This illustration is nonauthoritative and is included for informational purposes only.
Independent Accountant’s Report
To Management of ABC Entity:
We have examined the accompanying description of ABC Entity’s cybersecurity risk management program titled [insert title of management’s description] as of [date] (description) based on the description criteria noted below. We have also examined the suitability of the design of controls implemented within that program to achieve the entity’s cybersecurity objectives based on the control criteria noted below.
The criteria used to evaluate the description are [name of the description criteria, e.g., AICPA Description Criteria for Management’s Description of an Entity’s Cybersecurity Risk Management Program] (description criteria); the criteria used to evaluate the suitability of the design of the controls implemented within the entity’s cybersecurity risk management program to achieve the entity’s cybersecurity objectives are [name of the control criteria, e.g., the criteria for security, availability, and confidentiality set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA ...