The American Institute of CPAs has developed a guide titled “Reporting on an Entity’s Cybersecurity Risk Management Program and Controls” to help CPAs examine and report on client organizations’ cybersecurity risk management programs.
The guide aims to help CPAs provide a new assurance service to evaluate a client’s description of its cybersecurity risk management program. The resulting report is hoped to help clients demonstrate to their stakeholders that they have sound cybersecurity procedures and practices.
This new guide comes on the heels of the release of description and control criteria for cybersecurity programs released by the AICPA last month.
“At the AICPA, we saw the emerging market need several years ago,” AICPA executive vice president Susan S. Coffey, CPA, CGMA said in a blog post. “We recognized that there hasn’t been a consistent, common language for describing and reporting on the cybersecurity risk management programs organizations put in place. This lack of transparency makes it difficult for stakeholders to determine whether an organization’s cybersecurity risk management plan effectively addresses potential threats … [This] framework is designed to meet the information needs of a broad range of third-party users. It provides organizations with a common language to use when evaluating and reporting on their cybersecurity efforts, and gives them a level of comfort that they’ve adequately considered best practices when designing, implementing and operating their programs.”
The guidelines were assembled by AIPCA’s Auditing Standards Board and Assurance Services Executive Committee. For more information, click here.
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access