Recognizing that mobile device governance was a key risk area, a large, private, Catholic university was looking for help with understanding and reviewing the university’s mobile computing environment and mobile device governance. The university also wanted help with identifying practical solutions for addressing mobile device risks and improvements to current practices for procuring, securing and managing mobile devices.
Baker Tilly, operating as the internal audit function, assessed the consistency and effectiveness of the current approach to mobile device governance across four primary areas (policies/people, data, apps/websites and devices). Our scope included only mobile phones and tablets that did not use Windows or macOS. For each of the four areas under review, we used a customized maturity model based on the Capability Maturity Model Integration to evaluate the design of systems and processes for securing phones and tablets with access to the university's systems and data. The criteria for maturity were defined specifically for this project based on guidance relevant to higher education institutions. Baker Tilly identified several areas whose maturity was not at the recommended level and subsequently developed cost-effective and practical recommendations for improving systems and processes in areas that did not meet the recommended maturity levels.
Upon completion of the review, the university received a final report summarizing our work performed, potential mobile device risk exposures as well as detailed breakdowns of the criteria for measuring levels of maturity. The report included observations and specific recommendations to help the university's IT departments better manage mobile device risks and align the university’s practices with those of other higher education institutions. In addition, our work helped to better inform senior leaders and the audit committee about risk exposures in this area.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.