Securities and Exchange Commission (SEC) Cybersecurity Mock Exam



HKA conducted an SEC Cybersecurity Mock Exam for a multi-billion dollar U.S.-based private equity firm.


HKA’s SEC Cybersecurity Mock Audit Exam was requested by the private equity firm to assess their alignment with the most recent cybersecurity guidance, issued by the U.S. Securities and Exchange Commission (SEC) Division of Examinations, to identify high-risk areas along with remediation recommendations.

What we did

HKA evaluated the client’s cybersecurity posture with regard to how cyber risk is managed by reviewing their cybersecurity policies and procedures and conducting key stakeholder interviews about their cyber and information security risk management activities.

HKA also assessed supporting internal documentation relevant to their policies and procedures to learn how the firm manages cybersecurity risk. Our mock exam covered the following SEC Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Guidance areas: Governance and Risk Management, Access Rights and Controls, Data Loss Prevention, Mobile Security Incident Response and Resiliency, Vendor Management, and Training and Awareness.

HKA provided high-level written guidance on specific areas of cybersecurity risk requiring further review and mitigation. We also performed control testing or the firm’s highest areas of risk. Additionally, HKA provided improvement recommendations in the areas of Governance and Risk Management, Policy Development, Procedure Development, and Policy and Procedure Control Testing based on the cybersecurity mock exam results.


HKA identified areas within the private equity firm’s cybersecurity program that may be scrutinized during an SEC exam for failure to meet the SEC’s expectations and provided guidance and remediation support to align their cybersecurity program with the SEC’s expectations.

Project Details
  • Client
    Private Equity Firm
  • Year
  • Value
  • Services
    Risk Management, Governance & Compliance
  • Sectors
    Cybersecurity & Privacy Risk Management