Public company auditors are starting to suggest companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit.
In a chapter of a 236-page paper by the Internet Security Alliance prepared for its recent conference, the Center for Audit Quality says the American Institute of Certified Public Accountants is developing a new process for examining and reporting on a company’s cyber-security risk management. It contemplates an independent cyber-security report being produced by either a company’s current external auditor or another audit firm.
