Accepting and Planning a Cybersecurity Risk Management Examination
2.01 Prior to accepting a cybersecurity risk management examination, AT-C section 105, Concepts Common to All Attestation Engagements (AICPA, Professional Standards), requires the practitioner to determine that certain preconditions are met. Among other things, those preconditions require the practitioner to determine whether the engagement team meets the ethical and competency requirements set forth in the professional standards and whether the engagement meets the relevant requirements of the attestation standards. Prior to engagement acceptance, a practitioner is also required to establish an understanding with management about its responsibilities and those of the practitioner in the cybersecurity risk management examination.
2.02 Once an engagement has been accepted, AT-C section 205, Examination ...