Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The value of visibility: Cybersecurity risk management examination

White Paper, May 12, 2017

Download now

In order to provide great material to you for free our sponsors ask we pass on your details. By downloading this white paper you consent to your details being shared with the sponsor and a free Compliance Week account being created for you.

Cyberattacks are inevitable. In fact, it’s no longer a question of “if” a breach will occur but “when.” And stakeholders—including boards, regulators, investors, analysts, business partners, and customers—expect greater visibility into an organization’s cybersecurity risk management program. Taking a cursory look at what your organization is doing today to guard against cyberattacks is no longer enough to prove the readiness of your cybersecurity risk management program and the effectiveness of related controls.

Yet until recently, there’s been no single approach for providing internal and external stakeholders with the level of transparency and uniformity needed—one that goes beyond the types of reports and mechanisms currently available—in order to gain visibility into an organization’s cybersecurity risk management practices to make more informed decisions.

In response, the American Institute of Certified Public Accountants (AICPA) has developed a new attestation reporting framework that focuses on evaluating and reporting on an entity’s cybersecurity risk management program. The new AICPA cybersecurity risk management examination reporting framework is intended to expand reporting to address stakeholder expectations for greater transparency, providing in-depth information about what a company is doing to address cyber risks and threats and improve the overall effectiveness of their cybersecurity risk management program.

A cybersecurity risk management examination may offer a number of potential benefits, such as:

  • Greater stakeholder transparency into the effectiveness of an organization’s cybersecurity risk management program
  • Independent and objective reporting, providing a higher degree of assurance to key stakeholders
  • Greater economic value for users of the report, as obtaining more and higher quality information about an organization’s cyber risk management program can drive better informed and strategic decisions
  • Strategic competitive advantage and enhancement of the organization’s brand and reputation in the marketplace
  • Operational efficiencies derived from a single reporting mechanism that addresses the information needs of a broad range of users

Learn more about the AICPA’s new cybersecurity risk management examination reporting framework as well as a readiness assessment approach to help organizations prepare.