Lessons in the HanesBrands Cyber Attack

Before we all forget, compliance and audit professionals should note that HanesBrands coughed up an ugly quarterly report last week — and one principal reason for that awful report was a ransomware attack that apparently cost HanesBrands $100 million in lost revenue.  The ransomware attack itself is not news; Hanes disclosed the matter on May…

Read More

Attestations for Cyber Controls

Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…

Read More

Comments on SEC Cyber Proposal

lawyers

We continue our focus on cybersecurity compliance today with a return to the SEC’s proposals for expanded disclosure of cybersecurity risk in corporate reports. The public comment period for those proposals closed last week, and compliance officers have a bundle of interesting points to ponder. The SEC received dozens of comments, and to no surprise…

Read More

Proposed Greenhouse Gas Disclosures

GHG

Today let’s return to the SEC’s proposed requirement that companies disclose their climate risks, and specifically the greenhouse gas emissions that arise from a company’s operations and supply chain. Tracking and reporting such information could be quite difficult — so what’s the rationale here, and how might companies get started to fulfill such a  requirement?…

Read More

SEC’s Push for Better Cyber Governance

board

Today I want to revisit the SEC’s proposed new rules requiring public companies to disclose more about their cybersecurity risks. Those plans would obligate companies to discuss how the board and senior management address cybersecurity risk at a strategic, enterprise level. What’s that all about?  In a previous post about the SEC proposals, I considered…

Read More

SEC Proposes Climate Risk Disclosure Rule

GHG

The Securities and Exchange Commission today unveiled its long-awaited proposal for disclosure of risks related to climate change, including disclosure of greenhouse gas emissions stemming from a company’s supply chain as well as audit and attestation requirements for larger companies’ disclosures.  The SEC adopted the proposed rule on a 3-1 vote, with lone Republican commissioner…

Read More

An SEC Statement on Restatements

restatements

The top accountant at the Securities and Exchange Commission wants corporate executives and audit committees to do better at evaluating when financial restatements are necessary, saying that too many tilt their analysis toward the conclusion that, nope, that error we had last quarter doesn’t need to be restated after all.  Paul Munter, the SEC’s acting…

Read More

SEC Proposes Cyber Disclosure Rules

cybersecurity

The Securities and Exchange Commission has proposed new rules that would require all public companies to disclose much more about how they manage cybersecurity risks and to disclose “material cybersecurity incidents” to investors promptly. The commission voted to propose the new rules on Wednesday morning — and to be clear, these are proposed new rules,…

Read More

Holding Lawyers More Accountable

lawyers

Corporate compliance and governance professionals often like to talk about the important role “gatekeepers” play in keeping an organization on the ethical path. Now an SEC commissioner is calling for new standards and accountability for some of the most important gatekeepers of all: corporate lawyers.  Commissioner Allison Herren Lee gave the speech on Friday, and…

Read More

SEC Comment Letters on Climate

GHG

At long last, the Securities and Exchange Commission is starting to provide a glimpse of the questions that SEC staffers are asking companies about the risks of climate change — and so far, the companies receiving such questions are doing their best to give the usual imprecise answers.  That glimpse came in the form of…

Read More