In April 2018, the Center for Audit Quality (CAQ) released a document to help board directors fulfill their fiduciary duties regarding the oversight of cyber risks. Titled “Cybersecurity Risk Management Oversight: A Tool for Board Members,” this short, 10-page document consists of questions for boards members to ask top management and financial auditors to improve cyber risk management and increase overall engagement among business leaders.
Four Key Takeaways From the CAQ Guidance
The questions are organized into four main areas, including how auditors may or may not be considering cyber risks in their scope of work, the roles of management and auditors regarding cybersecurity disclosures, how business leaders approach their risk management responsibilities, and how CPA firms can help boards improve oversight of cyber risks. Let’s take a look at these four categories in more detail.
1. How Financial Statement Auditors Evaluate Cyber Risk
The first section of the CAQ guidance urges board directors to understand how financial auditors consider cyber risks. It asks directors to pay attention to the extent that the audit process itself addresses risk and whether the auditors’…
