Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation

Issues in Accounting Education

Volumn 26, Issue 3, 2011, Pages 521-545

  Cereola, Sandra J ^a   Cereola, Ronald J ^a  

^a JAMES MADISON UNIVERSITY   (United States)

Author keywords

Cobit; Coso; Data security; Internal control framework; Internal controls

Indexed keywords

EID: 80052347520     PISSN: 07393172     EISSN: 15587983     Source Type: Journal    
DOI: 10.2308/iace-50031     Document Type: Article

References (16)

1. American Institute of Certified Public Accountants (AICPA). 2006. Understanding the Entity and Its Environment and Accessing the Risks of Material Misstatement. Statement on Auditing Standards (SAS) No. 109. New York, NY: AICPA.
2. American Institute of Certified Public Accountants (AICPA). 2009. The AICPA's 2009 top technology initiatives. Available at: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/TopTechnologyInitiatives/Top10TechnologiesArchive/Pages/2009TTI.aspx
3. CBS News. 2007. Hi-Tech Heist: How Hi-Tech Thieves Stole Millions of Customer Financial Records. Video available at: http://www.youtube.com/watch?v=MxG2J3bf1BQ
4. Committee of Sponsoring Organizations (COSO). 1992. Internal Control-Integrated Framework. New York, NY: AICPA.
5. Committee of Sponsoring Organizations (COSO). 2004. Enterprise Risk Management Framework. New York, NY: AICPA.
6. Commonwealth of Massachusetts. 2008. 201 CMR 17.00: Standards for the protection of personal information of residence of the commonwealth. Available at: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
7. Damianides, M. 2004. How does SOX change IT? The Journal of Corporate Accounting and Finance 15 (6): 35-41.
8. Foster, S. and C. Bolt-Lee. 2002. New competencies for accounting students. The CPA Journal 72 (1): 68-71.
9. Identity Theft Resource Center (ITRC). 2008. Security Breaches 2008. Available at: http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2008.shtml
10. Information Systems Audit and Control Association (ISACA). 2007. Control Objectives for Information and Related Technology. Available at: http://www.isaca.org
11. Information Technology Governance Institute (ITGI). 2006. IT control objectives for Sarbanes-Oxley: The role of IT in the design and implementation of internal control over financial reporting, second edition (September). Available at: http://www.isaca.org
12. Payment Card Industry (PCI) Security Standards Council. 2008. Payment Card Industry Data Security Standards (DSS), Version 1.2 (October 1). Available at: www.pcisecuritystandards.org
13. Public Company Accounting Oversight Board (PCAOB). 2007. An Audit of Internal Controls over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. Auditing Standard No. 5. Washington, D.C.: PCAOB.
14. Ridley, G., J. Young, and P. Carroll, 2004. COBIT and its utilization: A framework from the literature.Proceedings from the 37th Hawaii International Conference on System Sciences.
15. Securities and Exchange Commission. 2003. Final rule: Management's report on internal control over financial reporting and certification of disclosure in Exchange Act periodic reports. Available at: http://www.sec.gov/rules/final/33-8238.html
16. U.S. House of Representatives, 2002. The Sarbanes-Oxley Act of 2002. Public Law 107-204 [H.R. 3763]. Washington, D.C.: Government Printing Office. Available at: http://www.sec.gov/about/laws/soa2002.pdf