Professional Documents
Culture Documents
MAA 789 - Accounting Systems and Analytics
MAA 789 - Accounting Systems and Analytics
Requirement 1
In the context of the Optus data breach, two components of the COSO-ERM framework that
are particularly relevant are Control Environment and Information and Communication (Lee
& Lee, 2021).
The control Environment component sets the tone for the organization’s risk management
and establishes a foundation for all other components. It encompasses the integrity, ethical
values, and competence of the people within the organization (Yiran et al., 2019). To enhance
Optus’s control environment and mitigate cybersecurity risks, the following measures can be
implemented:
i. Optus should foster a culture of cybersecurity awareness and make it a top priority.
Senior management should demonstrate a strong commitment to data security and
establish policies that promote a proactive approach to risk management.
ii. To teach staff members about data safety procedures, such as identifying and
reporting possible cyberthreats, Optus should offer thorough training programs (Yiran
et al., 2019). Employees may remain cautious against phishing efforts and other forms
of social engineering by receiving regular information on developing dangers and
awareness initiatives.
i. Optus have to carry out frequent risk evaluations in order to recognize and rank any
cybersecurity threats. This entails assessing the threat landscape, keeping an eye on
market developments, and remaining up to date on newly discovered weaknesses and
attack methods (Saleem et al., 2019).
ii. In the case of a data breach or cyber-attack, Optus should have a thorough incident
response strategy that details what should be done.
1
Requirement 2
1) Inadequate implementation and enforcement of frameworks
Cybersecurity threats are constantly evolving, and attackers continually find new ways to
exploit vulnerabilities. Organizations like Optus must stay updated and adaptive to emerging
threats by regularly assessing and reassessing their risk management strategies. It is possible
that Optus’s risk management frameworks and controls were designed based on previous
threats and did not adequately address emerging risks. As cyber threats become more
sophisticated, organizations need to continually invest in research, threat intelligence, and
proactive measures to stay ahead of potential attacks (Dikokoe, 2021). Failure to adapt to
evolving threats can leave organizations vulnerable, even if they have implemented adequate
controls based on earlier risk assessments.
In addition to the above reasons, there might be potential gaps in internal controls and audit
processes that contributed to the data breach. These gaps might be caused by inadequate
incident response plans, lax access restrictions, poor monitoring and detection systems, or
insufficient separation of roles.
2
References
Al-Matari, O. M., Helal, I. M., Mazen, S. A., & Elhennawy, S. (2021). Integrated framework
for cybersecurity auditing. Information Security Journal: A Global
Perspective, 30(4), 189-204.
Dikokoe, T. (2021). Role of Internal Audit in Managing Cyber Security Risks. University of
Johannesburg (South Africa).
Lee, H., & Lee, H. (2021). COSO ERM Framework. Risk Management: Fundamentals,
Theory, and Practice in Asia, 35-50.
Saleem, K. S. A., Zraqat, O. M., & Okour, S. M. (2019). The effect of internal audit quality
(IAQ) on enterprise risk management (ERM) following the COSO
framework. European Journal of Scientific Research, 152(2), 177-188.
Yiran, H. U. A. N. G., & Liqin, L. I. U. (2019). Research on Risk Management in the Internal
Process of College Procurement under the COSO-ERM Framework. Research &
Exploration in Laboratory, 38(11).