• Daniel Goelzer

The CAQ on Auditors and Cybersecurity Disclosure

The Center for Audi Quality has released The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future. The CAQ provides an overview of the SEC’s requirements regarding cybersecurity risks and of the types of disclosures that companies have made concerning cybersecurity, both in response to those requirements and voluntarily. The publication also focuses on the role that cybersecurity risk plays in the financial statement audit and how auditors are addressing cybersecurity risks. The CAQ outlines additional advisory or attestation services that auditors could provide (subject to the independence requirements) to “bring discipline to management’s voluntary cybersecurity disclosures and to the organization’s cybersecurity risk management program.” The final section of the paper lists considerations and key questions the board may want to consider when it engages in discussion regarding cybersecurity information with management and the auditor. While not aimed specifically at audit committees, the CAQ’s publication is useful background on cybersecurity oversight.

6 views0 comments

Recent Posts

See All

Climate Change is Rapidly Becoming an SEC Priority

The SEC is signaling that disclosure concerning climate change, and ESG issues broadly, will be a priority in 2021. New SEC Chair Gary Gensler was sworn in on April 17. At his confirmation hearings, h

CAQ Provides Guidance on Auditor ESG Assurance

In July 2020, the Center for Audit Quality (CAQ) released a web-based report outlining the evolving role of auditors in ESG reporting. See The Role of Auditors in Company-Prepared ESG Information: Pre