Posts Tagged ‘SEC policy’
SEC to Auditors: Do Better on Fraud Risk
The Securities and Exchange Commission is urging auditors to do better at assessing fraud risk among their clients — a rather notable statement peppered with keywords such as “gatekeepers” and “protection of investors,” clearly intended to warn audit firms that the agency wants to see improvement here. The statement came on Tuesday from Paul Munter,…
Read MoreLessons in the HanesBrands Cyber Attack
Before we all forget, compliance and audit professionals should note that HanesBrands coughed up an ugly quarterly report last week — and one principal reason for that awful report was a ransomware attack that apparently cost HanesBrands $100 million in lost revenue. The ransomware attack itself is not news; Hanes disclosed the matter on May…
Read MoreAttestations for Cyber Controls
Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…
Read MoreComments on SEC Cyber Proposal
We continue our focus on cybersecurity compliance today with a return to the SEC’s proposals for expanded disclosure of cybersecurity risk in corporate reports. The public comment period for those proposals closed last week, and compliance officers have a bundle of interesting points to ponder. The SEC received dozens of comments, and to no surprise…
Read MoreProposed Greenhouse Gas Disclosures
Today let’s return to the SEC’s proposed requirement that companies disclose their climate risks, and specifically the greenhouse gas emissions that arise from a company’s operations and supply chain. Tracking and reporting such information could be quite difficult — so what’s the rationale here, and how might companies get started to fulfill such a requirement?…
Read MoreSEC’s Push for Better Cyber Governance
Today I want to revisit the SEC’s proposed new rules requiring public companies to disclose more about their cybersecurity risks. Those plans would obligate companies to discuss how the board and senior management address cybersecurity risk at a strategic, enterprise level. What’s that all about? In a previous post about the SEC proposals, I considered…
Read MoreSEC Proposes Climate Risk Disclosure Rule
The Securities and Exchange Commission today unveiled its long-awaited proposal for disclosure of risks related to climate change, including disclosure of greenhouse gas emissions stemming from a company’s supply chain as well as audit and attestation requirements for larger companies’ disclosures. The SEC adopted the proposed rule on a 3-1 vote, with lone Republican commissioner…
Read MoreAn SEC Statement on Restatements
The top accountant at the Securities and Exchange Commission wants corporate executives and audit committees to do better at evaluating when financial restatements are necessary, saying that too many tilt their analysis toward the conclusion that, nope, that error we had last quarter doesn’t need to be restated after all. Paul Munter, the SEC’s acting…
Read MoreSEC Proposes Cyber Disclosure Rules
The Securities and Exchange Commission has proposed new rules that would require all public companies to disclose much more about how they manage cybersecurity risks and to disclose “material cybersecurity incidents” to investors promptly. The commission voted to propose the new rules on Wednesday morning — and to be clear, these are proposed new rules,…
Read MoreHolding Lawyers More Accountable
Corporate compliance and governance professionals often like to talk about the important role “gatekeepers” play in keeping an organization on the ethical path. Now an SEC commissioner is calling for new standards and accountability for some of the most important gatekeepers of all: corporate lawyers. Commissioner Allison Herren Lee gave the speech on Friday, and…
Read More