User Account

All Pages

Auditor related to cybersecurity disclosures

Assignment Help Business Management
Reference no: EM133151207

Understanding the Role of Management and Responsibilities of the Financial Statement Auditor Related to Cybersecurity Disclosures

In September 2017, Securities and Exchange Commission (SEC) Chairman Jay Clayton stated, "I recognize that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face. That stark reality makes adequate disclosure no less important."

The SEC is focused on ensuring the adequacy of public company disclosures of cybersecurity risks and how those risks are managed. Investor groups have also asked company boards to strive for transparency in reporting efforts to prevent and mitigate cyber threats. [4]

In 2011, the SEC's Division of Corporation Finance (Division) issued disclosure guidance. Under that guidance, a company may determine it is necessary to disclose cybersecurity risks in various places throughout its Form 10-K (e.g., risk factors, management's discussion and analysis [MD&A], legal proceedings, business description, and/or financial statements). [5] While the 2011 SEC staff guidance remains applicable, in February 2018, the SEC updated its disclosure guidance to reinforce and expand on the 2011 guidance. The new guidance addresses two topics not developed in 2011 guidance-namely, the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the cybersecurity context. [6] In the 2018 guidance the SEC emphasized the importance of ensuring that periodic reports such as the Form 10-Q continue to provide timely and ongoing information on material cybersecurity risks and incidents. The SEC also emphasized that companies must maintain disclosure controls and procedures, and management must evaluate their effectiveness.

The SEC staff has communicated publicly that it intends to focus more on companies' disclosures about cyber incidents and their cybersecurity programs. The following are questions that board members with cybersecurity risk oversight may use to clarify management's role and the auditor's responsibilities related to cybersecurity disclosures.

Questions

The Role of Management

1. In complying with the current SEC guidance, how has management considered cybersecurity risks in its ability to record, process, summarize, and report on information required to be disclosed in its SEC filings?

2. What disclosure controls and procedures are in place to help ensure that the disclosures comply with the SEC's guidance regarding the importance of a company being able to make accurate and timely disclosures of material cyber events?

3. Have the design and operating effectiveness of the disclosure controls and procedures been evaluated to ensure they appropriately record, process, summarize, and report on information required to be disclosed in the company's SEC filings?

4. How is management considering the current SEC guidance with respect to cybersecurity on risk factors, MD&A, and financial statement disclosures?

5. In the event of a cybersecurity breach, what processes and controls are in place to help ensure that appropriate levels of management and board members with cybersecurity risk oversight are involved in the review of the related disclosures, if appropriate?

6. Has the company considered its insider trading policies in the event of a material cyber incident? Are appropriate policies and procedures in place to guard against company executives and other insiders taking advantage of the period between the company's discovery of a cybersecurity incident and public disclosure?

Questions

The Role of the Financial Statement Auditor

1. What does the financial statement auditor consider related to cybersecurity disclosures included in the Form 10-K or other documents that include the audited financial statements?

2. How do those considerations differ when cybersecurity related information is included in another company document (e.g., a press release)?

3. If the company had a material contingent liability for an actual cyber incident, what is the financial statement auditor's responsibility with respect to the company's assessment of any related financial statement disclosure(s)?

4. What is the financial statement auditor's responsibility if a cyber incident material to the financial statements is discovered after the balance sheet date but before the auditor's report on the financial statements is issued?

Reference no: EM133151207

Questions Cloud

What is the object of the contract : AB bought a lotto ticket in the hope of winning a prize. Identify what is the object of the contract and if the sale is valid? Explain why.
Single and dual rates of allocations : Allocation of support costs in a manufacturing operation is a topic often debated by managers of the various production departments.
Vietnam basic formal and informal institutions : Describe and analyze Vietnam's basic formal and informal institutions. How do the institutions of Vietnam help to explain its progress/lack of progress?
Cyclical set menu : You are the cook, at a boarding college and cater 50 students, the dining room menu caters for breakfast, morning tea, lunch, afternoon tea and dinner.
Auditor related to cybersecurity disclosures : Understanding Role of Management and Responsibilities of the Financial Statement Auditor Related to Cybersecurity Disclosures.
Describe the quantitative variable in context : Describe the quantitative variable in context. For example, when playing the lottery, one may state that the quantitative variable is the amount of money won
Briefly discuss the unconventional monetary policy tools : Briefly discuss the unconventional monetary policy tools adopted by the European Central Bank (ECB) during the 2007- 09 financial crisis
Range of effective communication strategies : Range of effective communication strategies - write professional letters, memos and reports using correct grammar and spelling
Determine the operating income for each division : Determine the operating income for each division if the transfer price from Machining to Assembly is at cost

Reviews

Write a Review

Business Management Questions & Answers

  Trap of focusing on country

"The best companies will avoid the trap of focusing on country as the primary segmentation variable.

  Part of a public relations campaign

How do you describe the government relations tactics that can be would use as part of a public relations campaign, and explain in detail how these tactics will

  Mandated by discrimination and harassment laws

Diversity often is used in the context of legal requirements as mandated by discrimination and harassment laws, and in past has referred to "protected classes"

  Fox television station case

Based on the Fox Television Station's case, what do you think the decision should be and why?

  Internal rate of return calculation

You can use the same cash flows to do a net present Value (NPV) calculation, and an internal rate of return (IRR) calculation, how are they different?

  Illustrate what is the advantage of long term debt

Illustrate what are the four areas from which capital can be obtained to expand assets? Illustrate what is the advantage of long term debt (bonds) versus short term debt (current)?

  Business plan provide a competitive edge

Search the Library on the following topic: Change Model. Which change model do you think will work best for your evidence-based capstone project? Explain

  Find the most egregious ceo perk in the last year

Find a listing of members of a board of directors for a Fortune 500 firm. Does the board seem to be composed of individuals who are likely to fulfill all the

  Evaluate to perspective of two normative ethical theories

Evaluate the topic from the perspective of two normative ethical theories that were taught on the module (see attachment) and justify why they are relevant for the topic.

  Total cost of the units including initial charge

Romeo buys unit trusts and invests for income. He invested £50,000 in a unit trust with an offer price of £125 per unit, and sold the units after 5 years at £162 per unit. During this period he received income from the units of £6,200. This income..

  Behavioral challenges

Explain some of the rational considerations consumers have when considering purchasing a new home. Now explain some of the emotional factors.

  Four functions of management model

Do you agree or disagree with the critics who question the relevance of this model? Explain the answer and support the context position.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd