Auditing firms have a key role to play in helping companies address cybersecurity risks, according to a new white paper from the Center for Audit Quality (CAQ), “The CPA's Role in Addressing Cybersecurity Risk."

The paper highlights the strengths of audit firms that make them particularly well suited to addressing cybersecurity concerns, specifically the core CPA value of independence, objectivity and skepticism, experience in providing independent evaluations, and multidisciplinary expertise.

The white paper also noted that with the new cybersecurity reporting framework from the American Institute of CPAs (AICPA), CPAs can provide new business services. The framework outlines how an accountant can use management’s description and evaluation of a company’s cybersecurity plan, as well as the CPA’s own opinion on those two factors to evaluate a company’s cybersecurity position.

“Cybersecurity challenges are stark, and they demand that every sector of the economy play a role,” said CAQ executive director Cindy Fornelli. “The public company auditing profession will do its part by leveraging its traditional strengths while innovating in ways that can greatly enhance confidence in cybersecurity information and practices.”

Included in “The CPA's Role in Addressing Cybersecurity Risk” are a perspective on this new AICPA framework, a set of FAQs aimed at senior management, boards of directors and other key capital markets stakeholders understand the framework's scope, how it is separate and apart from the financial statement and internal control over financial reporting audits, and the extent of related communications.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access