Cybersecurity is a hot topic in the marketplace today. Within the CPA profession, firms can be targeted by hackers looking for information, but firms are also helping clients safeguard data. SEC Commissioner Kara Stein recently said, “I believe accountants, with their experience integrating data, can play a leadership role in helping us address the risks of cybersecurity.”
In recent months, Congress has come to focus on cybersecurity. Both the U.S. House of Representatives and U.S. Senate have passed bills enhancing avenues for sharing cybersecurity threat information. We continue to monitor this legislation as it works its way through the legislative process.
While legislation has not specifically included the profession, there is certainly a natural link between the attestation work CPAs perform on financial statements that adds credibility to potential work on cybersecurity control engagements. Cybersecurity presents an opportunity for the profession to apply its skills in an area that is becoming increasingly important in the marketplace. The American Institute of CPAs (AICPA) is exploring this link as it relates to activities in Washington, D.C. impacting cybersecurity.
Additionally, the AICPA has formed the Assurance Services Executive Committee (ASEC) Cybersecurity Working Group to work in collaboration with the AICPA’s Auditing Standards Board (ASB) to develop practitioner guidance for performing and reporting on examination-level attestation engagements related to cybersecurity. The goal is to develop a profession-wide approach to providing cybersecurity services.