当前位置:自成咨询 > AICPA > AICPA新闻 >

AICPA准备搞一个全新的考试

近期AICPA协会公布了两个ED(EXPOSURE DRAFT),第一个ED里面就爆出一个大新闻,AICPA协会准备要搞一个全新的考试啦!详情咱们看看新闻原文吧,大致意思就是咱们都进入Cyber社会这么久了,风险问题也层出不穷,咋就没有人想起来搞一个比较权威的“Cyber Risk Management Exam”呢?

AICPA准备搞一个全新的考试
Two exposure drafts issued Monday by the AICPA Assurance ServicesExecutive Committee (ASEC) are designed to provide a framework for evaluatingbusinesses’ cyber risk management. The proposed frameworks are designed to leadto:

  • A common setof criteria for management to use to design and describe their cybersecurityrisk management programs.

  • Theintroduction of a new engagement that CPAs will be able to use to serve boardsof directors, senior management, and others as they evaluate the effectivenessof an organization’s cybersecurity risk management program. The engagementwould be known as a “cybersecurity examination.”
     

Evolution of technology and the sophistication ofhackers have made cybersecurity one of the most important areas of riskmanagement for businesses. More than 95% of CGMA designation holdersparticipating in a 2015 survey said their companies are concerned with thethreat of database breaches, distributed denial of service (DDoS) attacks,phishing scams, and other cyberattacks.
 

The first ED, Proposed Description Criteria forManagement’s Description of an Entity’s Cybersecurity Risk Management Program,proposes a framework that company management would be able to use to design anddescribe their cybersecurity risk management program. The proposed frameworkalso would be used by public accounting firms to report on management’sdescription using the new cybersecurity examination engagements.
 

The second ED, Proposed Revision of Trust ServicesCriteria for Security, Availability, Processing Integrity, Confidentiality, andPrivacy, proposes revising AICPA trust services criteria used by publicaccounting firms that provide advisory or attestation services to evaluate thecontrols within an entity’s cyber risk management program—or SOC 2 engagements.
 

Management may use the trust services criteria toevaluate the suitability of design and operating effectiveness of controls.
 

The proposed frameworks represent an effort by theauditing profession and the AICPA to develop a common foundation for CPAs’services in response to the growing market demand for information about theeffectiveness of cybersecurity risk management programs.
 

“Our primary objective is to propose a reporting framework throughwhich organizations can communicate useful information regarding theircybersecurity risk management programs to stakeholders,” said Sue Coffey, CPA,CGMA, AICPA executive vice president–Public Practice.
 

The new cybersecurity examination engagement thatwould be enabled by these frameworks would be voluntary, flexible, andcomprehensive. Assisted by the Center for Audit Quality, the AICPA has soughtfeedback on the proposed engagement from interested groups.
 

As market conditions evolve, the AICPA will continueto seek input.
 

“The existence of multiple, disparate frameworks and programs forevaluating security programs and their effectiveness, as well as differentstakeholders’ preferences for each, has created a chaotic environment that onlyincreases the burden on organizations trying to communicate how they design,implement, and maintain an effective cybersecurity risk management program,”said Chris K. Halterman, CPA, executive director, advisory services for EY LLPand chair of ASEC’s Cybersecurity Working Group.
 

Halterman said CPAs will benefit from the AICPA’screation of a uniform, market-driven approach for examining and reporting onmeasures that entities take to bolster cybersecurity.
 

Public comments on the EDs are due Dec. 5. Commentsabout the proposed Description Criteria should be emailed to Mimi Blanco-Bestat mblancobest@aicpa.org. Comments on the proposed revision of Trust ServicesCriteria should be emailed to Erin Mackler at emackler@aicpa.org.
 

ASEC’s work is one aspect of the AICPA’smultifaceted approach to help CPAs lead the way in the management ofcybersecurity risk. In addition: 

  • ASEC isdeveloping a guide covering the entity-wide cybersecurity examinationengagement, as well as a guide for a new engagement intended to help companiesmanage cybersecurity risk in their vendor chains and distribution networks.

  • The AICPAPrivate Companies Practice Section (PCPS) is developing a cybersecurity toolkit for members.

  • Cybersecuritywill be covered in upcoming AICPA conference programs, and cyber-related CPE isalso being developed.

  • The AICPA Taxand Personal Financial Planning teams have produced guidance and news to helpmembers address tax return fraud, and the Forensic and Valuation Services teamis also developing additional cybersecurity-related resources.

  • The AICPAInformation Management and Technology Assurance team has created blog posts andwebcasts to educate members.

  • The AICPA haslaunched the new Cybersecurity Resource Center.

    特别提示:AICPA考试大改革

    自2017年4月1日起

    美国CPA考试也将发生重大变化,整体考试的题目类型,各类型题目的分值比重均会有所变化,也会持续更新加入一些新的提醒,比如已经在2016年7月1日期加入的DRS题型,考试的整体难度也将显著提高,目前距离AICPA考试改革还有约7个月的时间,若一切顺利,现在开始报名美国CPA考试,仍有机会再考试改革之前完成至少两个科目的考试。自成咨询AICPA课程目前正有重大优惠,凡在9月份报名参加课程的学员均可获赠四个科目考试费的减免。详情请致电自成咨询:4007-007-945

热门标签:
分享到:
0
相关文章

AICPA招生简章

美国CPA考试一点通

2016年11月19日 周六下午13:30-16:30
主讲人:Andy
另行通知

独家教材 权威认证

独家教材


客服咨询电话(节假日不休息)电话:4007-007-945
自成咨询北京网站管理员:QQ:3500-74146 欢迎教育类、培训类、新闻类网站和优秀个人站长交换链接
Copyright 2013 - 2014 自成咨询北京 all Rights Reserved