Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER 10 2015 FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.

Published byWilfrid Burke Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER 10 2015 FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE."— Presentation transcript:

1 CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER 10 2015 FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE

2 CORPORATE BOARDS RACE TO SHORE UP CYBERSECURITY Wall Street Journal June 29, 2014

3 CHINA’S HACKERS ACCUSED OF A SPYING CAMPAIGN Wall Street Journal April 13, 2015

4 WSJ, 2015

5 WHO IS THIS GUY? CTO For Tupperware Brands Past 14 years Previous Technology Consultant for Ernst & Young Developed Cyber Security Program for Tupperware Brands Sox & Audit Compliance Experience MBA-UCF

6 WHY SHOULD WE CARE ABOUT CYBER SECURITY? Financial impact depends on many factors Target pay load compromised (e.g. credit cards or social security numbers) Length of intrusion and theft Intent of hackers Disruption or Destruction Political Environmental Anonymous Because a CS breach can impact your financial statements

7 WHY SHOULD WE CARE ABOUT CYBER SECURITY? Ransom Ware Direct Dollar Impact How much & how often

8 IMPACT OF THE CYBER SECURITY BREACH For some companies, it could be a going out of business situation Significant dollar expenditures to remedy situation Loss of client confidence Legal fees & lawsuits Media humiliation Employee attrition

9 WHAT CAN YOU DO TO GET STARTED? Keep up with software patches Close your online doors (within reason) Encrypt data when it makes sense Cost Speed Consider new password methods Finger prints Change password policy; 10 vs 5 Evaluate third party vendors access Target hit through heating/ac vendor equipment ISO 27001 Family of standards to help secure data Includes people, processes, and IT systems Source WSJ Begin with the Basics

10 FRAMEWORK FOR IMPROVING CYBER SECURITY National Institute of Standards and Technology (NIST) 5 Core Functions 1. Identify 2. Protect 3. Detect 4. Respond 5. Recover

11 IMPACT OF A CYBER SECURITY BREACH Two main areas of CS oversight Risk Management Security is not just an IT issue Senior Management needs to drive the effort CS is one element of overall company risk Don’t fret about the technical aspects! Cyber liability insurance Employee security education

12 IMPACT OF A CYBER SECURITY BREACH Response Management or Crisis Management Who wants to talk to the Chanel 9 reporter? Who put us in “the Cloud” Response Team (C-level, legal, IT, HR, PR) Have a documented Response Plan

13 SUMMARY In short, this is a nightmare in your future You could spend millions and still not be 100% protected This is the new “Cost of doing Business” A breach could significantly damage the financial health of any company Recommendation is to take steps NOW to show due diligence in this area

14 AUDIT & BUSINESS RISK OF IT BOB WAGNER TUESDAY, NOVEMBER 10, 2015 FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE

15 AUDIT & BUSINESS RISK OF IT Our business depends on technology working everyday Technology is growing more complicated More devices attached “Internet of Everything” Millions of lines of code Internal associates and clients, are increasingly demanding Access from any place, any time, any device This all adds to risk- lots of moving parts IT holds the keys to the kingdom Heavily dependent on a strong IT team to keep business going Risk element of IT employee who goes bad Risk of outsourcing

16 AUDIT & BUSINESS RISK OF IT If email is down business is down If clients can’t place orders the cash cycle stops If distribution software is slow trucks are backed up at dock If the local server is down We can not deliver the promised proposal to clients So… OUR BUSINESS CAN NEVER BE DOWN!

17 HOW TO MITIGATE RISK? Senior Management involvement and understanding; not just an IT function What level of engagement do they have? This is the red flag you are looking for Each company should have an overall risk assessment IT can be one of the larger risks (both business & audit) Review IT Policies Look for lax policies or no policies Each company should have a risk team that sets policies Segregation of duties is huge, but many companies are too small, so… One IT person can cause lots of problems

18 HOW TO MITIGATE RISK? Companies are trying to do too many IT things at the same time The business can’t digest all of it Money is wasted on failed projects IT is typically not the stumbling block Even if business folks think they are Consideration should be given to forming an IT Steering Committee Made up of mostly business executives & the top IT person Look for regular meetings Monthly or quarterly Minutes taken with decisions reached Do they communicate the decisions? In short, companies need to ensure the processes are in place to mitigate IT business risk

Download ppt "CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER 10 2015 FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq. 303-299-8240

© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq
How JCPenney is Managing Corporate Risk

How JCPenney is Managing Corporate Risk
Top Questions Executives and Board Members Should be Asking About IT and Cloud Risks.

Top Questions Executives and Board Members Should be Asking About IT and Cloud Risks.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Security Controls – What Works

Security Controls – What Works
© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.

© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.
ISO General Awareness Training

ISO General Awareness Training
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Risk Management for Law Firm Executive Management.

Risk Management for Law Firm Executive Management.
A Coherent Strategy for Data Security through Data Governance Roland L. Trope E. Michael Power Vincent I. Polley Bradford C. Morley Presented by Barry.

A Coherent Strategy for Data Security through Data Governance Roland L. Trope E. Michael Power Vincent I. Polley Bradford C. Morley Presented by Barry.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.
Presentation to Senior Management 2007. MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Similar presentations

Ads by Google