Analyzing the TJ Maxx Data Security Fiasco: Lessons for Auditors

Analyzing the TJ Maxx Data Security Fiasco: Lessons for Auditors

In January 2007, TJX Companies Inc (TJX), the parent company of retail chains such as TJ Maxx and Marshalls, issued a press release announcing that its computer systems had been breached and that customer information had been stolen. Investigations into the TJX case appear to indicate that the compa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The CPA journal (1975) 2008-08, Vol.78 (8), p.34
Hauptverfasser: Berg, Gary G, Freeman, Michelle S, Schneider, Kent N
Format: Artikel
Sprache:eng
Schlagworte:
Auditing standards
Auditors
Commercial law
Data encryption
Data integrity
Financial statements
Identity theft
Information systems
Internal controls
Liability
Network security
Personal information
Retail stores
Robbery
Security management
Software
Theft
Wireless networks
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In January 2007, TJX Companies Inc (TJX), the parent company of retail chains such as TJ Maxx and Marshalls, issued a press release announcing that its computer systems had been breached and that customer information had been stolen. Investigations into the TJX case appear to indicate that the company was not in compliance with the Payment Card Industry data security standards established in 2004 by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. At first, the TJX fiasco appears to offer an object lesson for retailers' IT departments, rather than auditors. With the advent of Statement on Auditing Standard (SAS) 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, internal control clearly extends beyond protecting one's own assets. Specifically, SAS 109 requires an understanding of: 1. the entity and its environment; 2. the entity's internal control environment; and 3. susceptibility of the entity's financial statements to material misstatement resulting from liabilities.
ISSN:0732-8435