User Account

All Pages

Auditor related to cybersecurity disclosures

Assignment Help Business Management
Reference no: EM133151207

Understanding the Role of Management and Responsibilities of the Financial Statement Auditor Related to Cybersecurity Disclosures

In September 2017, Securities and Exchange Commission (SEC) Chairman Jay Clayton stated, "I recognize that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face. That stark reality makes adequate disclosure no less important."

The SEC is focused on ensuring the adequacy of public company disclosures of cybersecurity risks and how those risks are managed. Investor groups have also asked company boards to strive for transparency in reporting efforts to prevent and mitigate cyber threats. [4]

In 2011, the SEC's Division of Corporation Finance (Division) issued disclosure guidance. Under that guidance, a company may determine it is necessary to disclose cybersecurity risks in various places throughout its Form 10-K (e.g., risk factors, management's discussion and analysis [MD&A], legal proceedings, business description, and/or financial statements). [5] While the 2011 SEC staff guidance remains applicable, in February 2018, the SEC updated its disclosure guidance to reinforce and expand on the 2011 guidance. The new guidance addresses two topics not developed in 2011 guidance-namely, the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the cybersecurity context. [6] In the 2018 guidance the SEC emphasized the importance of ensuring that periodic reports such as the Form 10-Q continue to provide timely and ongoing information on material cybersecurity risks and incidents. The SEC also emphasized that companies must maintain disclosure controls and procedures, and management must evaluate their effectiveness.

The SEC staff has communicated publicly that it intends to focus more on companies' disclosures about cyber incidents and their cybersecurity programs. The following are questions that board members with cybersecurity risk oversight may use to clarify management's role and the auditor's responsibilities related to cybersecurity disclosures.

Questions

The Role of Management

1. In complying with the current SEC guidance, how has management considered cybersecurity risks in its ability to record, process, summarize, and report on information required to be disclosed in its SEC filings?

2. What disclosure controls and procedures are in place to help ensure that the disclosures comply with the SEC's guidance regarding the importance of a company being able to make accurate and timely disclosures of material cyber events?

3. Have the design and operating effectiveness of the disclosure controls and procedures been evaluated to ensure they appropriately record, process, summarize, and report on information required to be disclosed in the company's SEC filings?

4. How is management considering the current SEC guidance with respect to cybersecurity on risk factors, MD&A, and financial statement disclosures?

5. In the event of a cybersecurity breach, what processes and controls are in place to help ensure that appropriate levels of management and board members with cybersecurity risk oversight are involved in the review of the related disclosures, if appropriate?

6. Has the company considered its insider trading policies in the event of a material cyber incident? Are appropriate policies and procedures in place to guard against company executives and other insiders taking advantage of the period between the company's discovery of a cybersecurity incident and public disclosure?

Questions

The Role of the Financial Statement Auditor

1. What does the financial statement auditor consider related to cybersecurity disclosures included in the Form 10-K or other documents that include the audited financial statements?

2. How do those considerations differ when cybersecurity related information is included in another company document (e.g., a press release)?

3. If the company had a material contingent liability for an actual cyber incident, what is the financial statement auditor's responsibility with respect to the company's assessment of any related financial statement disclosure(s)?

4. What is the financial statement auditor's responsibility if a cyber incident material to the financial statements is discovered after the balance sheet date but before the auditor's report on the financial statements is issued?

Reference no: EM133151207

Questions Cloud

What is the object of the contract : AB bought a lotto ticket in the hope of winning a prize. Identify what is the object of the contract and if the sale is valid? Explain why.
Single and dual rates of allocations : Allocation of support costs in a manufacturing operation is a topic often debated by managers of the various production departments.
Vietnam basic formal and informal institutions : Describe and analyze Vietnam's basic formal and informal institutions. How do the institutions of Vietnam help to explain its progress/lack of progress?
Cyclical set menu : You are the cook, at a boarding college and cater 50 students, the dining room menu caters for breakfast, morning tea, lunch, afternoon tea and dinner.
Auditor related to cybersecurity disclosures : Understanding Role of Management and Responsibilities of the Financial Statement Auditor Related to Cybersecurity Disclosures.
Describe the quantitative variable in context : Describe the quantitative variable in context. For example, when playing the lottery, one may state that the quantitative variable is the amount of money won
Briefly discuss the unconventional monetary policy tools : Briefly discuss the unconventional monetary policy tools adopted by the European Central Bank (ECB) during the 2007- 09 financial crisis
Range of effective communication strategies : Range of effective communication strategies - write professional letters, memos and reports using correct grammar and spelling
Determine the operating income for each division : Determine the operating income for each division if the transfer price from Machining to Assembly is at cost

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd