docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

660

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

2

Uploaded by nalalover1992

Report
There are many human threats that an auditor could be concerned with whether they are intentional or unintentional. According to the Cybersecurity and Infrastructure Security Agency (CISA), inside threats “will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks or systems (Defining insider threats: CISA (n.d.)).” A few years ago, I was working for an oil and gas company in the accounting department. My job required me to reconcile both inventory and revenue. Due to the company being a publicly traded company, there were many SOX controls that I had to comply with to maintain standards. One of those controls required me to verify that the inventory system had been closed prior to me starting my reconciliation to ensure that no other changes would be made that would impact inventory or revenue. Before I could begin my process, the terminal manager would be required to send me an email letting me know when the system was closed. During a month end close, I received the required email and began collecting the necessary data to begin my process. After going through the process of validating and verifying everything and the month end close had been completed, I found out that someone at the terminal reopened the system and made changes without a notification. This became a problem because it impacted various shipper’s inventory and revenue. The impact of the data affected various departments that relied in the data to do reporting. While this was not a material misstatement, it was a break in the process and made the internal control ineffective. Luckily, the problem was caught before it caused bigger issues and corrective actions were taken. References Defining insider threats: CISA. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https://www.cisa.gov/topics/physical-security/insider-threat- mitigation/defining-insider-threats
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

inform security sys 2.4.docx
DR-strategy-analysis .pptx
Group Project Notes.docx
Network and System Monitoring.docx
Chapter-01 Video Case-2 UPS.docx
Chapter-10 Video Case1 Walmart-Amazon.docx
IT390 Unit 4 Topic 1.docx
IT390 Unit 4 Topic 2.docx
Credentials vulnerability is the primary example that comes to mind.docx
Without disclosing names and titles.docx
In a real estate company.docx
CJ 347 4-1.docx