New CAQ paper says CPAs are central to cybersecurity

Auditing firms have a key role to play in helping companies address cybersecurity risks, according to a new white paper from the Center for Audit Quality (CAQ), “The CPA's Role in Addressing Cybersecurity Risk."

The paper highlights the strengths of audit firms that make them particularly well suited to addressing cybersecurity concerns, specifically the core CPA value of independence, objectivity and skepticism, experience in providing independent evaluations, and multidisciplinary expertise.

The white paper also noted that with the new cybersecurity reporting framework from the American Institute of CPAs (AICPA), CPAs can provide new business services. The framework outlines how an accountant can use management’s description and evaluation of a company’s cybersecurity plan, as well as the CPA’s own opinion on those two factors to evaluate a company’s cybersecurity position.

“Cybersecurity challenges are stark, and they demand that every sector of the economy play a role,” said CAQ executive director Cindy Fornelli. “The public company auditing profession will do its part by leveraging its traditional strengths while innovating in ways that can greatly enhance confidence in cybersecurity information and practices.”

Included in “The CPA's Role in Addressing Cybersecurity Risk” are a perspective on this new AICPA framework, a set of FAQs aimed at senior management, boards of directors and other key capital markets stakeholders understand the framework's scope, how it is separate and apart from the financial statement and internal control over financial reporting audits, and the extent of related communications.