Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation-Reference-Cited by-同舟云学术

Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation

Published:2011-08-01 Issue:3 Volume:26 Page:521-545
ISSN:0739-3172
Container-title:Issues in Accounting Education
language:en
Short-container-title:

Author:

Cereola Sandra J.,Cereola Ronald J.

Abstract

ABSTRACT Internal control frameworks (ICF) provide a basis for understanding controls in an organization and for making judgments about the effectiveness of controls. The Sarbanes-Oxley Act of 2002 (SOX) requires companies to report, on an ongoing basis, the effectiveness of their internal controls in their annual filings. The Securities and Exchange Commission (SEC) recommends companies use ICF to help achieve compliance with SOX. ICF provide a useful tool for management and auditors evaluating and addressing the adequacy of controls in their organization. As there is no such thing as a “risk-free” enterprise, developing an understanding of ICF is important for students entering the accounting profession. This instructional case provides students the opportunity to assess internal control risks within an organization's information system using a “real-world” problem following COSO (SEC-recommended ICF) and/or COBIT as a guide. Students then evaluate the organization's overall level of internal control risks and formulate recommendations for mitigating such risks.

Publisher

American Accounting Association

Subject

Education,Accounting

Link

http://meridian.allenpress.com/iae/article-pdf/26/3/521/1730282/iace-50031.pdf

Reference16 articles.

1. American Institute of Certified Public Accountants (AICPA). 2006. Understanding the Entity and Its Environment and Accessing the Risks of Material Misstatement. Statement on Auditing Standards (SAS) No. 109. New York, NY: AICPA.

2. American Institute of Certified Public Accountants (AICPA). 2009. The AICPA's 2009 top technology initiatives. Available at: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/TopTechnologyInitiatives/Top10TechnologiesArchive/Pages/2009TTI.aspx

3. CBS News. 2007. Hi-Tech Heist: How Hi-Tech Thieves Stole Millions of Customer Financial Records. Video available at: http://www.youtube.com/watch?v=MxG2J3bf1BQ

4. Committee of Sponsoring Organizations (COSO). 1992. Internal Control-Integrated Framework. New York, NY: AICPA.

5. Committee of Sponsoring Organizations (COSO). 2004. Enterprise Risk Management Framework. New York, NY: AICPA.

Cited by 19 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Literature Review of Technology‐Related Research in Accounting Education: 2010–2020*;Accounting Perspectives;2024-01-30

2. Classifying Internal Control Deficiencies: The Case of Magnum Hunter Resources Corporation;Issues in Accounting Education;2023-12-01

3. Literature Review of Technology-Related Research in Accounting Education: 2010 - 2020;SSRN Electronic Journal;2021

4. Cyber-Security Incidents and Audit Quality;European Accounting Review;2020-12-16

5. Heartland Payment Systems: Cybersecurity Impact on Audits and Financial Statement Contingencies;Issues in Accounting Education;2020-09-02