United States

Cybersecurity risk management oversight tool


On April 12, the Center for Audit Quality issued Cybersecurity Risk Management Oversight: A Tool for Board Members, which provides questions board members can consider as they discuss cybersecurity risks and disclosures with management and CPA firms. The questions are designed to help establish a clear understanding of:

  • How the auditor considers cybersecurity risk
  • The role of management and the auditor related to cybersecurity disclosures
  • Management’s approach to cybersecurity risk management
  • How CPA firms can assist boards in their oversight of cybersecurity risk management

The tool also includes an appendix listing additional helpful resources related to cybersecurity. In addition, we specifically discuss the audit committee’s role in cybersecurity matters in our November 2017 publication, The real cost of a data breach: Insights for audit committees.