Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation

Cereola, Sandra J.; Cereola, Ronald J.

doi:10.2308/iace-50031

Cited by 23 publications

(9 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given that IT internal control weaknesses may increase cyber-security risk (Klamm & Watson, 2009;Cereola & Cereola, 2011), we test the robustness of our results by adding such a factor in the regression models presented in Equation 1and Equation 3. We also run the regressions with and without the indicator variable for internal control weakness (ICWEAK) to avoid potential multicollinearity-related bias.…”

Section: It Materials Weaknessesmentioning

confidence: 99%

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Rosati

Gogolin²,

Lynn³

2019

Int. J. Acc.

View full text Add to dashboard Cite

This study investigates the impact of cyber-security incidents on audit fees. Using a sample of 5,687 firms, we find that (i) breached firms are charged 12% higher audit fees, and (ii) firms operating in the same industry of a breached firm are charged 5% higher fees. Finally, using a difference-in-difference regression on a propensity score matched sample, we provide evidence suggesting that auditors do not revise their audit risk assessment following a breach. Overall, these results suggest that the increase in audit fees in the year of a breach is only temporary, and that auditors include cyber-security risk in their audit risk assessment even before an incident occurs. Higher cyber-security risk is ultimately reflected in higher audit fees paid by auditees.

show abstract

Section: It Materials Weaknessesmentioning

confidence: 99%

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Rosati

Gogolin²,

Lynn³

2019

Int. J. Acc.

View full text Add to dashboard Cite

show abstract

“…The two frameworks, COSO Report and COBIT, most widely used on a voluntary basis in Italy (Azzali & Mazza, 2013) were selected for our study to investigate IT CONTROLS FRAMEWORKS COMPLIANCE . Many studies examine COSO and COBIT reports (Bernroider & Ivanov, 2011; Cereola & Cereola, 2011; Garelli, 2009; Kuhn, 2007; Lainhart, 2000; Merhout & Havelka, 2008; Mishra & Weistroffer, 2007; Panko, 2006; Tuttle & Vandervelde, 2007). COSO is a model for internal controls and corporate governance (Harris, 2006).…”

Section: Literature Review and Research Question Developmentmentioning

confidence: 99%

Information Technology Controls Quality and Audit Fees: Evidence From Italy

Mazza

Azzali

2016

Journal of Accounting, Auditing & Finance

View full text Add to dashboard Cite

This study analyzes the impact of Information Technology (IT) Controls quality on control risk and audit fees. The impact is expected to occur when regulation increases sensitiveness to audit risk assessment. The research focuses on IT Controls as part of Internal Control over Financial Reporting, particularly on scoping quality, segregation of duties, and Controls framework compliance. The research was conducted with a questionnaire on a population of Italian listed companies. We find that audit fees are lower for higher IT scoping quality, IT Controls segregation of duties, and IT Controls framework compliance. The overall conclusion is that IT Controls quality is related to lower control risk, audit fees, and audit effort.

show abstract

“…In addition, such frameworks are useful tools for both management and internal auditors to evaluate and address the adequacy of internal controls in their respective organisation(s) (Cereola & Cereola, 2011). The internal control frameworks that are of particular importance are that of the COSO internal control framework, COBIT framework and the COCO framework.…”

Section: Internal Control Frameworkmentioning

confidence: 99%

“…According to Cereola and Cereola (2011) internal control frameworks provide a basis for internal controls in any organisation and is also used to make decisions around the effectiveness of existing internal controls. In addition, such frameworks are useful tools for both management and internal auditors to evaluate and address the adequacy of internal controls in their respective organisation(s) (Cereola & Cereola, 2011).…”

Section: Internal Control Frameworkmentioning

confidence: 99%

The Status of Internal Controls in Fast Moving Small Medium and Micro Consumer Goods Enterprises within the Cape Peninsula

Smit¹,

Bruwer²,

Ukpere³

2014

MJSS

View full text Add to dashboard Cite

show abstract

Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation

Cited by 23 publications

References 1 publication

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters

Information Technology Controls Quality and Audit Fees: Evidence From Italy

The Status of Internal Controls in Fast Moving Small Medium and Micro Consumer Goods Enterprises within the Cape Peninsula

Contact Info

Product

Resources

About