Overview
In recognition of the needs of management and boards of directors of diverse organizations, and for the benefit of the public interest, the American Institute of CPAs (AICPA) has developed a cybersecurity risk management reporting framework. Using it, organizations can communicate pertinent information regarding their cybersecurity risk-management efforts and educate stakeholders about the systems, processes and controls they have in place to detect, prevent and respond to breaches. The reporting framework also enables a CPA to examine and report on the management-prepared cybersecurity information, thereby increasing the confidence that stakeholders may place on an organization’s initiatives.
