Brian J. Thomas
Enterprise app stores: What financial professionals need to watch for

As more organizations deliver mobile applications to workers through private application stores, finance is expected to play a key role in controlling security and confidentiality of data.

March 7, 2013
by Brian J. Thomas

Employees are using an ever-increasing array of sophisticated mobile devices and, for the sake of convenience, many employees prefer to use their personal devices for at least some work functions, including accessing email, the internal network, or data files.

Enterprise app stores are a natural evolution for companies as they attempt to accommodate bring your own device (BYOD) policies and exercise some control over that trend.

Many organizations are expected to deliver mobile applications to workers through private application stores by 2014, according to Gartner, the information technology research and advisory company, which discussed listed enterprise app stores among its Top 10 Strategic Technology Trends for 2013.

Financial and accounting professionals will likely feel the impact as their organizations seek to create applications that enhance financial content distribution to mobile devices and correspondingly create policies and tools to control the security and confidentiality of that content.  

Characteristics of an enterprise app store

Enterprise app store applications are developed to be compatible with Apple’s iOS, Google’s Android and other common mobile device operating systems. Available enterprise applications may include programs designed for specific industries or functions as well as custom software. An increasing number of third-party vendors can help companies launch and maintain enterprise app stores.

Before entering into any vendor relationships, though, companies need to be aware of general considerations that accompany the ongoing operations of enterprise app stores.

Individuals frequently download applications onto their personal mobile devices that they seldom—if ever—use. For a consumer, the cost and any potential risks of downloading and retaining unneeded or unused applications may seem negligible.

Within a company, though, purchases, distributions, and uses of enterprise app store applications must be more tightly regulated. To begin with, there are cost concerns. Companies must purchase software licenses for various enterprise app store applications. That’s a considerable expense in itself. Those licenses specify how many application copies may be distributed. A company faces additional costs and potential litigation if a software licensing audit reveals that the company is violating its software license agreements. A company also faces unnecessary expenses when purchased licenses are not fully used. Monitoring downloads and usage of enterprise app store applications is critical for cost control.

Access restrictions

For IT control purposes, usage of enterprise app store applications must be provisioned. Within a traditional IT network, we have access controls to limit the applications, files, or modules an individual employee may open or use. Such access restrictions align with defined segregation of duties policies and mitigate various risks, including data entry errors, fraud, and unauthorized activity. Companies need to likewise define individuals’ valid IT work needs for enterprise app store applications.

Security concerns must be addressed as well. Enterprise app store applications must be reviewed for viruses or other malware. Continual vigilance is needed to deter malware and to educate individuals about the various threats that accompany use of applications downloaded from unknown sources.

Mobile devices are frequently misplaced or stolen, too. Companies have to assume that employees’ personal mobile devices will eventually fall into the wrong hands. To safeguard against unauthorized access to company information, various “lockdown” protection settings must be incorporated within employees’ mobile devices and enterprise app store applications.

Ultimately, an organization must take a holistic approach to security that encompasses software and the mobile devices employees use. Employees must be informed of security policies and the rationale for those measures.

Current and future impact of enterprise app stores on financial reporting

Seventy-five percent of IT leaders expect the share of employee-owned devices connected to company networks to increase “somewhat” to “significantly” over the next two years, according to Cisco Internet Business Solutions Group.

Senior management will increasingly want dashboard reporting tools and the ability to approve workflow transactions via a phone or tablet. At that point, mobile device applications used for financial reporting purposes will encompass process, entity, and strategic level concerns.

To protect confidential information now and to sustain financial reporting accuracy and compliance with Sarbanes-Oxley and other concerns, finance professionals will have to determine how mobile technology is used within their companies. If enterprise app store applications are being used for monitoring inventory, authorizing transactions, or supporting other financial processes, then they need to evaluate that use and determine what risks exist to the integrity of transactions and the confidentiality of the information.

To know where such exposures presently exist, they will need to examine which enterprise mobile applications relate to financial reporting and the role those applications play in the process.

 Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Brian J. Thomas, CISA, CISSP, is a partner in advisory services at Weaver, an accounting firm in the Southwest with offices throughout Texas.