O'Reilly logo

Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls by American Institute of Certified Public Accountants

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3

Performing the Cybersecurity Risk Management Examination

Responding to Assessed Risks and Obtaining Evidence

3.01 Paragraphs .20–.21 of AT-C section 205, Examination Engagements (AICPA, Professional Standards), require the practitioner to respond to the assessed risks when designing and performing examination procedures. Specifically, they require the practitioner to

  1. design and implement overall responses to address the assessed risks of material misstatement and

  2. design and perform further procedures whose nature, timing, and extent are based on, and responsive to, the assessed risks of material misstatement.

3.02 Paragraph .10 of AT-C section 105, Concepts Common to All Attestation Engagements (AIPCA, Professional Standards), defines a misstatement as follows:

A difference between the measurement or evaluation of the subject matter by the responsible party and the proper measurement or evaluation of the subject matter based on the criteria. Misstatements can be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required