In response to requests for information about the effectiveness of an entity’s cybersecurity risk management program, the AICPA has developed the cybersecurity risk management examination. In conjunction with that examination, the AICPA has also developed description criteria for use when preparing and evaluating the description of the entity’s cybersecurity risk management program and control criteria for use when evaluating the effectiveness of controls within the entity’s cybersecurity risk management program.
The purpose of this document is to assist management with