The Center for Audit Quality (“CAQ”) has developed a new tool to help board members oversee enterprise-wide cybersecurity risk management. Cybersecurity Risk Management Oversight: A Tool for Board Members lists questions board members can ask meeting with management and CPA firms about cybersecurity risks and disclosures. Such questions are divided into the following areas:

1. Understanding how the financial statement auditor considers cybersecurity risk.
2. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures.
3. Understanding management’s approach to cybersecurity risk management.
4. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management.

The tool also collects cybersecurity-related resources from organizations like the CAQ, the American Institute of Certified Public Accountants, and the National Association of Corporate Directors.