Given the immense scale and complexity of the cybersecurity challenge, every sector of the economy, public and private, has a measure of responsibility for promoting cybersecurity resilience. In response to the challenges posed by cybersecurity threats, the AICPA is developing a new engagement that CPAs can perform to assist stakeholders as they evaluate and oversee the effectiveness of their organization’s cybersecurity risk management programs. To advance the discussion about the engagement, the AICPA Assurance Services Executive Committee (ASEC) is exposing for public comment two sets of cybersecurity-related Criteria. The CAQ has prepared this document, Help Shape the AICPA’s Cybersecurity Risk Management Initiative, to (1) provide stakeholders with a summary of how the Criteria could be used by CPAs in a future cybersecurity attestation engagement and (2) to encourage stakeholders to provide their input to the AICPA.
September 20, 2016