Sizing up risk management: Accountants issue guide for cyber audits
The largest professional organizations for qualified accountants issued guidance to its members this week about how to audit management claims about a company’s cybersecurity. The new guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, is part of the voluntary cybersecurity risk management reporting framework the American Institute of Certified Professional Accountants is producing this year. “Our intent is to establish a common, underlying language for cybersecurity risk management reporting — almost akin to U.S. [Generally Accepted Accounting Principles or] GAAP … for financial reporting,” AICPA says in a factsheet about its framework. Two other elements were published last month: Description criteria – A list of categories of information that management have to provide about their cybersecurity risk management program, in a consistent manner. Control criteria – The measures a CPA should use “to evaluate and report on the effectiveness of the controls within a client’s [cybersecurity] program.” Alongside the two sets of criteria, the […]
The post Sizing up risk management: Accountants issue guide for cyber audits appeared first on Cyberscoop.
Continue reading Sizing up risk management: Accountants issue guide for cyber audits