New model created for cybersecurity risk management

The AICPA framework enables organizations to communicate and creates a new engagement for CPAs to report.

A new framework for cybersecurity risk management reporting unveiled by the AICPA can help businesses meet a growing challenge, and creates a new engagement for CPAs to examine and report on clients' cybersecurity controls.

Cybersecurity has emerged as one of the most worrisome areas of risk management for organizations throughout the world. More than two-thirds (68%) of CGMA designation holders said in a 2015 survey that their company is moderately or significantly concerned with the threat of cyberattacks.

The AICPA's framework is voluntary and designed to enable all organizations to communicate about the effectiveness of their cybersecurity risk management programs and to communicate effectively about cybersecurity activities. Three resources that support reporting under the framework are available at aicpa.org:

  • Description criteria that management can use to explain an organization's cybersecurity risk management program in a consistent manner. CPAs can use these criteria to report on management's description of its cybersecurity risk program.
  • Control criteria that CPAs providing advisory or attestation services can use to evaluate and report on the effectiveness of the controls within a client's program.
  • An attest guide, Reporting on an Entity's Cybersecurity Risk Management Program and Controls, which will assist CPAs who are engaged to examine and report on an entity's cybersecurity risk management program.

The engagement for reporting on a cybersecurity risk management program and controls grew out of an emerging need identified by the AICPA Assurance Services Executive Committee. Using the framework, CPAs can provide cybersecurity-related assurance services while applying their experience in auditing information technology controls.

SPONSORED REPORT

Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.

100th ANNIVERSARY

Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.