Cindy Fornelli is Executive Director, Catherine Ide is Managing Director of Professional Practice and Member Services, and Chris Alabi is a Professional Practice Fellow at the Center for Audit Quality. This post is based on a CAQ publication by Ms. Fornelli, Ms. Ide, and Mr. Alabi.
Companies are facing not only increasing cyber threats but also new laws and regulations for managing and reporting on data security and cybersecurity risks. Boards of directors face an enormous challenge: to oversee how their companies manage cybersecurity risk. As boards tackle this oversight challenge, they have a valuable resource in Certified Public Accountants (CPAs) and in the public company auditing profession.
CPAs bring to bear core values—including independence, objectivity, and skepticism—as well as deep expertise in providing independent assurance services in both the financial statement audit and a variety of other subject matters. CPA firms have played a role in assisting companies with information security for decades. In fact, four of the leading 13 information security and cybersecurity consultants are public accounting firms. [1]