Establish An Audit Trail for Access Management
May 2, 2017
Greater than the Sum of its Parts: Management System Integration
May 4, 2017
Voluntary Engagement Will Help Companies and Auditors Communicate Cyber Risk Readiness

Integrated Management Systems

Course Outline
For a detailed outline on what this course has to offer, click below to download a pdf.
Download Course Outline
Duration: Approx. 48 hours (equivalent to 6 days full-time study)
Certification: Accredit Global - QM EM OH
Standard: ISO 9001:2015, ISO 14001:2015 and AS/NZS 4801 (OHSAS 18001)
Prerequisites: Yes - See Entry Requirements Below
The Integrated Management Systems Auditing course (Accredit Global – QM OH EM) is internationally recognised and completed fully online comprising of the following subject units: Consultation and Communication Context of the organisation Documented Information Hazard assessment & control Hazard Identification Improvement Leadership & Planning Measurement & Evaluation Operation Performance Evaluation Planning Reporting

Enrol & Start Now

Course Fee: $1,795.00 (AUD)

NEW YORK–(BUSINESS WIRE)–At a time when organizations around the world are facing cybersecurity attacks, it is more important than ever for them to demonstrate to key stakeholders the extent and effectiveness of their cybersecurity risk management efforts. To help businesses meet this growing challenge, the American Institute of CPAs (AICPA) has introduced a market-driven, flexible and voluntary cybersecurity risk management reporting framework.

“The framework we have developed will serve as a critical step to enabling a consistent, market-based mechanism for companies worldwide to explain how they’re managing cybersecurity risk”

Tweet this

“Cybersecurity threats are escalating, thereby unnerving boards of directors, managers, investors and customers of businesses of all sizes – whether public or private,” said Susan S. Coffey, CPA, CGMA, AICPA executive vice president for public practice. “While there are many methods, controls and frameworks for developing cybersecurity risk management programs, until now there hasn’t been a common language for companies to communicate about, and report on, these efforts.”

The AICPA’s new framework will enable all organizations – in industries worldwide – to take a proactive and agile approach to cybersecurity risk management and to communicate on those activities with stakeholders. Two resources that support reporting under the framework are being released today:

  • Description criteria – For use by management in explaining its cybersecurity risk management program in a consistent manner and for use by CPAs to report on management’s description.
  • Control criteria – Used by CPAs providing advisory or attestation services to evaluate and report on the effectiveness of the controls within a client’s program.

A third resource for CPAs will be available in May:

  • Attest guide – This guidance, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, will be published next month to assist CPAs engaged to examine and report on an entity’s cybersecurity risk management program.

Building on CPAs’ experience in auditing information technology controls, the AICPA’s Assurance Services Executive Committee identified the emerging need for cybersecurity-related assurance services. The goal was to enable companies to more effectively communicate the robustness of their cybersecurity risk management programs to key stakeholders.

“The framework we have developed will serve as a critical step to enabling a consistent, market-based mechanism for companies worldwide to explain how they’re managing cybersecurity risk,” Coffey explained. “We believe investors, boards, audit committees and business partners will see tremendous value in gaining a better understanding of organizations’ cybersecurity risk management efforts. That information, combined with the CPA’s opinion on the effectiveness of management’s efforts, will increase stakeholders’ confidence in organizations’ due care and diligence in managing cybersecurity risk.”