. https://www.complianceweek.com/blogs/accounting-auditing-update/caq-stumps-for-auditor-role-in-cyber-security-exams#.WGtFelV97IV


Public company auditors are starting to suggest companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. In a chapter of a 236-page paper by the Internet Security Alliance prepared for its recent conference, the Center for Audit Quality says the American Institute of Certified Public Accountants is developing a new process for examining and reporting on a company’s cyber-security risk management. It contemplates an independent cyber-security report being produced by either a company’s current external auditor or another audit firm. Much the way financial statements and the related audit convey the financial state of a company, a cyber-security report would give users information on the state of a company’s cyber risk management program. It would describe the entity’s risk management program, providing management’s assertion about whether it is fairly presented and whether the controls are suitably designed and operating effectively. The report also would include an audit opinion on the fairness of management’s presentation and the suitability and operating effectiveness of controls. TAMMY WHITEHOUSE READ MORE