×

Publications

Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide

Publisher: AICPA
  • $79.00-$99.00
    Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide Vendor Product Product #: AAGCYB17P
    AICPA Member: $79.00
    Non-Member: $99.00
  • $69.00-$89.00
    Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide eBook Download Product #: AAGCYB17E
    AICPA Member: $69.00
    Non-Member: $89.00
  • $69.00-$89.00
    Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide Online Access Product #: AAGCYBO
    AICPA Member: $69.00
    Non-Member: $89.00

This April, the AICPA released a cybersecurity risk management reporting framework that enables all organizations—in all industries across the world—to take a dynamic, proactive and agile approach to cybersecurity risk management.

This new authoritative guide delivers information on how to implement this framework. It provides CPAs with guidance on how to perform and report on an examination of an organization’s enterprise-wide cybersecurity risk management program for organizations seeking a CPA’s opinion. The guide includes two distinct but complementary sets of criteria that may be used in the examination:

  • Description criteria: Organizations may use this to prepare a description of its cybersecurity risk management program to provide users with information about the processes and controls they have implemented to mitigate cybersecurity risks. The description criteria provides a consistent way for companies to efficiently communicate with stakeholders about the extent and effectiveness of the cybersecurity risk management controls they have in place. CPAs may use these same criteria to evaluate management’s description.
  • Control criteria: Organizations may use the 2017 Trust Services Criteria as control criteria, which is used to evaluate the effectiveness of a company’s cybersecurity controls. CPAs may also use this criteria to evaluate the effectiveness of the controls within a client’s program in the cybersecurity examination or when providing cybersecurity advisory services.

The cybersecurity risk management examination is part of the AICPA’s suite of System and Organization Controls—or SOC—service offerings.

Key Features

  • Interpretive guidance on performing and reporting on the new cybersecurity risk management examination
  • Includes the new description criteria issued in April 2017 by ASEC, which may be used to evaluate the description of the entity’s cybersecurity risk management program
  • Includes the new 2017 trust services criteria issued in April 2017 by ASEC, which may be used to evaluate the effectiveness of controls
  • Contains illustrative cybersecurity risk management reports, which include an illustrative description of an example organization’s cybersecurity risk management program and an illustrative practitioner’s report

Who Will Benefit?

CPAs who wish to provide new services (from readiness engagements performed under the consulting standards to the new cybersecurity risk management examination) to clients in connection with clients’ cybersecurity efforts.

Information about the eBook option

If purchasing this title as an eBook, please note that it is intended for a single user. An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date. Download the file before this time elapses. Before downloading your eBook, you must:

  • Download and activate Adobe Digital Editions® - a free program for accessing eBooks
  • Return to the AICPA Store and go to My Account > My Downloads
  • Click the eBook title to download and open automatically in Adobe Digital Editions

Note: To access your eBook on a smartphone, tablet or other reading device, see our FAQ. This product is refundable within 10 days of your purchase date. For more information about this product or service concerns, please contact the AICPA Store Service Center at service@hq.cpa.com or call 888-777-7077.

About the Publisher

AICPA

About the AICPA The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.

Product Reviews