This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

CAQ publishes cybersecurity alert

  • CAQ (US Center for Audit Quality) Image

Mar 24, 2014

Last week, the Center for Audit Quality (CAQ) published Alert #2014-3, which summarizes independent auditors’ responsibilities regarding cybersecurity matters. The alert was published in anticipation of the SEC’s cybersecurity roundtable, which will be held on March 26, 2014.

The alert discusses audit procedures related to cybersecurity that are to be performed in audits of financial statements and, when applicable, of internal control over financial reporting (ICFR). It notes that the auditor is required to understand how the company uses information technology (IT) and the effect of IT on its financial statements but that the auditor’s “financial statement and ICFR audit responsibilities do not encompass an evaluation of cybersecurity risks across a company’s entire IT platform.”

The alert also outlines procedures to be performed by auditors related to a company’s financial statement disclosures about cybersecurity risks and other cyber incidents as well as other information contained in its Form 10-K.

For additional information, see the alert on the CAQ’s Web site and Deloitte's Heads Up newsletter summarizing the highlights of the cybersecurity roundtable.

Related Topics

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.