Heartland Payment Systems: Cybersecurity Impact on Audits and Financial Statement Contingencies

 During the fiscal year 2008 financial reporting process, Heartland Payment Systems, Inc. experienced a breach of its operational data by international hackers and a U.S. Secret Service informant who returned to his criminal life as a hacker. As a result, Heartland's management assessed the data breach to determine both the immediate accounting and long-term operational impacts on the viability of the company. Similarly, Heartland's external auditors independently assessed the data breach for their audit of the company's financials. Using this case, students will apply their professional research skills through identifying appropriate accounting and auditing guidance, and use critical-thinking skills to evaluate the decisions made by the company, external auditors, and shareholders. Students will also evaluate the ethical implications of difficult judgmental decisions facing professional accountants by scrutinizing the activities of both financial statement preparers and auditors in the emerging area of cybersecurity.

2. Is the announcement of the data breach a recognized subsequent event? Based on your answer, what are management's and the auditor's responsibilities, respectively, for understanding the data breach? Cite the relevant authoritative accounting and auditing literature in your response.
4. Do you believe that the data breach provides evidence of a significant deficiency in the company's internal controls over effectiveness of operations (e.g., business process controls in the revenue cycle)? What additional evidence beyond the company inquiries would you gather to support your answer? Use the information provided with this case, the COSO Framework, and the relevant PCAOB auditing standards in your response.