Chapter 2
Accepting and Planning a Cybersecurity Risk Management Examination
Introduction
2.01 Prior to accepting a cybersecurity risk management examination, AT-C section 105, Concepts Common to All Attestation Engagements (AICPA, Professional Standards), requires the practitioner to determine that certain preconditions are met. Among other things, those preconditions require the practitioner to determine whether the engagement team meets the ethical and competency requirements set forth in the professional standards and whether the engagement meets the relevant requirements of the attestation standards. Prior to engagement acceptance, a practitioner is also required to establish an understanding with management about its responsibilities and those of the practitioner in the cybersecurity risk management examination.
2.02 Once an engagement has been accepted, AT-C section 205, Examination ...
Get Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.