I just finished a very intense training program in Atlanta sponsored by the Georgia Society of CPAs and the AICPA. The SOC for Cybersecurity is a relatively new SOC, added to the SOC 1 and SOC 2 Trust Service Principles only in the last year or so. Trust Services Principles are kind of like GAAP, Generally Accepted Accounting Principles, but they relate to auditing a service organization’s controls over cybersecurity.
While I will rely on the experts to actually perform these audits of third parties, my objective was to learn more about what we can do at LKA to continually improve our cyber-defense, but just as important, to gain a deeper knowledge of what many of our clients do on a regular basis for our Federal Government, large banks, and other critical institutions in our nation’s infrastructure.
The classroom was full of experts from around the world and as always, the “war stories” were the most interesting part of the course.
Here’s what we covered in class (excerpted from the AICPA site):
To earn this certificate, public accounting and finance professionals must complete 16 hours of continuing professional education on SOC for Cybersecurity attestation examinations concepts. Upon completion of the program, individuals will be prepared to:
- Apply the AICPA’s cybersecurity risk management reporting framework
- Analyze and examine an organization’s cybersecurity risk management program
- Report on the entity’s cybersecurity risk management program
By completing the certificate program, certificate holders will have an intermediate level knowledge of the following concepts:
- Cyberthreat landscape and the terminology used to describe various aspects of cybersecurity
- Various SOC services
- Components of cybersecurity risk management program
- How to use the description criteria
- How to use the control criteria to assess an entity’s controls over cybersecurity
- Key considerations prior to accepting a cybersecurity examination engagement and key planning considerations
- Key steps involved in performing the cybersecurity risk management examination
- Key factors to consider while forming the opinion and preparing the practitioner’s report
-Libby King, June 2018