The Center for Audit Quality has released a tool to help members of the boards of public companies oversee cybersecurity risk management in their organization.
The publication,
Along with questions, the document includes cybersecurity-related resources from the CAQ, the American Institute of CPAs, the National Association of Corporate Directors, and other organizations.
“Boards of directors face an enormous challenge in overseeing how their companies manage cybersecurity risk,” said CAQ executive director Cindy Fornelli in a statement. “Our tool can help foster dialogue that is crucial to addressing cybersecurity challenges and to establishing a clear understanding of cybersecurity roles and responsibilities. As boards tackle this oversight challenge, they have a valuable resource in CPAs and in the public company auditing profession. CPAs bring deep expertise in providing independent assurance services and have assisted companies with information security for decades.”
The publication points out that CPA firms have played a role in assisting companies with information security for decades, and four of the leading 13 information security and cybersecurity consultants are public accounting firms. This publication isn’t intended to provide an all-inclusive list of questions or to be seen as a checklist. Instead it offers examples of the types of questions board members might ask of management and the company’s auditors.
