Cyber Security and Internal Controls

A. Complete the Internal Control Matrix below.

Internal Control Matrix for Cyber Security Using COSO 17 Principles
Control Objective: Provide assurance that the entity is protected from CYBER THEATS. [You can use CHATGPT to generate ideas]
	Internal Control Component (COSO)	COSO Principle	Control Objective (To stop the Threat-Management's Responsibility)	Provide a Management Control that meets the Control Objective. (Management's Responsibility) [COSO-17 principles] [What does Management SPECIFICALLY do, and the auditor can actually obtain as Evidence?]	What Audit Procedure can the auditor perform to test this control?
	Control Environment	Principle #1 Demonstrate commitment to integrity and ethical values	Management ensures that the entity is protected from CYBER THREATS by demonstrating a commitment to integrity and ethical values.
	Control Environment	Principle #2 Ensure that board exercises oversight responsibility	Management ensures that the entity is protected from CYBER THREATS by ensuring that the board exercises oversight responsibility.
	Control Environment	Principle #3 Establish structures, reporting lines, authorities, and responsibilities	Management ensures that the entity is protected from CYBER THREATS by establishing structures, reporting lines, authorities, and responsibilities.
	Control Environment	Principle #4 Demonstrate commitment to a competent workforce	Management ensures that the entity is protected from CYBER THREATS by demonstrating a commitment to a competent workforce.
	Control Environment	Principle #5 Hold people accountable	Management ensures that the entity is protected from CYBER THREATS by holding people accountable.
	Risk assessment	Principle #6 Specify appropriate objectives	Management ensures that the entity is protected from CYBER THREATS by specifying appropriate objectives.
	Risk Assessment	Principle #7 Identify and analyze risks	Management ensures that the entity is protected from CYBER THREATS by identifying and analyzing risks.
	Risk assessment	Principle #8 Evaluate fraud risks	Management ensures that the entity is protected from CYBER THREATS by evaluating fraud risks.
	Risk assessment	Principle #9 Identify and analyze changes that could significantly affect internal controls	Management ensures that the entity is protected from CYBER THREATS by identifying and analyzing changes that could significantly affect internal controls.
	Control Activity	Principle #10 Select and develop control activities that mitigate risks	Management ensures that the entity is protected from CYBER THREATS by selecting and developing control activities that mitigate risks.
	Control Activity	Principle #11 Select and develop technology controls	Management ensures that the entity is protected from CYBER THREATS by selecting and developing technology controls.
	Control Activity	Principle #12 Deploy control activities through policies and procedures	Management ensures that the entity is protected from CYBER THREATS by deploying control activities through policies and procedures.
	Information and Communications	Principle #13 Use relevant, quality information to support the internal control function	Management ensures that the entity is protected from CYBER THREATS by using relevant, quality information to support the internal control function.
	Information and Communications	Principle #14 Communicate internal control information internally	Management ensures that the entity is protected from CYBER THREATS by communicating internal control information internally.
	Information and Communications	Principle #15 Communicate internal control information externally	Management ensures that the entity is protected from CYBER THREATS by communicating internal control information externally.
	Monitoring	Principle #16 Perform ongoing or periodic evaluations of internal controls (or a combination of the two)	Management ensures that the entity is protected from CYBER THREATS by performing ongoing or periodic evaluations of internal controls.
	Monitoring	Principle #17 Communicate internal control deficiencies	Management ensures that the entity is protected from CYBER THREATS by communicating internal control deficiencies.

B. Using Deloitte's "State of Ethics and Trust in Technology Annual Report" [fifty-three pages]

https://www2.deloitte.com/content/dam/Deloitte/us/Documents/us-tte-annual-report-2023-12-8.pdf

From page 6 of this report, select one of the emerging technologies (Cognitive Technologies; Digital Reality; Ambient Experiences; Autonomous Vehicles; Quantum Computing; Distributed Ledger Technology; or Robotics.)

Then using page 27 of this report, pick one of the "Trustworthy and Ethical Principles" (Responsible; Safe and Secure; Transparent and Explainable; Robust and Reliable; Accountable; Fair and Impartial; Private; Collaborative; Adaptable; and Controlled)

Required: Using your words, explain how your selected "trustworthy and ethical principle" can be applied to your selected emerging technology. (This should be about three to six sentences.) In other words, how could a company using a technology make sure that it is using the technology in an ethical manner.

Cyberspace includes the global internet and all its accoutrements. There are 1.7 billion global users of this cyber space. Cyber security is the system in place to keep cyber space secure from hacking, pirating, terrorism, fraud, etc. for individuals, companies and governments. $575 billion is loss to cyber security violations annually.

As an accountant you will be expected to help corporations and governments secure their cyberspace against cyber penetration. This cyber security project will give you practice in helping your clients.

You will be preparing a matrix with 17 suggested controls to ensure the entity will not be cyber attached!