...
Audit and Accounting Guides & Audit Risk Alerts AICPA Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls
You must log in to view this content and have a subscription package that includes this content.
Required subscriptions
- US GAAP
View all / combine content
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a Cybersecurity Risk Management ExaminationChapter 3 — Performing the Cybersecurity Risk Management ExaminationChapter 4 — Forming the Opinion and Preparing the Practitioner’s ReportAppendix A — Information for Entity ManagementAppendix B — Illustrative Comparison of the Cybersecurity Risk Management Examination with a SOC 2 Examination and Related ReportsAppendix C — Description Criteria for Use in the Cybersecurity Risk Management ExaminationAppendix D — Trust Services Criteria for Security, Availability, and Confidentiality for Use as Control Criteria in the Cybersecurity Risk Management ExaminationAppendix E — Illustrative Management Assertion in the Cybersecurity Risk Management ExaminationAppendix F-1 — Illustrative Accountant’s Report in the Cybersecurity Risk Management ExaminationAppendix F-2 — Illustrative Accountant’s Report in a Cybersecurity Risk Management Examination that Addresses Only the Suitability of the Design of Controls Implemented Within the Entity’s Cybersecurity Risk Management Program (Design-Only Report) as of a Point in TimeAppendix G — Illustrative Cybersecurity Risk Management ReportAppendix H — DefinitionsAppendix I — Overview of Statements on Quality Control StandardsIndex of Pronouncements and Other Technical GuidanceSubject Index
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a Cybersecurity Risk Management ExaminationChapter 3 — Performing the Cybersecurity Risk Management ExaminationChapter 4 — Forming the Opinion and Preparing the Practitioner’s ReportAppendix A — Information for Entity ManagementAppendix B — Illustrative Comparison of the Cybersecurity Risk Management Examination with a SOC 2 Examination and Related ReportsAppendix C — Description Criteria for Use in the Cybersecurity Risk Management ExaminationAppendix D — Trust Services Criteria for Security, Availability, and Confidentiality for Use as Control Criteria in the Cybersecurity Risk Management ExaminationAppendix E — Illustrative Management Assertion in the Cybersecurity Risk Management ExaminationAppendix F-1 — Illustrative Accountant’s Report in the Cybersecurity Risk Management ExaminationAppendix F-2 — Illustrative Accountant’s Report in a Cybersecurity Risk Management Examination that Addresses Only the Suitability of the Design of Controls Implemented Within the Entity’s Cybersecurity Risk Management Program (Design-Only Report) as of a Point in TimeAppendix G — Illustrative Cybersecurity Risk Management ReportAppendix H — DefinitionsAppendix I — Overview of Statements on Quality Control StandardsIndex of Pronouncements and Other Technical GuidanceSubject Index