Report on the implications of a data breach to an organization

This is an assignment that focuses on a report on the implications of a data breach to an organization. There is also an outline to the format of writing the report below.

Report on the implications of a data breach to an organization

Task
Many organisations have recently suffered from data breaches that resulted in exposure of confidential customer data. A breach of such sensitive data hurts the organisation’s reputation and also causes significant financial losses.
In this assignment, you will write a report on a data breach that took place no more than 5 years ago. Your report should reference articles on the data breach incident in addition to other reliable sources.
Your role is an  IS auditor.  Therefore, your report should   highlight the main risks that should be addressed by the management of the organisation and the controls that would have mitigated the risks.
The report should include the following:

1) Executive Summary You will need to prepare an executive summary document (0.5-page maximum) to the Board of Directors.
2) Background to the Case Provide the background to the organisation’s business and technology environment. This is to demonstrate your understanding of the organisation’s business and IS environment.
3) Problem Identification Identify how the breach occurred, the stakeholders and also the impact to the organisation
4) Audit Approach and Potential Solution This section explains the role of the auditor in auditing the data breach.    It contains the following subsections:

Report on the implications of a data breach to an organization

I. IS Risks Identify IS risks from the data breach in the case study, including analysing the likelihood, level of risks and also implications to the business.
II. Audit Plan, Objectives and Procedures
ACCG3058 INFORMATION SYSTEMS AUDIT AND ASSURANCE Department of Accounting and Corporate Governance
Prepared by Dr. Savanid Vatanasakdakul for ACCG358 Adapted by Dr. Bazara Barry 2
Prepare an audit plan outlining the areas that you propose to audit. In addition, you will need to include audit objectives and audit procedures for each of the area(s) that you plan to audit.

III. Audit Questions and Documents For each of the audit objectives, provide at least three examples of interview questions that you will use to gather evidence from the organisation, including naming relevant documents that you may want to obtain for the audit.
IV. Control Recommendations Provide a set of recommendations of control mechanism(s) to mitigate for each of the IS risks. Identify the benefits of your recommendations to the organisation.
5) Conclusion Summarise main points in the report and provide a synthesis of the key findings. Furthermore, add your reflection on whether the recommended controls could have avoided the data breach