Cybersecurity risk management examination

The AICPA cybersecurity risk management examination one year later

More than a year ago, the American Institute of Certified Public Accountants (AICPA) released its cybersecurity attestation reporting framework.

The framework provides a blueprint that businesses can use to evaluate, report, and communicate the effectiveness of their cybersecurity risk management program to key stakeholders.

On its one-year anniversary, the framework is more relevant than ever. What are insights and lessons learned? Learn more.

Back to top

The value of visibility: Cybersecurity risk management examination

Stakeholders are calling for greater visibility into an organization’s cybersecurity risk management program.

In response, the AICPA has developed new guidance to better evaluate and report on an entity’s cybersecurity risk management program. This report discusses the AICPA's new cybersecurity risk management examination reporting framework. It also offers a readiness assessment approach to help organizations prepare.

Back to top

A proactive and pragmatic approach to cyber risk management

How to use the new AICPA cybersecurity attestation reporting framework

In this article, featured in Treasury & Risk magazine, Gaurav Kumar and Jeff Schaeffer from Deloitte & Touche LLP highlight the key elements of the AICPA cybersecurity attestation reporting framework, which is intended to help organizations evaluate and report on their cyber risk management programs.

Learn more about how a cyber-risk management examination engagement can help a company improve the transparency of its approach to cybersecurity.

Back to top

Cyber risk management oversight and reporting: Better standards and independent scrutiny for increased transparency

Whether it’s the relentless wave of breaches or the ongoing saga of cybercriminals targeting some of the world’s largest financial services firms, organizations are constantly trying to defend and safeguard against the next cyberattack. Reuters Solutions recently conducted an interview with two Deloitte Risk and Financial Advisory professionals, Gaurav Kumar and Jeff Schaeffer from Deloitte & Touche LLP, to better understand how the cybersecurity reporting landscape is evolving with the introduction of the AICPA cybersecurity attestation reporting framework.

Learn how the voluntary AICPA cybersecurity attestation reporting framework can benefit your organization’s cyber risk management efforts—and what you can do now to prepare.

Back to top

Raising the bar for cyber risk management oversight and reporting

In this article, featured in both the National Association of Corporate Directors (NACD) Directorship Magazine and Risk & Compliance Journal from the Wall Street Journal, Sandy Herrygers, partner, Deloitte & Touche LLP, and Gaurav Kumar, principal, Deloitte & Touche LLP, discuss:

• The evolving cyber threat landscape.
• The role of boards in providing cyber risk oversight.
• AICPA cybersecurity examination engagement guidance to address expectations of greater stakeholder transparency and assurance in cyber risk reporting.
  

Read more to learn ways organizations can begin to prepare for a future cybersecurity examination engagement.

Back to top

The flip side: Cyber risk management oversight and reporting

It’s not a matter of if, but when, a cyberattack will occur. So when faced with the inevitable, how can your organization implement a sound cyber risk management program? And how can you demonstrate the effectiveness of that program to your stakeholders? Taking a proactive approach establishes a strong foundation for addressing cyber risk, enabling the organization to achieve greater operational efficiencies and also add value—helping your stakeholders gain confidence and obtain reliable information to support informed decision making, creating brand differentiation, and enhancing your reputation.

Learn more about the flip side of cyber risk management oversight and reporting and proactive steps to protecting and advancing your brand.​

Back to top

Survey results on cyber risk management oversight and reporting

During a recent Dbriefs webcast, Deloitte surveyed over 3,400 professionals to gain insights into their views on cyber risk management oversight and reporting. Learn more about what they had to say.

Back to top