The queue of people ready to offer HMRC and Kieran Poynter advice on how the department should improve its data security is a long one. But I'm ready to join the line after noticing a new guide to managing the business risks of fraud on the Institute of Internal Auditors (US) web site.

Of the increasing risk IT presents to organisations it says: 'A poorly designed or inadequately controlled IT environment can expose an organization to fraud. Today's computer systems, linked by national and global networks, face a variety of threats that can result in significant financial and information losses and an ongoing threat of cyber fraud. IT risks include threats to data integrity, threats from hackers to system security, and theft of financial and sensitive business information.' [To that add inadquate policing of corporate policies.] 'Whether in the form of hacking, economic espionage, web defacement, sabotage of data, viruses, unauthorized access to data, cyber fraud can affect everyone.'

The paper offers remedy as well as diagnosis: 'To manage the ever-growing risks of operating in the information age, an organization should both know its vulnerabilities and be able to mitigate risk in a cost-effective manner. Therefore, an IT risk assessment should be incorporated into an organization's overall fraud risk assessment.'

Better get started then.