Page 45 - CITP
P. 45
Advanced reading recommendations
Advanced SOC for Service Organizations Certificate Exam. Durham, NC: AICPA, 2017.
Reporting on an Entity’s Cybersecurity Risk Management Program and Controls: Attestation Guide.
Durham, NC: AICPA, 2017.
®
SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security,
Availability, Processing Integrity, Confidentiality, or Privacy: Guide. Durham, NC: AICPA, 2018.
AICPA. SOC for Cybersecurity Backgrounder.
www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocu
ments/soc-for-cybersecurity-backgrounder.pdf
AICPA. What Are You doing to Prevent Cyberattacks?
www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocu
ments/soc2-vs-soc-for-cyber-brochure.pdf
AICPA. Trust Services Criteria.
www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocu
ments/trust-services-criteria.pdf
DeLoach, James and and Jeff Thomson. Improving Organizational Performance and Governance.
www.coso.org/Documents/2014-2-10-COSO-Thought-Paper.pdf
Galligan, Mary E. and Kelly Rau. COSO in the Cyber Age.
www.coso.org/documents/COSO%20in%20the%20Cyber%20Age_FULL_r11.pdf
COSO. “Internal Control over Financial Reporting — Guidance for Smaller Public Companies,” Volume
I, II and III. 2006.
Moeller, Robert R. IT Audit, Control, and Security. Hoboken, NJ: Wiley, 2010.
PCAOB, AS 2201 (https://pcaobus.org/Standards/Auditing/Pages/AS2201.aspx).
Romeo, Christopher J. Cybersecurity Fundamentals for Finance and Accounting Professionals
Certificate. Durham, NC: AICPA, 2017.
Weber, Ron. Information Systems Control and Audit. Upper Saddle River, NJ: Prentice Hall, 1999.
© 2019 Association of International Certified Professional Accountants. All rights reserved. 1-35
