Posts Tagged ‘SEC policy’
A Memo on Cyber Materiality
So there I was the other day, pondering that new Securities and Exchange Commission rule for expanded disclosure of cybersecurity issues, when my phone rang. It was my friend the cybersecurity auditor. “Hey,” he said, “I have an idea for how companies can prepare for that new rule about disclosing cybersecurity stuff.” I was intrigued.…
Read MoreSEC Warns on Risk Assessments
The top accountant at the Securities and Exchange Commission is warning auditors and corporations alike to do better at risk assessments, and in particular to pay more attention to small control failures that might be suggestive of larger issues in a company’s control environment. Chief accountant Paul Munter released his statement Friday afternoon, a maneuver…
Read MoreSEC Adopts Cyber Disclosure Rule
As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer. The final rules are largely in step with what the SEC first proposed last year: annual discussion of cyber risks in the company’s…
Read MoreSEC to Vote on New Cyber Rules
The Securities and Exchange Commission will, at long last, vote next Wednesday on new rules that would require companies to make expansive new disclosures about their cybersecurity risks and the cyber incidents they suffer. The SEC originally proposed the rules in March 2022 — and they have been a sleeper issue in SEC rulemaking while…
Read MoreHere Come the Clawback Clauses
The Securities and Exchange Commission enacted a rule today that will require public companies to adopt and disclose executive compensation clawback policies, echoing the Justice Department’s effort to make companies exercise clawbacks more often when their executives commit misconduct. The rule directs U.S. stock exchanges to update their listing standards so that listed companies are…
Read MoreSEC to Auditors: Do Better on Fraud Risk
The Securities and Exchange Commission is urging auditors to do better at assessing fraud risk among their clients — a rather notable statement peppered with keywords such as “gatekeepers” and “protection of investors,” clearly intended to warn audit firms that the agency wants to see improvement here. The statement came on Tuesday from Paul Munter,…
Read MoreLessons in the HanesBrands Cyber Attack
Before we all forget, compliance and audit professionals should note that HanesBrands coughed up an ugly quarterly report last week — and one principal reason for that awful report was a ransomware attack that apparently cost HanesBrands $100 million in lost revenue. The ransomware attack itself is not news; Hanes disclosed the matter on May…
Read MoreAttestations for Cyber Controls
Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…
Read MoreComments on SEC Cyber Proposal
We continue our focus on cybersecurity compliance today with a return to the SEC’s proposals for expanded disclosure of cybersecurity risk in corporate reports. The public comment period for those proposals closed last week, and compliance officers have a bundle of interesting points to ponder. The SEC received dozens of comments, and to no surprise…
Read MoreProposed Greenhouse Gas Disclosures
Today let’s return to the SEC’s proposed requirement that companies disclose their climate risks, and specifically the greenhouse gas emissions that arise from a company’s operations and supply chain. Tracking and reporting such information could be quite difficult — so what’s the rationale here, and how might companies get started to fulfill such a requirement?…
Read More