If you follow professional football, you know how valuable a left tackle is to a team. One of his key responsibilities is to protect a right-handed quarterback’s back or “blindside.” These players are so valuable that they command salaries second only to the quarterback.
The HORNE team certainly isn’t equipped to play pro football, but we are concerned about protecting your blindside. We don’t want you to be surprised by what we see coming, as the risk landscape changes in 2016. To that end, here are a few areas we think deserve extra attention as you evaluate your risk profile for next year – information technology, increased regulation and globalization.
It seems like every time you turn on a television, browse the internet or pick up a newspaper there is a story about a cyber attack where confidential information was stolen. Looking back at 2014, experts estimate that 700 million records were accessed illegally and that financial losses exceeded $400 million. Thieves are targeting financial information, corporate secrets, emails, research and medical information, as well as social security numbers, credit card numbers and personal information. If you have data and are connected to the internet, you are at risk. With that in mind, if your company doesn’t already have a robust technology security plan in place, now is the time to create one.
Mobile and Cloud Computing
In today’s business world, almost everyone has a smart phone, laptop or tablet with access to the company’s network, making it possible to work from anywhere. With that freedom, however, comes risk. Employees and vendors often have the weakest security on their mobile devices, and their risk becomes your company’s risk. As with an overall cyber security plan, if you don’t already have an active policy covering mobile devices, now is the time to put one in place. A recent HORNE blog post can give you guidance about what should be included in your mobile-device policy.
Whether you recognize it or not, your company is conducting business in the cloud. A simple Google search can access data someone else has stored in the cloud, and your vendors may be using cloud storage, even if you are not. Your payroll records, for example, are quite possibly stored in the cloud. You need to assess your exposure to cloud storage and respond appropriately. As discussed in a previous HORNE blog, it is important during this assessment for you to get to know the third party vendor that is providing data storage.
Public Company Accounting Oversight Board
Information technology is one of the focus areas of the Public Company Accounting Oversight Board. Why is that important to you? As a public company, your auditors are inspected by the PCAOB, which is a good thing, but the PCAOB is placing additional emphasis on the need for auditors to push clients to address IT issues. In our role as both internal and external auditor, we have witnessed the emphasis being placed on IT, and we have seen many companies and their boards come late to the game in addressing IT risk. As a result, they are scrambling now to perform vulnerability assessments and penetration testing, but it would have served them well to have started preventative measures a couple years ago. If you haven’t started, don’t wait any longer.
It’s pretty clear that the pace of regulation will not slow anytime soon. A recent study performed by the Financial Executives Research Foundation looked at audit fees for more than 7,000 public companies. The study found the median increase in fees was 3.4 percent. Furthermore, nearly half of the public companies reported that they were asked to make changes in controls as a result of PCAOB requirements or findings. Lastly, the survey revealed over the past three years more than half of the public companies experienced an increase in internal costs needed to comply with Sarbanes-Oxley reporting requirements.
As we partner with clients as their internal and external auditor, we see firsthand the increasing focus external auditors are placing on certain areas in order to meet the regulatory demands of the SEC. In these situations, it is imperative all parties involved – management, board of directors, audit committees, internal auditors and external auditors – work together to identify the appropriate course of action to ensure the company complies with the applicable laws and regulations.
Like it or not, technology has become integral to our lives and is helping make the world a smaller place. More and more companies have subsidiaries, affiliates, customers and vendors around the world. Running a global enterprise means that your business faces new challenges. For example, as we operate in a global economy, a crisis in one country can influence economies around the world. Just consider how financial woes in Greece and an economic slowdown in China have affected the U.S. economy. Going global also means that you must be familiar with the different laws and regulations in other countries. It is important for companies operating in foreign countries to have resources available that are knowledgeable of the local laws and regulations. Finally, technology often makes running a global company possible, but it presents its own risks as previously mentioned
Of course, no company can protect itself from all risks, but with a little planning and nimble execution, you can greatly reduce your risk and keep from being blindsided. The Governance, Risk and Compliance team at HORNE can help you evaluate your situation and plan your response. Just give us a call to explore how we can help you.
For weekly insights into enterprise complexity, please sign up here:
About the Co-Author
Justin Doggett provides assurance services to privately held and publicly traded companies in the insurance, transportation and technology industries.