A new cybersecurity risk management reporting framework for management and CPAs

The AICPA issued a new framework for cybersecurity risk management reporting Wednesday. The framework gives an organization’s management criteria for explaining its cybersecurity risk management program and provides CPAs with guidance to be used in engagements to report on clients’ cybersecurity controls.