The obsolete notion of auditing information: boards today are fighting a new kind of war--an information integrity war--with antiquated concepts and tools much the same way the Polish cavalry met the German army in World War II.

• Author: Nayar, Madhavan
• Position: INFORMATION FOR THE BOARD

HISTORY IS REPLETE with examples of technologies that disrupt the existing world order in many fields of endeavor. For example, over the centuries, cavalry had been the source of strategic advantage in warfare. In 1939, when the German army invaded Poland, they were met by the Polish cavalry. Proud, skilled, and brave horsemen, the Polish cavalry charged the advancing German army, which was armed with tanks with mounted machine guns. The carnage that ensued decimated the Polish cavalry and made clear its obsolescence.

The coming of age of the Digital Age has made the current approaches to information integrity--its accuracy, consistency, and reliability--in most organizations obsolete.

Boards have depended on information provided primarily by senior management to base its decisions and carry out its responsibilities. It has been assumed, for the most part, that such information is dependable and trustwo rthy, and that management has implemented appropriate controls in the information systems and processes to ensure information integrity. Additionally, boards have relied on the system of internal controls, including internal audits, and on the external auditors for the assurance of information integrity.

Suspect information

Now boards are under siege from shareholders and regulators. The information they give the shareholders and regulators has become suspect and in some instances been proven to be wrong, misleading, or false. Boards have suffered as a result of the fragmented, ad hoc, and inadequate approach to information integrity that is prevalent in most organizations. The internal control systems aimed at assuring information integrity are, more often than not, held together by a patchwork of manual processes, embedded controls, and obscure audit trails.

With the advent of the first Industrial Revolution, some 200 years ago, it became necessary to establish a system of controls to monitor and report business activity. The resources of the industrial age were tangible things that could be mined, processed, bought, sold, managed, and easily understood, and the 'physical' organization and operation--customers, suppliers, people, processes, and resources--were visible, identifiable, and accessible. The task of monitoring and reporting was comparatively simple and straightforward. It was possible to establish internal control systems to physically observe and manually verify the veracity of the information presented by management.

The...