COSO & Cybersecurity
Accounting vendors are increasingly focusing their resources on cloud-based application development; 2015 undoubtedly will see the continued growth of accounting and business in the cloud. Private companies in particular often view cloud-based applications as a relief, since they take more comfort in the cloud provider’s security program than in theirs. In truth, managing and enforcing your entity’s security program over Software as a Service—or any other outsourced business process—can’t simply be delegated to the vendor. The security and compliance risks of using electronic data interchange in all facets of your business—including cloud providers—remain with you, the customer. Internet connectivity brings its own incident risks, dubbed “cyber risk.”
Companies are preparing to spend more on information technology (IT) in 2015, and security is among the top IT spending priorities. Recent headlines about security breaches play a major role in increased information security budgets, and fraud schemes are expected to grow more sophisticated. If your organization’s senior management and board haven’t discussed ways to manage and mitigate cyber risk, they should—and soon. This article discusses cyber risk as part of an entity’s enterprise risk management program, using the tools provided in The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework—2013 edition (2013 framework).