• 15 Marks

AA – Nov 2024 – L2 – Q2a – Cyber Security Threats & amp; Audit Response

Discusses cyber security threats in an IT-enabled audit environment and the appropriate audit responses to mitigate such risks.

You are part of a team undertaking the audit of Glaglo LTD, a local retail company. The company recently introduced an online marketing and sales system. As part of understanding the company’s revenue process by way of a walkthrough test, you noted that the company has recently engaged a fintech company to handle payment processing from these online sales.

Required:

i) Discuss FOUR cyber security threats associated with the IT System employed by Glaglo LTD.

ii) State the audit response to the cyber security threats associated with the IT System employed by Glaglo LTD.

Cyber Security Threats Associated with the IT System of Glaglo LTD

  1. Loss/Theft of Data

    • The company may face data breaches where sensitive customer or financial data is stolen by cybercriminals.

  2. Loss of Intellectual Property

    • Hackers or competitors may gain unauthorized access to proprietary business data, trade secrets, or critical customer information.

  3. Theft of Funds

    • Cyber attackers could exploit vulnerabilities in the online payment system to siphon funds, leading to financial losses for the company.

  4. Leakage of Sensitive Information

    • Unauthorized access to confidential customer or corporate data can lead to regulatory penalties and reputational damage.

  5. Disruption of Day-to-Day Business

    • Cyber-attacks such as ransomware could halt operations, leading to downtime, loss of revenue, and customer dissatisfaction.

  6. Prevention of Timely Access to Information

    • Distributed Denial-of-Service (DDoS) attacks could make the company’s systems unavailable to customers and employees.

ii) Audit Response to Cyber Security Threats

  • Testing Automated Controls

    • The auditor should assess automated interface controls, access controls, and configuration settings in IT systems to ensure secure transaction processing.

  • General IT Control Evaluation

    • The audit team must review general IT controls such as system firewalls, encryption methods, and user authentication protocols to prevent unauthorized access.

  • Access and Authorization Testing

    • Ensuring that only authorized users can access critical financial systems and customer information.

  • Transaction Monitoring and Fraud Detection

    • The auditor should examine whether the fintech company has robust fraud detection mechanisms in place.

  • Testing Backup and Recovery Plans

    • The audit team should review the company’s data backup policies and recovery processes to ensure business continuity in the event of a cyber-attack.

  • Reviewing Third-Party Risk Management

    • Since Glaglo LTD relies on a fintech company for payments, auditors should assess the security policies of the third party to prevent cyber vulnerabilities.

  • Compliance with Regulatory Standards

    • The auditor must ensure that the company complies with cybersecurity laws, industry regulations, and data protection standards.
Back to all questions
online
Knowsia AI Assistant

Conversations

Knowsia AI Assistant

Pick a Form

Professional Tutor Application Form
Academic Tutor Application Form
Student Tutor Application Form