O'Reilly logo

Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls by American Institute of Certified Public Accountants

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix A

Information for Entity Management

Introduction

In response to requests for information about the effectiveness of an entity’s cybersecurity risk management program, the AICPA has developed the cybersecurity risk management examination. In conjunction with that examination, the AICPA has also developed description criteria for use when preparing and evaluating the description of the entity’s cybersecurity risk management program and control criteria for use when evaluating the effectiveness of controls within the entity’s cybersecurity risk management program.

Overview of the AICPA Cybersecurity Risk Management Examination

A CPA (referred to as a practitioner in an attestation engagement) performs and reports in the cybersecurity risk management examination in accordance with the Statements on Standards for Attestation Engagements, commonly known as the attestation standards. Under those standards, an attestation engagement is predicated on the concept that a party other than the practitioner (that is, the responsible party) makes an assertion ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required