilities associated with the requirements pertaining to each regulation? Are the IT controls adequate and effective to minimise the risks faced?
• Where third party service providers are managing the risks on behalf of the business is there an appropriate assurance approach in place (for example, SSAE16 report to provide independent assurance over the third party’s IT controls)?

Where limited assurance exists, we can work with you to assess the controls in place, whether in-house or by providing an SSAE16 report across a third party service provider.