Cases in Cybersecurity

In this cybersecurity-focused case, students take on the role of external auditors assessing password management controls at Liberty Data Systems, a public company. Students will examine password policies and assess internal controls related to information technology general controls (ITGCs) with an emphasis on access control mechanisms, specifically password management. This case explores the impacts of cyber risk and cybersecurity events—such as data breaches, malware, and social engineering—on financial statement integrity. Through hands-on exercises with tools like Alteryx or Python, students will identify vulnerabilities in password policies, test the strength of access controls, and evaluate their effects on audit risk. This practical application reinforces students' knowledge of cybersecurity controls in an audit context, emphasizing the importance of robust ITGCs in safeguarding financial reporting accuracy.

Why is this important?

As cyber threats continue to evolve, auditors must be prepared to address cybersecurity risks that impact financial statement integrity and organizational trust. Password management is a critical component of cybersecurity and ITGCs, protecting organizations from unauthorized access, data breaches, and fraud. This case introduces students to the audit implications of cybersecurity controls, equipping them with practical skills in identifying weaknesses and ensuring effective cybersecurity policies. Through the lens of Liberty Data Systems, students will build competencies in data analytics, compliance assessment, and cyber risk evaluation—key skills for modern auditors navigating increasingly digital environments. This experience highlights the auditor’s role in promoting organizational resilience against cyber risks, strengthening students’ capacity to evaluate and support secure financial reporting.

Materials:

Case: Liberty Data Systems Case
Slides: will be available for download by the beginning of class in either powerpoint or pdf formats.
Data: A data update may be required for this class. To ensure your files are the most up-to-date, navigate to ACCTG521_Labs folder and run the command git pull.
Analytics Tools: Alteryx including RegEx
Analytics Tools: Python (optional)

Review and Extension:

In prior classes, we examined traditional audit and control testing practices, establishing foundational skills in evaluating transaction accuracy and assessing internal controls. In this module, we transition into the critical and rapidly evolving area of cybersecurity, beginning with password management as a component of IT general controls. By assessing cybersecurity risks at Liberty Data Systems, students apply audit skills to identify vulnerabilities in password protocols, explore the financial implications of cyber risks, and understand the impact of compromised controls on audit risk. This class is part of a broader exploration of the auditor’s role in cybersecurity, moving beyond foundational controls to address emerging cyber threats, regulatory requirements, and data protection standards. As we progress, future classes will introduce additional cybersecurity topics, each designed to enhance students’ ability to safeguard data integrity and support compliance in the digital age. This series ultimately prepares students to address the unique challenges posed by today’s cybersecurity landscape, developing a forward-thinking approach to audit practices that align with the growing demands of cybersecurity and data protection in modern financial environments.

Preparation:

1. The case can be read in advance of class for background to complete this case

Class Plan:

Teams: during this class, please sit in your discussion teams.

1. TBD