The AICPA/CICA Privacy Risk Assessment Tool

Learning about a weakness in your privacy program once a breach has occurred is too late. The costs to notify affected parties, regain your customers’ trust and correct those weaknesses are substantially higher than if the weaknesses had been identified and corrected before the breach had occurred.

A good first step towards addressing privacy risks within an organization is to perform a privacy risk assessment. Revised in 2010 by the AICPA/CICA Privacy Task Force, the Tool is designed to help CAs , management, owners, internal audit and other privacy professionals accomplish this task in an effective and comprehensive manner.

Key features of the Tool include:

• User-friendly templates based on Microsoft Excel
• Ability to incorporate results from up to 10 assessors
• Based on Generally Accepted Privacy Principles
• Provides results in both table and graphical formats for easy reporting to management and other interested stakeholders

Assessors are asked to score the following against each of the 73 GAPP criteria:

• Likelihood of a control failure
• Business impact should the control failure occur
• Cost to mitigate should the control failure occur

 

Download the files below and follow the installation instructions in the user guide to get started.

• AICPA/CICA Privacy Tool (ZIP)
• Privacy Risk Assessment Tool manual