With CPAs uniquely positioned to assist organizations in cybersecurity concerns, as publicly acknowledged by the U.S. Securities and Exchange Commission, the American Institute of CPAs announced a multifaceted action plan against cyber crime.
Calling cyber crime a “complex and difficult problem, and there is no one solution,” AICPA president and CEO Barry Melancon
The AICPA has observed explosive growth in the demand for cybersecurity-related services building on the foundation for Service Organization Control.
The AICPA’s action plan includes:
- Developing timely tools and education for CPAs to address risk in a number of areas.
- Working to help CPAs address cybersecurity concerns through services in advisory, assurance, tax and management accounting.
- Looking at how the profession can address cybersecurity as an extension of the platform of services CPAs currently perform. The AICPA is developing new examination engagements for members in public practice specific to cybersecurity, focusing on an entity’s cybersecurity risk program and supply chain management for vendors and businesses to assess and manage risk.
- The advocacy team closely monitoring cyber-related legislative and regulatory developments in Washington so it can respond and keep members informed.
“We see numerous roles for CPAs in the battle against cyber crime,” Melancon continued. “Within their businesses, CPAs must present their own front line against cyber attacks, implementing controls that help protect data and prevent service disruptions. CPAs in business can use their knowledge of the organization to advise their employers on administering a cybersecurity risk management program and provide the best cyber solutions. CPAs in pubic practice, or public accounting, can assist their clients in an advisory capacity, as they grapple with cyber concerns and provide assurance when needed.”
Melancon’s full statement on the AICPA’s work against cyber crime can be found in this