New CAQ Tool to Help with Cybersecurity Risk Management Oversight
The Center for Audit Quality (“CAQ”) has developed a new tool to help board members oversee enterprise-wide cybersecurity risk management. Cybersecurity Risk Management Oversight: A Tool for Board Members lists questions board members can ask meeting with management and CPA firms about cybersecurity risks and disclosures. Such questions are divided into the following areas:
- Understanding how the financial statement auditor considers cybersecurity risk.
- Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures.
- Understanding management’s approach to cybersecurity risk management.
- Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management.
The tool also collects cybersecurity-related resources from organizations like the CAQ, the American Institute of Certified Public Accountants, and the National Association of Corporate Directors.