Tag Archive: cybersecurity

SEC Leadership and Audit Committee Priorities for 2013

Published by

In the midst of the general process to determine the next leader of the Securities and Exchange Commission (SEC), current Chairman Elisse Walter[1] spoke to NACD’s Capital Area chapter this week. The conversation covered a wide range of topics, from diversity in the boardroom to the sequester’s impact on the SEC.

A significant portion of the discussion focused on the auditing profession, including activity from the Public Company Accounting Oversight Board (PCAOB). Having served on the SEC’s staff in a variety of roles beginning in 1977, Walter has had a front-row seat to the evolution of auditing and oversight. From her perspective, although audit has improved in the years since Sarbanes-Oxley, the improvements have not been enough to meet the current environment. Walter also highlighted the utility provided by PCAOB’s new Auditing Standard 16: Communications with Audit Committees and the proposed changes to the auditor’s reporting model.

On mandatory audit firm rotation—another significant proposed rule from the PCAOB—Walter was less committed. While there are many pros and cons to the concept, she noted the potential impact was uncertain.

PCAOB member Jay Hanson has commented several times on the concept release. Without a causal link between an audit failure and the audit firm tenure, Hanson remarked that he could “not see how the Board could move forward on mandatory rotation.” Furthermore, “mandatory rotation would be extraordinarily difficult to justify through an economic analysis of its costs and benefits.”

Last year, NACD’s National Audit Committee Chair Advisory Council spearheaded an initiative to propose an alternative solution to mandatory audit firm rotation: the audit committee evaluation of the external auditor. On Wednesday—the advisory council’s first meeting in 2013—delegates reviewed the status of the project. Since NACD CEO Ken Daly’s participation in a PCAOB roundtable last fall—during which he presented the assessment tool—the evaluation form has been downloaded over 1,500 times.

While directors wait for the PCAOB to decide its next steps regarding mandatory audit firm rotation, the advisory council outlined areas it plans to focus on in 2013. These include:

  • The quality of information presented to the board from management. Delegates suggested dashboards that are board- rather than management-oriented.
  • Cybersecurity and emerging technologies. Cyberterrorism and new technologies, such as social media, present significant risks to companies—oversight of which is often assigned to the audit committee.
  • Oversight of big data. Increasingly, investors are using data found in sources other than the annual financial report to analyze and make trading decisions. In some cases, the markets have information about a company’s products and performance before the board. 

Produced with KPMG’s Audit Committee Institute and Sidley Austin, NACD’s National Audit Committee Chair Advisory Council will next meet in early June. For a summary of the council’s 2012 meeting, visit our Board Leaders Briefing Center.


[1] The Chairman’s views were her own, not those of the SEC.

Recapping Master Class: The Intersection of Strategy and Innovation

Published by

One theme resounded in each session at NACD’s Master Class held in Scottsdale, Ariz., last week: the nature of directorship is in flux. In the 1990s, boards were subject to considerably fewer regulatory requirements. Sarbanes-Oxley created the “gatekeeper” of compliance, as observed by NACD President and CEO Ken Daly. Fundamentally, if boards fail to meet compliance requirements, little else will work.

But “you can’t comply your way to success,” according to opening speaker Bill Reichert. Today, long-term value creation necessitates innovative and inventive strategic planning—from management and the boardroom. As such, leading directors are shifting their focus not away from, but through, compliance efforts to the “next level.”

This concept of the “next level” was consistently brought up during discussions across the board. In some sessions, this meant critically assessing the skills and actions necessary to make the board a strategic asset to the company. In other sessions, “next level” addressed the information flow between the management and the board: how to fortify directors with the necessary knowledge to enable them to ask the “second layer” of questions that delve deeper into the data presented by management.

Innovation, however, brings risk—a concept Master Class attendees understood all too well. As noted in the 2009 NACD Blue Ribbon Commission Report on Risk Governance, “without risk there is no reward.” Risk is no longer limited to financial statements, though. The list of areas that pose potential threats to the organization has expanded over the last several years to include fields such as cybersecurity, emerging technologies such as e-commerce, and social media. Throughout the event’s sessions attendees discussed various methods that boards can use to assess and oversee these risks without becoming mired in granularity.

NACD’s Master Class in Scottsdale convened panelists with considerable experience in innovation, strategy, and risk oversight to lead attendees in discussions on how to effectively and intelligently ensure their company is ready to meet the challenges posed by the new economic climate. These panels were punctuated with multiple “deep dive” sessions in which participants could focus on specific topics of interest with experts and peers.

The next Master Class will be held in Boston, Mass., June 13-14.