Cyberattacks in Public Companies & Koss Corporation

Cyber-attacks in Public Companies and Koss Corporation
Student’s Name
Institution
Cyber-attacks in Public Companies and Koss Corporation
Cyber-attacks in Public Companies
Question 1
The requirements for cyber-attacks disclosure were passed by the SEC in October 2011 and aimed to ensure increased reporting for an organization for any losses and incidences relating to attacks. According to the SEC, organizations must disclose all matters about cyber incidents especially when such occurrences have a significant impact on the ability of the investors to make decisions on their investments in the enterprise (Johnson, 2015). Entities should also report the controls and procedures against cyber incidents. One of the effects of this disclosure requirement is that it will enhance the integrity of reporting of qualitative information which is ignored by the typical financial statements. However, the disclosure is likely to cause adverse effects to the firm given the negative publicity that will be interpreted by the investors as an organization lacks of ability to protect its resources. Consequently, this may translate to negative earnings. A recommendation to the disclosure on the cyber-attacks is to require that firms provide regular updates about their cybersecurity controls, the expertise available within the entity for controlling attacks and organizational framework for addressing the gaps, rather than the mere reporting of the incidences which harm the reputation of the entity. This will strengthen the controls that give rise to cyber-attacks and prevent the firm from getting negative publicity when it reports real incidents.

An example of a data breach occurred at Amazon in April 2017. During the incidence, Hackers gained entry into Amazon accounts relating to third parties and stole personal information and credentials via a dark web, posting sham deals and misappropriated funds (Abel, 2017). Third party sellers reported losing sales of up to $ 100,000 due to the incident. SEC requires that such incidences by public companies should be reported to enhance corporate governance.
Question 2
The effects of cyber-attacks on an entity’s potential investors are that they damage the reputation of the firm which reduces the value of its stock and market capitalization. This scares away potential investors who fear that the organization is not good at protecting their resources (Johnson, 2015). As an auditor, I would recommend that cyber-attacks be reported as part of the notes to the financial reports instead of an actual attack. This will increase management pro-activity in addressing the issues rather than a reactive measure following an attack whose effects is to damage the reputation of the firm.
Koss Corporation
Question 1
Given the case study, the responsibility of the independent auditor is to ascertain that the financial report and the transactions represented therein are accurate, verifiable and reliable. The independent auditor must also report any cases of embezzlement to the management and recommend ways to strengthen the internal controls to prevent malpractices. On the other hand, the board of director’s role is to oversee the management in ensuring that the financial statements are prepared accurately, and all systems of corporate governance and control are followed in the preparation of the financial statements. Regarding the case study, Koss, Board of Directors and management failed to exercise its role, and this led to the alleged unauthorized financial transactions. Given the current scenario, the board of directors and management were responsible for the embezzlement since they should have ensured that the financial report is free of errors and preventing theft of resources. The role of the auditor is only to check whether they are accurate which they did thus shifting the responsibility of embezzlement to the board and the management.
Question 2
One of the controls for Koss Corporation on matters of electronic fund transfers is to assign specific responsibility for authorization of such transfers. This will ensure that particular persons are held responsible for any embezzlement thus preventing fraud. The recommendation will prevent fraud in the future such as current scenario where the CFO was transferring money through wire transfer to his account. The second recommendation is to require thorough authentication of the electronic fund transfers and the recipients before money is sent. For instance, the receiver confirmations should be accompanied by sufficient verification documents to prevent sending funds to other third parties. Unique passwords and confirmation codes linked with the organizational database should be sent to the customer’s preferred address to confirm the authenticity of the recipients of the funds. The strategy will overcome fraud in future by ensuring that all accounts are verified and that a trail of the transaction is left for addressing any disputes that may arise after that.
References
Abel, R. (2017). Amazon breach shows a need for stronger third-party cybersecurity. SCMedia. https://www.scmagazine.com/hackers-compromise-third-party-vendor-amazon-accounts/article/649665/Johnson, K. N. (2015). Cyber risks: Emerging risk management concerns for financial institutions. Ga. L. Rev., 50, 131.