Steve Ursillo Discusses How Technology Will Impact Audit
In a short video for the International Federation of Accountants (“IFAC”), Steve Ursillo, Jr. , shares his thoughts on how technology will affect audit and assurance services. Ursillo, Cherry Bekaert’s National Leader for the Information Assurance & Cybersecurity practice, says new accounting technologies will likely impact the way auditors perform engagements and client services. Watch the video on the IFAC website.
Important New Cyber Provisions in the 2019 NDAA
By: Curt Smith , Manager and Neal Beggan , Principal The National Defense Authorization Act for Fiscal Year 2019 (“NDAA” or “the Act”) was signed into law on August 13, 2018. The 2019 NDAA includes several broad provisions on cybersecurity that will interest government contractors. Generally, the Act in Section 1636 establishes a more aggressive policy on cyberspace, cybersecurity, cyber warfare, and cyber deterrence stating that the U.S. should “employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond to when necessary, all cyber attacks or other malicious cyber activities of foreign powers that target. Read More.
Public Companies Advised to Review Internal Controls for Cybersecurity
An October 16 report from the Securities and Exchange Commission (“SEC”) asks public companies to reassess their internal accounting control systems to safeguard against potential cyber-attacks. The SEC wants issuers to evaluate the degree to which cyber-related threats should be considered when developing and maintaining their internal controls. Issuers are also asked to determine whether their internal controls can provide reasonable assurances in protecting company assets from cyber-related risks. Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements is the result. Read More.
Proposed House Bill Asks Companies to Disclose Board Members’ Cybersecurity Expertise
A bipartisan group in the House of Representatives has proposed a bill requiring public companies to say whether their boards include members with knowledge of cybersecurity. Similar to a Senate bill debated this year, the Cybersecurity Disclosure Act directs the Securities and Exchange Commission (“SEC”) to create provisions requiring public companies to disclose in annual reports or proxy statements the details of their board members’ “expertise or experience” in cybersecurity. If a board member has no cybersecurity background, then a company would have to explain how it considers cybersecurity when selecting new directors. The SEC and the National Institute of. Read More.
New CAQ Tool to Help with Cybersecurity Risk Management Oversight
The Center for Audit Quality (“CAQ”) has developed a new tool to help board members oversee enterprise-wide cybersecurity risk management. Cybersecurity Risk Management Oversight: A Tool for Board Members lists questions board members can ask meeting with management and CPA firms about cybersecurity risks and disclosures. Such questions are divided into the following areas: Understanding how the financial statement auditor considers cybersecurity risk. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures. Understanding management’s approach to cybersecurity risk management. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. The tool also collects cybersecurity-related resources from. Read More.
SEC Approves Revised Cybersecurity Disclosure Guidance
On February 21, the Securities and Exchange Commission (“SEC”) unanimously approved new interpretive guidance concerning public company disclosures related to cybersecurity. The updated guidance in Release No. 33-10459, Commission Statement and Guidance on Public Company Cybersecurity Disclosures, outlines the SEC’s thoughts on public companies’ disclosure requirements regarding cybersecurity risks, threats and incidents. Release No. 33-10459 also encourages public companies to implement cybersecurity policies and procedures and to apply disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions. The SEC believes the interpretive guidance will help public companies provide more transparent and detailed disclosures about potential threats to their computer systems and networks. Release No. 33-10459 is effective. Read More.