The CPA's Role in Addressing Cybersecurity Risk outlines how the auditing profession can help companies and the capital markets address the growing challenges of cybersecurity. The paper explores the challenging cybersecurity landscape, one in which organizations face varying cyber-threats and impacts—all in an environment marked by rapid technological change. What’s more, various stakeholders increasingly must gather information and communicate among each other about cybersecurity. In addressing these and other cybersecurity challenges, the CPA profession brings a long history of strong values as well as decades of experience in auditing information technology controls and providing independent assessments in the areas of financial statements and internal control over financial reporting. As explored in the white paper, CPAs are able to provide new business services with the development of a new cybersecurity reporting framework from the American Institute of CPAs (AICPA). The AICPA's market-driven, flexible, and voluntary framework can provide the user with key pieces of information that, taken together, can greatly enhance confidence in cybersecurity information provided by management.
May 24, 2017