Barry Scott

Barry is a technology risk analyst at HORNE Cyber where he specializes in financial assurance, IT risk assessments and IT general controls testing.
Find me on:

Recent Posts

May 4, 2017 10:00:00 AM

SOC for Cybersecurity: What Does this Mean for Your Business?

The American Institute of Certified Public Accountants (AICPA) finalized the guidance for Systems and Organization Controls (SOC) for Cybersecurity reporting this week.  This guidance gives organizations guidelines on how to create and document their cybersecurity risk management program, as well as provides standards for public accounting firms to report on such programs.  In other words, this provides clear guidance for CPAs to provide assurance on cybersecurity.

Topics: SOC for Cybersecurity, Cyber Assurance Insights

Oct 11, 2016 10:00:00 AM

AICPA Exposes Guidance for Cybersecurity Risk Management Examinations

The American Institute of Certified Public Accountants (AICPA) recently released two exposure drafts on criteria for cybersecurity.  The first Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program is entirely new.  This draft gives organizations guidelines on how to create and document their cybersecurity risk management program.  This guidance also sets forth standards for public accounting firms to report on such programs.  In other words, this provides clear guidance for CPAs to provide assurance on cybersecurity.

Oct 4, 2016 10:00:00 AM

Alphabet Soup: Understanding the Qualifications of Risk Management Professionals

You’ve just gotten an email from a potential vendor looking to make a connection.  In their signature, following their name is a list of five abbreviations, all intended to make them appear qualified, reputable, and knowledgeable.   But what do they actually mean?  Are they relevant to the service you are trying to procure?  A pilot’s license is crucial for a commercial airline pilot but irrelevant for practicing law.  Similarly, technical certifications are outstanding for your IT department, but not so relevant when looking for someone to issue a Service Organization Control (SOC) Report.  If you need to provide a SOC Report  to your clients or customers, no matter the version you need, you’ll need a CPA.  Other organizations may require very specialized certifications, such as Pulse and STAR requiring a CTGA (Certified TR-39 Auditor) to perform ATM and PCI Pin compliance audits.  

Topics: risk management

Aug 16, 2016 1:00:00 PM

How InTREx Changes Audits

On June 30th, 2016, the FDIC announced that the Information Technology Risk Examination (InTREx) Program would be replacing the existing Information Technology Risk Management Program (IT-RMP) effective July 1st, 2016. 

Topics: InTREx