Video: Using COSO Frameworks to Assess Cyber Risks and Controls

In this lesson, Nick Palazzolo, CPA, dives into the application of COSO and ERM frameworks for mitigating cyber risks and establishing robust cybersecurity controls. Emphasizing the importance of a strong control environment, he walks through each component of the frameworks, including risk assessment, control activities, information and communication, and monitoring activities. Nick stresses the need to regularly update and prioritize cyber risk assessments to protect organizational objectives and suggests continuous monitoring and adjustment of cybersecurity measures to ensure they remain effective. He seamlessly integrates these concepts into broader enterprise risk management strategies, demonstrating how cyber risks align with and impact other strategic, operational, and financial risks within an organization.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

All right, we're doing it again, I know. For seemingly every lesson, we bring in the COSO frameworks as it relates to whatever various topic that we're on. Today we're on mitigation, so we're going to talk about the COSO framework and the ERM framework, talking about how you can use them to mitigate cyber risks and controls, and how they can be applied in a cybersecurity context. We keep talking about COSO, it's just what the AICPA wants you to know really well, so I'll cover it as much as we deem appropriate. First off, just a reminder, make sure you memorize the components of the framework, control environment, risk assessment, control activities, information and communication, and monitoring activities. That's just going to help you also for other exams as well, so make sure you just memorize that. Use mnemonics, use whatever you need to. Control environment, first for anything, whether this is physical, internal controls, controls over cash, controls over cybersecurity. You want to establish a strong control environment, tone at the top, clear ethical policies. We've seen this time and time again, commitment from leadership. You want to evaluate the effectiveness of the governance structure, so all of that at the top. Make sure that there is an actual commitment to doing the best job possible. Risk assessment, regularly assess risk and analyze cyber risks that could impact the organization's objectives, so make sure everything's up to date. Prioritize those risks. Again, we see this COSO process time and time again. Control activities, we want to make sure that we actually do have, so once we've assessed risk, we've implemented control activities that are continuing to prevent, detect, and correct. Examine the effectiveness and adequacy of them, and then we also want appropriate information and communication because,

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Security

Module: 3 Concepts, 30 Videos

Threats and Attacks - Overview

0:45

Introduction to Threats and Attacks

3:57

Threat Agents

9:08

Types of Attacks