New CAQ Tool to Help with Cybersecurity Risk Management Oversight
The Center for Audit Quality (“CAQ”) has developed a new tool to help board members oversee enterprise-wide cybersecurity risk management. Cybersecurity Risk Management Oversight: A Tool for Board Members lists questions board members can ask meeting with management and CPA firms about cybersecurity risks and disclosures. Such questions are divided into the following areas: Understanding how the financial statement auditor considers cybersecurity risk. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures. Understanding management’s approach to cybersecurity risk management. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. The tool also collects cybersecurity-related resources from. Read More.
Financial Executives Slowly Warming to Risk Management Planning
Despite the American Institute of Certified Public Accountants’ (“AICPA”) latest survey revealing organizations have inadequate risk management practices, the numbers compared to the inaugural survey have improved. The AICPA discovered that 31 percent of companies have created processes for enterprise risk management. That number is 22 percentage points higher than in 2009; only nine percent of organizations surveyed that year reported having risk management processes. The survey is part of the AICPA and North Carolina State University’s Enterprise Risk Management Initiative. Mark Beasley, the director of NC State’s ERM Initiative, said this year’s survey shows that more senior executives and. Read More.
Guidance Proposed on Environmental, Social and Governance Risks
The Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) and the World Business Council for Sustainable Development are proposing new guidance to help companies respond to environmental, social and governance-related risks. In the draft guidance, Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks, the organizations discuss the changing global risk landscape, principles of the COSO Enterprise Risk Management Framework, and ways companies can address environmental, social and governance-related risk challenges. The draft guidance also offers examples of risk events and potential costs of failing to manage them. A press release on the draft guidance is available on the COSO website.