This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Cybersecurity Risk Management Oversight: A Tool for Board Members

  • CAQ Image

Apr 12, 2018

On April 12, 2018, the Center for Audit Quality released a tool that provides key questions board members can use as they discuss cybersecurity risks and disclosures with management and CPA firms.

The questions are grouped under four key areas:

  • Understanding how the financial statement auditor considers cybersecurity risk
  • Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures
  • Understanding management’s approach to cybersecurity risk management
  • Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management

The tool also compiles cybersecurity-related resources from the CAQ, the American Institute of CPAs, the National Association of Corporate Directors, and others.

Review the tool on the CAQ's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.