New cybersecurity assurance standard for accountants

The American Institute of CPAs is encouraging firms to modernize the way they conduct audits by using data analytics technology


The AICPA has launched a new assurance standard that accountants can use to issue an attestation report on a clients cybersecurity controls. This was announced by AICPA president and CEO Barry Melancon at a recent meeting of the Accountants Club of America.

The AICPA has issued a family of standards called SOC [Service Organization Control] reporting, or statements on controls, that are about attestations to third parties about how businesses are doing in a variety of different ways in their technology operations and things of that nature, not just their financial results.

According to Melancon “This is an explosive area where people want these types of reports. There are firms that in 2015 whose numbers show 400 percent increases in the number of reports that were issued under the SOC standards. This is not because they’re being mandated by the government. These are actually market forces that users, vendors, etc., are saying they want these types of assurances that companies are operating in the best light and doing certain things. That leads us to a very explosive and emerging area that this profession is going to have a role in, which is cybersecurity. Cybersecurity is on the agenda of every board and every single management team in America, and it is a very complex and difficult process.”