The Center for Audit Quality recently released a resource titled Cybersecurity Risk Management Oversight: A Tool for Board Members, which provides key questions and discussion topics for boards to address with management and accounting firms. The questions are grouped under four key areas:
- Understanding how the financial statement auditor considers cybersecurity risk.
- Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures.
- Understanding management’s approach to cybersecurity risk management.
- Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management.
The tool also compiles cybersecurity-related resources from the CAQ, the American Institute of CPAs, the National Association of Corporate Directors, and others. The Mutual Fund Directors Forum also has a resource on cybersecurity aimed at mutual fund independent directors, which can be accessed here.