AICPA Releases Cybersecurity Reporting Framework Criteria

May 1, 2017

In support of its proposed cybersecurity reporting framework, the American Institute of Certified Public Accountants (“AICPA”) has issued the following criteria:

  • Description criteria for management’s description of an entity’s cybersecurity risk management program.
  • 2017 trust services criteria for security, availability, processing integrity, confidentiality, and privacy.

This month, the AICPA plans to publish a cybersecurity attestation guide to help CPAs report on cybersecurity examination engagements compliant with the AICPA attestation standards. Once the guide is published, the Center for Audit Quality will issue The CPA’s Role in Addressing Cybersecurity Risk: How the Auditing Profession Promotes Cybersecurity Resilience. The publication will offer views on current cybersecurity risks, as well as the auditors’ role in cybersecurity and how that role can eventually benefit senior management, boards of directors and other stakeholders.