...
Audit and Accounting Guides & Audit Risk Alerts AICPA Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls
You must log in to view this content and have a subscription package that includes this content.
Required subscriptions
- US GAAP
View all / combine content
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a Cybersecurity Risk Management ExaminationChapter 3 — Performing the Cybersecurity Risk Management ExaminationChapter 4 — Forming the Opinion and Preparing the Practitioner’s ReportAppendix A — Information for Entity ManagementAppendix B — Comparison of SOC for Cybersecurity, SOC 2®, and SOC for Supply Chain Examinations and Related ReportsAppendix C — Illustrative Management Assertion in the Cybersecurity Risk Management ExaminationAppendix D-1 — Illustrative Accountant’s Report in the Cybersecurity Risk Management ExaminationAppendix D-2 — Illustrative Accountant’s Report in a Cybersecurity Risk Management Examination that Addresses Only the Suitability of the Design of Controls Implemented Within the Entity’s Cybersecurity Risk Management Program (Design-Only Report) as of a Point in TimeAppendix E — Illustrative Cybersecurity Risk Management ReportAppendix F — GlossaryAppendix G — Overview of Statements on Quality Management StandardsAppendix H — Schedule of Changes Made to the Text From the Previous Edition
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a Cybersecurity Risk Management ExaminationChapter 3 — Performing the Cybersecurity Risk Management ExaminationChapter 4 — Forming the Opinion and Preparing the Practitioner’s ReportAppendix A — Information for Entity ManagementAppendix B — Comparison of SOC for Cybersecurity, SOC 2®, and SOC for Supply Chain Examinations and Related ReportsAppendix C — Illustrative Management Assertion in the Cybersecurity Risk Management ExaminationAppendix D-1 — Illustrative Accountant’s Report in the Cybersecurity Risk Management ExaminationAppendix D-2 — Illustrative Accountant’s Report in a Cybersecurity Risk Management Examination that Addresses Only the Suitability of the Design of Controls Implemented Within the Entity’s Cybersecurity Risk Management Program (Design-Only Report) as of a Point in TimeAppendix E — Illustrative Cybersecurity Risk Management ReportAppendix F — GlossaryAppendix G — Overview of Statements on Quality Management StandardsAppendix H — Schedule of Changes Made to the Text From the Previous Edition