Question

In: Accounting

In November of 2015, STI customers were notified by e-mail that their accounts had been compromised...

In November of 2015, STI customers were notified by e-mail that their accounts had been compromised and were being restricted unless they re-registered using an accompanying hyperlink to a Web page that had STI’s logo, home page design, and internal links. The form had a place for them to enter their credit card data, ATM PINs, Social Security number, date of birth, and their mother’s maiden name. Due to the diligent efforts of Tommy Lew, STI customer information was not breached, according to internal sources.

identify an internal control weakness explained above. Explain why it is a weakness and recommend a way or ways to correct the weakness.

Solutions

Expert Solution

A cybersecurity breach involving theft of a company's customer data could mean that the company has a weakness, which could be material, in its internal control over financial reporting (ICFR) related to controls over the safeguarding of assets. To minimize the possibility of cyber theft, companies should examine their controls over customer data as well as other assets to be sure that they are sufficient. To the extent that a company outsources information management activities, the company must also ensure that the providers of those activities have adequate controls over the company's customer data and any other company assets.

Rule 13a-15(f) of the Exchange Act defines ICFR as a process to provide, among other things, "reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the issuer's assets that could have a material effect on the financial statements." According to the SEC's adopting release on ICFR, this "provision [was] specifically included to make clear that, for purposes of [this] definition, the safeguarding of assets is one of the elements of internal control over financial reporting." Because customer data is an asset, a company's failure to have sufficient controls to prevent the unauthorized acquisition, use, and/or disposition of customer data may constitute a weakness in ICFR. If it meets the definition of a material weakness in ICFR, the company will have to report ineffective ICFR. This type of material weakness, however, would not likely require a company to conclude that its disclosure controls and procedures are not effective.

Several retailers, banks, and other companies have recently experienced cybersecurity breaches that resulted in the loss of customer data. These breaches, and the resulting significant expenditures that were incurred in addressing the breaches, further emphasize the need for companies to review the adequacy of their internal controls relating to the safeguarding of customer data.


Related Solutions

The following poorly written e-mail tells customers that their e-mail addresses have been hacked. However, the...
The following poorly written e-mail tells customers that their e-mail addresses have been hacked. However, the message is clumsy and fails to include essential information in revealing security breaches to customers. Your Task. List at least seven weaknesses Revise this message using the suggestions you learned in this chapter about security breach messages. To: Kara Khalial [[email protected]] From: Justin Small [[email protected]] Subject: Customer Security Incident at Princeton Payment Systems Cc: Bcc: Companies and individuals across the country are experiencing more...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The results are summarized in the table to the right. Use a 0.05 significance level to test the claim that the response is independent of whether the subject is a worker or a boss. workers Yes 195 No 243 bosses yes 41 No 85 a. State the null and the alternative hypotheses. Choose the correct answer below. A. The null​ hypothesis: Response is independent of...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The results are summarized in the table to the right. Use a 0.05 significance level to test the claim that the response is independent of whether the subject is a worker or a boss. Yes No Workers 193 193 241 241 Bosses 36 36 86 86 a. State the null and the alternative hypotheses. Choose the correct answer below. A. The null​ hypothesis: Response is...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The...
Workers and​ senior-level bosses were asked if it was seriously unethical to monitor employee​ e-mail. The results are summarized in the table to the right. Use a 0.05 significance level to test the claim that the response is independent of whether the subject is a worker or a boss. Yes No Workers 200 200 250 250 Bosses 36 36 81 81 a. State the null and the alternative hypotheses. Choose the correct answer below. A. The null​ hypothesis: Response is...
Dunder Mifflin had the following balances in selected accounts at the end of 2015 and 2016....
Dunder Mifflin had the following balances in selected accounts at the end of 2015 and 2016. 2015 2016 Cash $58,000 $45,000 Short-term investments 46,000 39,000 Accounts receivable 54,000 61,000 Allowance for uncollectible accounts 3,500 5,000 Inventory 78,000 98,000 Accounts payable 91,000 102,000 Wages payable 17,000 25,000 Income tax payable 4,500 6,500 Note payable (due 2022) 100,000 100,000 Sales 415,000 525,000 Cost of goods sold 225,000 304,000 The accounts receivable at the end of 2014 were $50,000 and the allowance for...
Eastwind Corp. had $1,000,000 net income in 2015. On January 1, 2015 there were 200,000 shares...
Eastwind Corp. had $1,000,000 net income in 2015. On January 1, 2015 there were 200,000 shares of common stock outstanding. On April 1, 20,000 shares were issued and on September 1, Adcock bought 30,000 shares of treasury stock. On October 1, the company declared a two-for-one stock split. On December 1, 20% stock dividend was issued. There are 30,000 options to buy common stock at $40 a share outstanding. The market price of the common stock averaged $50 during 2015....
A purchasing department received the following e-mail. Dear Accounts Payable Clerk, You can purchase everything you...
A purchasing department received the following e-mail. Dear Accounts Payable Clerk, You can purchase everything you need online—including peace of mind—when you shop using Random Account Numbers (RAN). RAN is a free service for Big Credit Card customers that substitutes a random credit card number in place of your normal credit card number when you make online purchases and payments. This random number provides you with additional security. Before every online purchase, simply get a new number from RAN to...
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.”(sourced from a published report) Referring to the case given, list and explain 2 steps that can help prevent data breach like this.
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.”(sourced from a published report) Referring to the case given, list and explain 2 steps that can help prevent data breach like this.
Question 3 Dunder Mifflin had the following balances in selected accounts at the end of 2015...
Question 3 Dunder Mifflin had the following balances in selected accounts at the end of 2015 and 2016. 2015 2016 Cash $58,000 $45,000 Short-term investments 46,000 39,000 Accounts receivable 54,000 61,000 Allowance for uncollectible accounts 3,500 5,000 Inventory 78,000 98,000 Accounts payable 91,000 102,000 Wages payable 17,000 25,000 Income tax payable 4,500 6,500 Note payable (due 2022) 100,000 100,000 Sales 415,000 525,000 Cost of goods sold 225,000 304,000 The accounts receivable at the end of 2014 were $50,000 and the...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT