Section 10A Article, AICPA WP, Civil Proced Rules, Types of Cyber Attacks Flashcards
(17 cards)
Section 10 A Obligations
- Auditor Determine if an illegal act likely occurred and evaluate the potential financial statement effects
- Inform the appropriate management
- Notify the Audit committee, unles inconsequential
Reporting Reqs
* if act material and not properly addressed by management, report to board
* Board must notify SEC within 1 business day or auditor must resign or report directly to sec
Investigation process after illegal act is believed
- Initated when auditor flags concerns
- typically carried out by internal legal/ audit teams or external counsel and forensic accountants
- company defines scope, lead, and coordinates with auditors
- result in report recommending remedial actions
How to protect client/ work product priveleges
Do not willingly disclose priveleged info to the auditors
- oral communications best to limit written records
Rule 26 of Federal Rules of Civil Procedure
1. Initial disclosures: parties must exchange info about witnesses, documents, damage calc, and insurance agreements without waiting for a request
2. Expert Witnesses: Disclosure must include a full report with opinions data, qualification, compensation
3. Pretrial disclosures: Require names of witness, deposition details and intended exhibits 30 days before trial
4. Discovery scope: allows discovery of non privileged but relevant info - can be limited by court
5. Protective orders: to protect from undue burden or exposure of sensitive dat
6. Timing & plannin: Discovery may not begin before Rule 26(f) meeting Parties must prepare and submit a discovery plan
7. Duty to Supplement: Parties must correct incomplete or inaccurate disclosures as info avaliabl
8. Sanctions: incompleter or unsaction discover actions can lead to penalties
Effective Interview planning
1. Purpose: interviews aim to gather facts, detect fraud, and assess witness credibility
2. Interview vs interrogation: Interviews non coercive, while interrogations more congrontational and handled by law enforcement
3. Planning: Include legal councel, secure evidence ealy, pep clear interview plan
4. Effective interviewing: Be objective and fair, actively listen, begin withneutral witness, conduct interviews one on one
5. types of Question: Open ended narratives, closed for specifics, leading for confirmation, avoid double negatives
6. Detecting Deception: look for behavioral clues like inconsistent speech, body language, and deflective response
7. Geting an Admission: Build rapport first, use rationalization to elicit confession, confirm intent and voluntaries
8. Note taking is thorough and avoid interview bias
Whats Malware
Malicius software designed to damage or disrupt systems
Ex: viruses, worms, trojans, ransomeware, botnets, key logger
Denial of Service attack
Overwhelms systems, servers, or networks with traffic to exhaust recources and render unavailable to users
Phishing
Deceptive emails or messages to trick users into revealing sensitive info or installing mallware
Spoofing
Impersonation or devices, users, or website to gain unathorized access or spead malwayre
Identity based attacks
Exploitation of stolen or compromised credential to access systems and data
Code injection Atacks
Injection maliciuous codes into applications to manipulate or access data
Supply chain attacks
Compromise third party vendors to infiltrate target org
Social engineering attacks
manipulation of individual into divulging confidential info the phsycological tactics
Insider Threats
Malicious or negligent actions by employees or associates that compromise sec
DNS tunneling
Abuse of DNS protocol to exfiltrate data or communication channels from malware
AI Powered attacks
Use AI to automate or enhance cyber attacks - deep fakes and adaptive malware
Internet of things attack
Explotation of vulnerabilities in internet of things devise to gain unauthorize attack
