Is Cybersecurity Not Part of Internal Controls for Financial Reporting?
You may remember that back in 2020, SolarWinds Corporation had undetected malicious code “SUNBURST” embedded in its software, which it then unknowingly distributed to approximately 18,000 clients, including many government agencies. The SEC filed a complaint in October 2023 alleging that both the chief information security officer (CISO) and the company misled investors regarding weak cybersecurity practices and known risks. The SEC also alleged that the company had deficient cybersecurity access controls and, as a result, had failed to maintain a system of internal accounting controls.
In this article, Audit Analytics further examines why cybersecurity measures are essential for maintaining comprehensive internal controls and preventing material weaknesses in financial governance.