AICPA Launches Effort to Improve Cybersecurity Risk Reporting

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Steven Marcy

The American Institute of CPAs has created a “risk-management reporting framework” intended to provide a common language for describing cybersecurity risks that companies confront and how they intend to overcome them.

The voluntary framework would help companies inform investors of efforts to guard against cybersecurity risks and the effectiveness of those efforts, AICPA said April 26.

Susan Coffey, AICPA’s executive vice president for public practice, said accountants can use the framework to report on the controls that management has over efforts to combat cybersecurity. Accountants could use the framework to report on the accuracy of management’s description of the controls and their effectiveness, she said.

The AICPA said the framework has three main areas:

  •  description criteria for how companies should consistently and efficiently communicate with investors the extent and effectiveness of their risk management efforts;
  •  control criteria for how CPAs should provide advisory or attestation services to evaluate the effectiveness of the controls within a client’s program; and
  •  a cybersecurity attestation guide that CPAs will follow in performing company-wide, cybersecurity risk management attestations.

“We believe investors, boards, audit committees and business partners will see tremendous value in gaining a better understanding of organizations’ cybersecurity risk management efforts,” Coffey said. “That information, combined with the CPA’s opinion on the effectiveness of management’s efforts, will increase stakeholders’ confidence in organizations’ due care and diligence in managing cybersecurity risk.”

To contact the reporter on this story: Steven Marcy in Washington at

To contact the editor responsible for this story: S. Ali Sartipzadeh at

For More Information

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Securities & Capital Markets on Bloomberg Law