After a few years as an internal auditor, you decide to go back to consulting.
Luckily, you’re hired as a cyber accountant by Sweeting International Consulting,
Inc. Your boss, a former Naval officer, tasked you with assessing a hacking
attack and data breach that occurred at Target, Inc. The attack occurred in the
fourth quarter of 2013 and it is disclosed in the 2014 annual report.
After retrieving Target’s 2014 annual report, you plan to review the interrelationships between the domains of accounting systems, information security
and cybersecurity. Your boss (professor) instructs you to pay particular attention
to the March 13, 2015 Report of Management and the Audit Report prepared by
EY (formerly Ernst & Young), which was the Independent registered public
accounting firm that performed the 2014 audit of Target, Inc.
Given your previous experience as an internal auditor, you’re feeling pretty
confident in your knowledge of auditing and internal auditing standards.
Nonetheless, your boss reminds you of auditing concepts relevant to this case.
You listen intently and take notes as he describes what to look for in order to
prepare the report he requested. At the end of the discussion, you review the
notes you took while he was talking:
Confirm the names and titles of those who signed the Management
Representation Letter
Review what the signers of the Annual Report said about the:
o data breach,
o adequacy of internal controls, and the
o impact on shareholders’ investments and earnings.
Determine whether EY provided a basis for their audit opinion and
whether you agree or disagree with their audit opinion.
o Like all other audits, the EY Audit report will include an audit
opinion. The opinion states whether the company’s financial
statements present its financial position, results of operations, and
cash flows in accordance with U.S. GAAP.
o Auditors may issue (only) the following four