Introduction

            CITPs need to have in-depth knowledge of the risks — both within and outside the organization —
            associated with information security systems. A CITP needs to be in a position to not only understand
            these risks, but also be able to identify them and to assist clients in mitigating the consequences
            associated with them.

            It is critical for CITPs to understand concepts such as those embedded in the Trust Services Criteria as
            well as those circulated by external sources including industry regulatory bodies, states, and other
            governmental bodies around the globe.

            Over the past few years, the AICPA has developed a new cybersecurity risk management reporting
            framework to specifically address an organization’s need to communicate relevant and useful
            information about the effectiveness of their cybersecurity risk management program. A CITP should be
            well-versed in this type of attest offering as well as many other advisory services that surround this
            space.






















































            © 2019 Association of International Certified Professional Accountants. All rights reserved.    1-2