Cybersecurity Resources for CPAs Providing Advisory Services

cyber-control

CPAs with a specialization in information technology, can help clients address cybersecurity concerns by identifying potential internal risks and offering proactive steps to safeguard valuable client and customer information. CPAs with an IT skillset, who often hold the Certified Information Technology Professional (CITP) credential, may also be able to help advise clients through a readiness engagement – preparation for SOC for Cybersecurity assurance. To help CPAs provide highly specialized cybersecurity advisory services, the AICPA offers the following resources:

  • Information Technology and Assurance Management
    The AICPA’s Information Technology and Assurance Management (IMTA) Section supports CPA.CITPs and other professionals with an interest in IT. The IMTA Cybersecurity Task Force develops resources to help CPAs advise clients on cybersecurity concerns, including The Top Cybercrimes whitepaper.
  • Building a Cybersecurity Practice 
    This set of tools from the Private Companies Practice Section (PCPS) helps practitioners understand the cybersecurity risks they and their clients face and communicate with clients about how to address those risks. These tools provide an opportunity for firms to provide clients with services they may need to address their cybersecurity risks. Resources require AICPA.org login; some resources require PCPS membership as well.
  • Cybersecurity Risk Management Reporting Framework
    The AICPA’s framework can be used to advise clients on assessing risks, establishing risk management objectives, updating policies and procedures and evaluating governance. A CPA advisor may also use the framework to help assess a client’s readiness for a cybersecurity risk management assurance engagement.
  • Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (control criteria)
    These criteria are intended for use by CPAs to provide advisory or attestation services to evaluate the controls within an entity’s cyber risk management program, or for SOC 2® and SOC 3® engagements. Management also may use the trust services criteria to evaluate the suitability of design and operating effectiveness of controls.
  • Cybersecurity Advisory Services Certificate

Go back to the AICPA’s Cybersecurity Resource Center
Access resources for Organizations and CPA Firms
Access resources for CPAs Providing Assurance Services

We are the American Institute of CPAs, the world’s largest member association representing the accounting profession. Our history of serving the public interest stretches back to 1887. Today, you'll find our 431,000+ members in 130 countries and territories, representing many areas of practice, including business and industry, public practice, government, education and consulting.

About AICPA

Support

Association of International Certified Professional Accountants. All rights reserved.