IT Risks

1. Since the financial statement auditor’s focus is on IT risks that affect financial reporting, including disclosures and ICFR, what additional offerings can CPA firms with cybersecurity expertise provide to assist board members in executing their broader oversight responsibilities related to cybersecurity risks?

2. The AICPA recently issued a cybersecurity risk management reporting framework. How can this framework be used as a self-assessment tool to help management or the auditor (via a readiness engagement) identify opportunities for improvement in the company’s cybersecurity risk management program?

Don't use plagiarized sources. Get Your Custom Essay on
IT Risks
Just from $13/Page
Order Essay

3. How is the AICPA cybersecurity risk management reporting framework used by auditors as part of an attestation service to evaluate management’s description of its cybersecurity risk management program and to determine whether controls within the program were effective to achieve the company’s cybersecurity objectives?

4. What technical expertise do CPA firms possess that qualify them to perform a readiness engagement and/ or an examination to validate effectiveness of controls specific to a company’s cybersecurity risk management program?

5. The SOC for Cybersecurity examination (see sidebar on page 6) cannot prevent or detect a cybersecurity threat or breach. Accordingly, what is the goal of the cybersecurity examination?

6. What factors should be considered by the company and the CPA firm prior to engaging its financial statement CPAs are in a strong position to play an important role in informing the advancement of cybersecurity risk management practices.


and taste our undisputed quality.