This research identifies key areas of interest regarding IT risk management for accountants and CPAs in the field of auditing and those on an audit committee. It identifies IT risks which threaten the security of organizations. These include both internal and external threats. It explores the motivations and methods of cyber-attacks. It presents security challenges that are created by outsourcing IT to the cloud and key topics to consider before moving to the cloud. This research also examines IT risk management and IT governance using the COSO Internal Control Framework and COBIT 5 framework for the governance and management of enterprise IT. Using both COSO and COBIT 5 this research identifies internal control and data security procedures, and the key executives in management and on board committees responsible for the implementation and evaluation of these procedures. Finally, this research explores the legal environment surrounding a data security breach including legal liabilities and responsibilities, government regulations, litigation, and cyber security insurance.


IT risk management; IT governance

Document Type


Year of Completion



Rebecca Rosner

Academic Department

School of Professional Accountancy