The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future

October 27, 2020

Published: The CAQ

In December 2019, the Center for Audit Quality (CAQ) developed and issued a publication, The Role of Auditors in Company-Prepared Information: Present and Future, which provides a foundational understanding of the current role of auditors in various types of company-prepared and publicly disclosed information and discusses how auditors are positioned to enhance the reliability of decision-useful company-prepared information.

Cybersecurity can have pervasive impacts on companies. Organizations face numerous threats with varying consequences—all in an environment marked by rapid technological change. With technology advancing and the COVID-19 pandemic causing increased remote working arrangements, companies are facing new and evolving cybersecurity threats. In response, regulators, investors, and other stakeholders are increasingly interested in understanding more about the impact of cybersecurity on the global economy. In its July 2020 report, The World Economic Forum ranked “Cyber-attacks and data fraud due to a sustained shift in working patterns” as the third (of 10) most worrisome risk for companies. It is a strategic imperative that companies promote cybersecurity resilience and build trust in their cybersecurity practices. Companies can differentiate themselves by providing greater transparency around how they are addressing cybersecurity risks.

In this publication, we will provide an overview of the types of company-prepared information—both required and voluntary—that have been observed in the marketplace to describe to stakeholders how companies are addressing cybersecurity risks. We will discuss the role auditors play in cybersecurity as it relates to the audit of the financial statements and how the auditor’s role in cybersecurity could evolve beyond the financial statements to better meet the evolving needs of investors, senior management, boards of directors, and other pertinent stakeholders.

We also provide key questions board members can consider as they discuss company-prepared cybersecurity information with management and public company auditors.

Descargar haciendo clic en la imágen.


Otras Publicaciones


Últimas Publicaciones