As more and more companies suffer data breaches, scrutiny and legislative obligations increase for management and board members in their oversight roles regarding cybersecurity risk management. On April 12, 2018, the Center for Audit Quality (CAQ) released the publication, “Cybersecurity Risk Management Oversight: A Tool for Board Members,” to help guide board members in discussions of cybersecurity risks and to ensure organizations establish and maintain sound processes and controls for identifying and responding to breaches.
The CAQ identifies four main areas where boards can engage in cybersecurity discussions with management and their auditors. CAQ helps those charged with oversight to ask the right questions to gain a clearer understanding of:
- How the financial statement auditor views cybersecurity
- Management’s and the auditor’s role in cybersecurity disclosures
- Management’s approach to addressing cybersecurity risk
- How CPA firms can assist boards with cybersecurity oversight