Is Cybersecurity Not Part of Internal Controls for Financial Reporting?

screenshot of the first page of Is Cybersecurity Not Part of Internal Controls for Financial Reporting
By
Marie Pupecki, Audit Analytics
Internal Controls in the Current Landscape

You may remember that back in 2020, SolarWinds Corporation had undetected malicious code “SUNBURST” embedded in its software, which it then unknowingly distributed to approximately 18,000 clients, including many government agencies. The SEC filed a complaint in October 2023 alleging that both the chief information security officer (CISO) and the company misled investors regarding weak cybersecurity practices and known risks. The SEC also alleged that the company had deficient cybersecurity access controls and, as a result, had failed to maintain a system of internal accounting controls.

In this article, Audit Analytics further examines why cybersecurity measures are essential for maintaining comprehensive internal controls and preventing material weaknesses in financial governance.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.