IT Governance, Risk & Controls

Topics

April 12, 2018

How board members can perform oversight of cybersecurity risks

A new tool can help board members understand what questions to ask in their oversight of cybersecurity risk management.

November 3, 2017

Cybersecurity tips from the ‘Shark Tank’

Shark Tank star and cybersecurity expert Robert Herjavec said CPAs have an important role to play as trusted advisers on cybersecurity.

November 1, 2017

Expect the unexpected: Risk assessment using Monte Carlo simulations

Modern computing power, combined with software including Microsoft Excel, can produce advanced statistical models to analyze the risks of business opportunities.

July 1, 2017

New model created for cybersecurity risk management

The AICPA framework enables organizations to communicate and creates a new engagement for CPAs to report.

April 1, 2017

Using Excel and Benford’s Law to detect fraud

This Technology Workshop shows how to use Microsoft Excel to determine whether the numbers in a data set follow Benford’s curve or point to possible malfeasance.

November 1, 2016

New path for CPAs in cyber risk management

AICPA proposals would guide design and evaluation of cyber risk management.

September 6, 2016

Technology risk: It’s more than cybersecurity

This column discusses the “silent killers” of technology risk that organizations must master to protect their business.

August 1, 2016

Bolster your data defenses

These steps can help close holes in your cybersecurity setup.

June 13, 2016

Explaining the 3 faces of SOC

This column provides updates and adds perspective on SOC and reflects on changes in the reports and their attestation standards.

May 15, 2016

Be vigilant about cybersecurity, warns former FBI agent

Chris Tarbell led FBI investigations that resulted in multiple high-profile cybercrime arrests. He shared his tips for cybersecurity during a presentation at the AICPA spring Council meeting.

April 1, 2016

5 steps CPAs can take to fight hackers

See what CPAs can do to fight cybercriminals’ threat.

September 7, 2015

How to mitigate vendor risk in a cybersecurity environment

Vendors represent one of the highest risk areas in an organization’s cybersecurity structure.

August 27, 2015

Use a layered cybersecurity approach to protect crown jewels

Layers of defense should exist in an organization’s systems, with the most sensitive information protected by the most layers.

August 26, 2015

How internal audit can help manage 10 top technology risks

Internal auditors can play a pivotal role in managing technology risks ranging from cybersecurity to social media. The risks are ranked in a new report that shows how internal audit can help manage them.

May 15, 2015

Cyber concerns show no signs of cooling off, former Homeland Security chief says

The digital sun will never set, which means that digital threats to business and government will only grow in the future, Tom Ridge said Friday.

April 13, 2015

Monitoring fraud risks in the supply chain

Mark Pearson, who works in supply chain forensics for Deloitte, explains how companies can probe one of the top risks—third-party expense categories—and avoid overpaying.

January 28, 2015

How to manage risks connected with the “internet of things”

Although web-connected products and the “internet of things” provide opportunities for transformative growth, they also may carry substantial risks.

January 14, 2015

Viewing cybersecurity through a COSO lens

The principles outlined in a popular internal control framework can help organizations manage their cybersecurity.

July 23, 2014

Technology plays a role in board members’ top two concerns

In a business environment where a damaging Twitter post can have disastrous effects on a company’s financials, reputational risk remains the top nonfinancial concern for corporate directors, according to a new survey report. Another risk rooted in technology—cybersecurity and information technology risk—is rising quickly among directors’ concerns, according to the

May 1, 2014

How to use COSO to assess IT controls

CPAs can assess the effectiveness of their organization’s information technology controls by using Principle 11 of the newly updated internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). See a step-by-step procedure for applying Principle 11 to IT controls.