CAQ Tool Helps Boards Oversee Cybersecurity Risk Management of Public Companies

Tool provides key questions that board members can ask as they discuss cybersecurity risks, roles, and responsibilities with management and CPA firms.

Washington, DC – As regulators and investors scrutinize cybersecurity vulnerabilities and related disclosures by public companies, the Center for Audit Quality (CAQ) released a tool to assist board members in their oversight of enterprise-wide cybersecurity risk management.

“Boards of directors face an enormous challenge in overseeing how their companies manage cybersecurity risk,” said CAQ Executive Director Cindy Fornelli. “Our tool can help foster dialogue that is crucial to addressing cybersecurity challenges and to establishing a clear understanding of cybersecurity roles and responsibilities.”

This tool, Cybersecurity Risk Management Oversight: A Tool for Board Members, provides questions board members can use as they discuss cybersecurity risks and disclosures with management and CPA firms. The questions are grouped under four key areas:

I.    Understanding how the financial statement auditor considers cybersecurity risk.

II.   Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures

III.  Understanding management’s approach to cybersecurity risk management

IV.  Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management

In addition to its questions, the tool compiles cybersecurity-related resources from the CAQ, the American Institute of CPAs, the National Association of Corporate Directors, and others.

“As boards tackle this oversight challenge, they have a valuable resource in CPAs and in the public company auditing profession,” Fornelli said. “CPAs bring deep expertise in providing independent assurance services and have assisted companies with information security for decades.”

For more on the public company auditing profession’s cybersecurity efforts, consult the CAQ’s cybersecurity resource page, as well as its 2017 whitepaper, The CPA’s Role in Addressing Cybersecurity Risk.

# # #

About the CAQ

The Center for Audit Quality (CAQ) is an autonomous, nonpartisan public policy organization dedicated to enhancing investor confidence and public trust in the global capital markets. The CAQ fosters high quality performance by public company auditors, convenes and collaborates with other stakeholders to advance the discussion of critical issues requiring action and intervention, and advocates policies and standards that promote public company auditors’ objectivity, effectiveness, and responsiveness to dynamic market conditions. Based in Washington, DC, the CAQ is affiliated with the American Institute of CPAs. For more information, visit thecaq.org.