Cybersecurity Resources for Organizations and CPA Firms

Businesses, government entities, non-profit organizations, and even CPA firms need to make sure they are protecting their client and customer information. The AICPA has the information and resources to help organizations in various stages of cybersecurity maturity, including support on the basics, information on assessing and strengthening risk management programs and guidance for organizations considering seeking independent assurance from a CPA.

Early Stages: Understanding Cybersecurity

Get to know cybersecurity basics with resources from the AICPA's Private Companies Practice Section (PCPS) Building a Cybersecurity Practice Toolkit as well as resources from the Personal Financial Planning (PFP) and Information Management and Technology Assurance (IMTA) sections.

Intermediate: Assessing Internal Cybersecurity Risks

Organizations and CPA firms of all sizes can use various AICPA tools and resources to assess internal risks and build or strengthen their cybersecurity risk management programs.

Mature: Cybersecurity Readiness and Assurance

Organizations and CPA firms that have a mature cybersecurity risk management program in place may want to demonstrate to clients, customers, investors, and the public the extent of their cybersecurity efforts. In this case, your organization would engage an independent CPA to perform an assurance examination and issue a report. But is your organization truly ready for an official assertion? A CPA can also provide a readiness assessment which can help you readdress cybersecurity concerns and prepare for assurance in the future.

  • Assurance and Report
    Using the AICPA’s cybersecurity risk management reporting framework, an independent CPA can review your organization’s description of its program and provide a SOC for Cybersecurity engagement to produce a report on your efforts.
  • Assurance Readiness
    Many organizations are eager to demonstrate their due diligence and care in developing and implementing an effective cybersecurity risk management program. However, gaining assurance is an arduous and possibly risky process if your program is not as mature as you think. A CPA can help your organization address the many risks associated with cybersecurity and determine “cybersecurity readiness” before seeking assurance. The AICPA’s cybersecurity risk management reporting framework is also a useful tool for readiness.

Go back to the AICPA’s Cybersecurity Resource Center
Access resources for CPAs Providing Advisory Services
Access resources for CPAs Providing Assurance Services