ACCT 620

ACCT 620: Cyber Accounting: Management and Compliance I. Title: Analysis of Corporate Policies: Internet Usage Policy, Computer Policy and Privacy Policy II. Introduction After working as a cyber accountant an international consulting firm for a few years, you resign to take a position in the internal audit department of a publicly traded company. To brush up on the basics of internal auditing, you decide to browse the Website of the Institute of Internal Auditors, North America where you find two documents to read. You decided to browse the Website of the Institute of Internal Auditors, North America. After browsing the site to get a feel for this professional organization, you, locate and read two documents:

1) 2017 standards of the International Standards for the Professional Practice of Internal Auditing (Standards), which can be found under Standards and Guidance and Mandatory Guidance, and

2) The Insight that Internal Brings to Cybersecurity in the IIA publication, Tone at the Top, June 2017, Issue 82.

At the end of your first week on the job, your supervisor came to your office and asked you to review three different corporate policies related to computer and internet security. The supervisor emphasized that it is important for you to learn the value of writing a policy statement and the importance of implementing policies in organizations from management’s viewpoint and also from the perspectives of employees, customers, and other stakeholders. All three policies you will be updating impact the company’s accounting and financial information systems and related financial reporting. These policies need to be analyzed to determine what they currently include and updated for currency. Specifically, your supervisor asked you to update the following three policies that are currently in place in your organization: Policy Reviews:

1. Acceptable use policy, 2. Internet use policy, and the 3. Privacy policy.

III. Steps to Completion

1. To get started, select any publicly-traded corporation, and locate its most recent annual report.

2. Rewrite any sections of the Acceptance Use Policy, Internet Use Policy, and Privacy Policies that you find unclear or that need updating to be current. Note: you may have to do a search of your chosen corporation’s website to find the above policies. This will take you some time, so please get started on this search, early enough. You may find all 3 policies; in many cases, you may find just one of these three policies for your chosen corporation, most likely the Privacy Policy. Use whatever policy (policies) you have can find for your chosen corporation to get started on this Project.

3. Download the NIST 800-53 and the SANS Technical Institute templates. Do a Google search to get the most recent templates.

4. As the basis for writing updates to the policies, use the templates provided by NIST 800-53 and the SANS Technical Institute to complete your recommendations for your supervisor.

5. For each of the three policies that you redrafted/updated/drafted from scratch, explain the generally accepted policy guidance provided by organizations such as NIST, AICPA and/or the ISO 27001 framework, and by what means, practically, in simple language that your supervisor can understand.

a. Note: The NIST, AICPA, and ISO frameworks have been vetted by panels of experts similar to the Financial Accountings Standards Board (FASB) issuance of Generally Accepted Accounting Principles (GAAP).

IV. Deliverables

1. One Word document written in APA Style format. a. In total, the document will be 8-10 pages using APA, double-

spaced, excluding the (a) cover page and the (b) Reference page. b. For each of the three policies, write your recommendation for

changes to each policy, excluding the cover sheet and reference list.

V. Helpful tips and hints

 If needed, review APA style formatting again to prepare for writing Project 2.

 Prepare a draft version of your report 10 days before it is due.  Ask a classmate, friend, or family member to read your report before

submitting it to the Graduate Writing Center.  Submit your draft to the Graduate Writing Center at least 1 week before

this project is due.

 Make edits to your report after reviewing feedback from the writing center tutors.

 Submit Project 2 on or before the due date.  Ask your supervisor (professor) questions as needed.

VI. Rubric

 Please use the rubric in your LEO classroom for Project 2.