How board members can perform oversight of cybersecurity risks

A new CAQ tool addresses the topic.

With organizations' technology and systems under constant attack from hackers, cybersecurity oversight has become an increasingly important responsibility for board members.

New laws and regulations for managing and reporting on data security and cybersecurity risks create additional challenges for companies as they work to stay on top of the latest security trends and keep their systems and data safe.

A new tool from the Center for Audit Quality, which is affiliated with the AICPA, provides board members with questions they can use in discussions with management and CPA firms about cybersecurity risks and disclosures.

The questions are related to:

  • Understanding how the financial statement auditor considers cybersecurity risk. Questions board members can ask include: How are cybersecurity risks that auditors identify addressed in the audit process? What impact would a cybersecurity breach have on the auditor's assessment of internal control over financial reporting?
  • Understanding the role of management and the responsibilities of the financial statement auditor related to cybersecurity disclosures. Board members' questions may include the following: How has management considered cybersecurity risks in its ability to report on information required in SEC filings? What does the auditor consider related to cybersecurity disclosures?
  • Understanding management's approach to cybersecurity risk management. Among the questions board members can ask: What framework does management use in designing its cybersecurity risk management program? What processes are in place to periodically evaluate the cybersecurity risk program and controls?
  • Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. Board members' questions may include the following: What additional offerings can CPA firms provide related to cybersecurity, since the financial statement auditor's focus is on IT risks that affect financial reporting?

SPONSORED REPORT

Tax reform complicates year-end tax planning

Get your clients ready for tax season with these year-end tax planning strategies, which address how to make the most of recent tax law changes, such as the new deduction for qualified business income and the cap on the deductibility of state and local taxes.

VIDEO

What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.