Inside the Inside of Pa’s Audit, which Shows Its Team of Experts Can’t Do Their Job: ‘We Have Not Been Informed’
The auditing software company Pa, which is owned by Oracle Corp., has been dogged by problems.
An audit last month revealed that the company’s audit team has not been informed of the vulnerabilities in Oracle’s software.
The audit also found that the software company’s auditing and risk management systems were not sufficiently secure.
Pa has said it was notified of the security problems in May.
The latest audit, by the IT consulting firm Deloitte LLP, was released on Tuesday and detailed problems with the companys auditing system.
Pa said that its audit team, which consists of three full-time employees and four contractors, has not yet been informed.
Deloise has a reputation for accuracy, according to its Web site.
Delositt said that in recent months the audit team had not seen a single document with “significant, credible, and meaningful” information that was either verified or reviewed by the audit staff.
It also noted that the audit software vendor, Oracle, is a subsidiary of SAP, the world’s largest software and services company.
Pa’s audit said that Pa’s auditors had been unable to access sensitive documents, such as business cards and other sensitive information, from Oracle, or the source code of Oracle’s products, because of an “undue burden” on the audit department.
The auditors were also unable to retrieve the audit log files that were provided by Oracle, Deloitt said.
In a statement, Oracle spokeswoman Jennifer O’Connor said the audit was a “complex technical and legal audit,” adding that it did not provide a timeline for the audit to be completed.
“We have not been in the position to provide details of our audit team and therefore can’t comment on the scope of this audit,” she said.
Oracle said it would “respond to any further questions” about the audit.
Pa, whose CEO, Michael Lutz, is an Oracle executive, is owned and operated by Oracle Inc. of New York.
It was the first software company in the U.S. to become part of Oracle, which was founded in 1965.
Pa was founded by two former SAP employees and their spouses in 1992.
It is now part of Deloiser, the accounting software giant.
In March, the New York Times reported that the auditing team had been told by Oracle that there were “potential security vulnerabilities” in its software.
In the audit, Delositte said that the auditor’s “system was configured in a way that allowed Oracle to monitor the integrity of its audit log file.”
Delosit said it had contacted Oracle and told them that the “system in question could be easily abused.”
The audit showed that Pa did not notify the audit teams of its problems.
Delozitt said Pa had not yet seen the audit logs and “has not been told of any serious issues with audit integrity.”
The auditor’s statement said that Deloist’s audit was the “most comprehensive audit ever undertaken of a software company,” according to a report in Bloomberg Businessweek.
“The audit is complete and will be presented at a public presentation in May, when Deloisa will provide an updated version of the audit report.”
Deloisse said it also did not have the audit file or source code, and that it was not possible to access it.
Deloositt said it “is not a government entity,” but said it does provide “specialized consulting services to clients including major corporations and governments.”
It also said that it is an “independent audit firm.”
The audited software vendor is the software firm that Oracle acquired in 2012, according a report by Reuters.
Oracle has said that some of the software used by Pa has been publicly disclosed.
It said that “many of the bugs found in Pa’s software” were “not remotely exploitable.”