NEW YORK (July 6, 2016) – Cyber crime has emerged as a leading financial and operational risk for organizations of all sizes in all sectors. “With that in mind, the American Institute of CPAs (AICPA) is taking a multifaceted approach to cybersecurity through the work of the Assurance Services Executive Committee and the Center for Audit Quality. This work will allow CPAs to take a leadership role,” AICPA President and CEO Barry C. Melancon, CPA, CGMA, explains in a new video.
The U.S. Securities and Exchange Commission has acknowledged publicly that the accounting profession’s experience with integrating data, reporting and assurance puts CPAs in a unique position to assist organizations as they address their cybersecurity concerns. “But this is not just a public company issue,” said Melancon. “It affects businesses of all types, shapes, and sizes.”
The AICPA is already seeing explosive growth in the need for cybersecurity-related services that build on the foundation for Service Organization Control, or SOC, reports. “This demand is driven by market forces, not a government mandate. And the market is asking us to do more, from both the advisory and assurance perspectives,” Melancon observed.
In response to the cyber challenge, the AICPA is taking action on many fronts:
- First, the Institute is developing timely tools and education for CPAs to successfully address risk in a number of areas. Simultaneously, various areas of the AICPA are working to help CPAs as they address cybersecurity concerns through services like advisory, assurance, tax and management accounting.
- Second, the AICPA is looking at how the profession can address cybersecurity as a natural extension of the platform of services CPAs already perform. The Institute is developing new examination engagements for members in public practice that are specific to cybersecurity. One is on an entity’s cybersecurity risk management program; another covers supply chain management for vendors and business partners to assess and manage their cybersecurity risk.
- Third, the Institute’s advocacy team is closely monitoring cyber-related legislative and regulatory developments in Washington so it can respond appropriately and keep members informed.
“We see numerous roles for CPAs in the battle against cyber crime,” Melancon went on to say. “Within their businesses, CPAs must present their own front line against cyber attacks, implementing controls that help protect data and prevent service disruptions. CPAs in business can use their knowledge of the organization to advise their employers on administering a cybersecurity risk management program and provide the best cyber solutions. CPAs in pubic practice, or public accounting, can assist their clients in an advisory capacity, as they grapple with cyber concerns and provide assurance when needed.”
For more information, visit the AICPA’s Cybersecurity Resource Center: