What is the external auditor’s responsibility for cybersecurity?

Description

Abstract: Earlier this year, the Center for Audit Quality issued an alert regarding the external auditor’s responsibilities with respect to cybersecurity matters. The alert points out that, “given the focus on a narrower slice of a company’s overall IT platform,” a financial statement and the internal control over financial reporting (ICFR) audit in accordance with professional standards likely wouldn’t include areas addressing a cybersecurity breach. This article concludes that, as cyber threats become increasingly common, it’s critical for public companies to understand the scope of the external auditor’s responsibilities in this area and to develop a cybersecurity program that fills in the gaps.