PCAOB Points to Audit Progress

pcaob

The head of the Public Company Accounting Oversight Board launched a charm offensive this week, praising audit firms for falling rates of deficient audits and stressing that the PCAOB plays an important role in investor protection. I’m sure Republicans’ anti-PCAOB mood these days was just a coincidence. Erica Williams, chair of the PCAOB, spoke Wednesday…

Read More

Questions for Incoming SEC Chairman

enforcement

Last week President-elect Trump said he will nominate Paul Atkins to be the next chairman of the Securities and Exchange Commission. Now compliance and audit professionals can start considering how an Atkins-led SEC will shape corporate compliance for the next few years, and there are lots of questions to contemplate here.  Start with the biographical…

Read More

Last Week’s Cybersecurity Disasters

cybersecurity

There are decades when nothing happens, and weeks when decades happen. Last week was definitely one of those latter periods for CISOs, internal auditors, compliance officers, and anyone else charged with worrying about cybersecurity. Just consider what happened last week: On Tuesday, UnitedHealth reported spending nearly $1 billion on recovery costs from a ransomware attack…

Read More

UnitedHealth’s Big Cyber Compliance Mess

unitedhealth

UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…

Read More

Internal Accounting Controls and Cyber Risk

control environment

Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…

Read More

Compliance Jobs Report: June 28

compliance jobs

You want compliance jobs gossip? The Compliance Jobs Report has that in spades. This week we have updates from Sandvik, Illumina, Penn State, Booking.com, Apple, and lots more. Our job leads this week all include preposterously wide salary ranges, and Meme of the Week goes out to disclosure controls. Always remember that we need your…

Read More

Yes, Automating ICFR Helps, But… 

control environment

Internal audit and GRC professionals talk all the time about the importance of automating internal controls. Now we have some fresh academic research demonstrating what sort of benefit a company can gain from following that path. The research comes from Musaib Ashraf, an accounting professor at Michigan State University who published a nifty paper several…

Read More

More Tips on Good Data Protection

data protection

Another week, another enforcement action from the Federal Trade Commission giving us a glimpse into what modern data protection programs should look like. This time the company in question is a telecommunications company that flubbed basic data protection protocols and then suffered a breach; and as usual, the FTC gives compliance, privacy, and IT security…

Read More

Qualitatively Material Cyber Incidents

cybersecurity

Today I want to revisit the new SEC rules for disclosing material cybersecurity incidents, and in particular those qualitatively material incidents that might seem especially tricky to assess and prevent. What internal controls become more important for that type of threat? This is on my mind because we’re already starting to see some companies disclose…

Read More

PCAOB Talks 2024 Audit Issues

pcaob

The Public Company Accounting Oversight Board plans to inspect more corporate audits in 2024, casting an especially watchful eye at audits of financial and IT companies, as well as businesses that engaged in mergers and acquisitions in 2023. So says an alert the PCAOB published earlier this week, previewing the agency’s priorities for 2024 audit…

Read More