New CAQ Tool to Help with Cybersecurity Risk Management Oversight
The Center for Audit Quality (“CAQ”) has developed a new tool to help board members oversee enterprise-wide cybersecurity risk management. Cybersecurity Risk Management Oversight: A Tool for Board Members lists questions board members can ask meeting with management and CPA firms about cybersecurity risks and disclosures. Such questions are divided into the following areas: Understanding how the financial statement auditor considers cybersecurity risk. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures. Understanding management’s approach to cybersecurity risk management. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. The tool also collects cybersecurity-related resources from. Read More.
SEC Approves Revised Cybersecurity Disclosure Guidance
On February 21, the Securities and Exchange Commission (“SEC”) unanimously approved new interpretive guidance concerning public company disclosures related to cybersecurity. The updated guidance in Release No. 33-10459, Commission Statement and Guidance on Public Company Cybersecurity Disclosures, outlines the SEC’s thoughts on public companies’ disclosure requirements regarding cybersecurity risks, threats and incidents. Release No. 33-10459 also encourages public companies to implement cybersecurity policies and procedures and to apply disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions. The SEC believes the interpretive guidance will help public companies provide more transparent and detailed disclosures about potential threats to their computer systems and networks. Release No. 33-10459 is effective. Read More.
Corp Fin Director Shares Upcoming Priorities
Earlier this month during a speech in London, William Hinman, director of the Securities and Exchange Commission’s (“SEC”) Division of Corporation Finance (“Corp Fin”), discussed his office’s future priorities. One of Corp Fin’s priorities includes improving the efficiency of its internal processes by reviewing filing procedures and no-action requests, and assessing whether the office can better its response times. Corp Fin is also planning to update and simplify its Financial Reporting Manual and Compliance and Disclosure Interpretation. Several aspects of Corp Fin’s future guidance and rulemaking are likely to receive priority, such as disclosures regarding cybersecurity and resource extraction. Corp. Read More.
DoD Inspector General’s Office Releases Semi-Annual Report to Congress on Accomplishments
Twice a year, per the requirements of the Inspector General Act of 1978 (as amended), the Department of Defense (“DoD”) Office of the Inspector General (“OIG”) issues a report that summarizes its efforts and oversight conducted for the preceding six-month period. The report serves to demonstrate the importance of the OIG’s work to detect and deter waste, fraud and abuse, improve the efficiency and effectiveness of DoD programs, and ensure ethical conduct throughout the DoD. The most recent report, which covers the period of April 1, 2017, to September 30, 2017, documented 55 issued reports, including several significant audits and. Read More.
SEC Office Unveils Examination Priorities for 2018
On February 7, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) revealed its annual list of exam priorities. This year’s examination priorities are divided into five categories: Compliance and risks in critical market infrastructure Matters of importance to retail investors, including seniors and those saving for retirement FINRA and MSRB Cybersecurity Anti-money laundering programs More on the OCIE’s 2018 examination priorities is available in the news release.
NIST Publishes Draft 2 of Cybersecurity Framework Version 1.1
On December 5, 2017, the National Institute for Standards and Technology (“NIST”) published Draft 2 of Cybersecurity Framework version 1.1 (the “Framework”). The draft is intended to provide a flexible, voluntary, and effective tool to help organizations better manage their cybersecurity risks. For those unfamiliar with the Framework, it was developed in response to growing awareness that the national and economic security of the United States depends on the reliable functioning of critical information technology infrastructure and that cybersecurity threats place the nation at risk. On February 12, 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the. Read More.
Topics: Cybersecurity, Cybersecurity Framework, Improving Critical Infrastructure Cybersecurity, Industrial Control Systems, Information Technology, National Institute for Standards and Technology "NIST"