Seeking Cyber Resiliency in 2016

by Ken Urish 8. December 2015 11:40
In the evolving cyber risk management environment, cyber security is becoming an increasing priority for CFO’s, risk managers and financial executives. This is evidenced by the projected increased emphasis on cyber security for 2016 disclosed by two recent surveys. Consulting firm Protiviti surveyed 650 CFOs and found that, while margins and earnings performance top the list of priorities for 2016, cyber security risks are the next highest priority. TD Ameritrade surveyed 300 senior finance executives and found that 41% of respondents identified data security as an area for increased capital expenditures for 2016. With this increased emphasis, CFO’s are reacting to increased sophistication and frequency of cyber attacks, and a better understanding of the inherent financial risks. The true cost of a cyber breach is complex. A breach of intellectual property affects not just competitiveness, it also hurts market share due to reputational damage and loss of confidence by customers. Productivity suffers during the remediation process and the throughout the internal changes – system upgrades, procedural changes, etc. - that tend to be implemented following a breach. Then there is litigation expense, and in many industries, fines and fees from regulatory non-compliance. Along with growing awareness of the true cost of a breach is the acknowledgement by many risk managers that it is "not if, but when" a breach will occur. Therefore, the focus of the increased expenditures is not just for defense, but rather on preparing for efficient breach response and containment. Investments are increasing in cyber insurance, forensic tools, and for training staff in both protection and response techniques. In short, we are seeing a shift by CFOs and risk managers to a more proactive approach to cyber risk management. The goal - a cyber resilient organization.
Categories:

Do Your Diligence – Cyber Risk in Mergers & Acquisitions

by David Ritzert 10. November 2015 11:34
As M&A activity increases, so too does the need for cyber security assessments. Cyber breaches are often in the news headlines, however, many companies have been slow to adopt cyber security risk procedures as part of their due diligence process. Companies that plan growth through M&A activity should assess the cyber risk associated with their acquisition targets. The value of the target, as well as the overall enterprise, could be significantly impacted by a cyber breach. In addition to the potential loss in market value, an acquiring company that comes under attack can experience a major disruption to their normal operations, including increased costs and management efforts being diverted to remediation and shoring up defenses, rather than the integration efforts necessary to achieve the anticipated synergies from the transaction. When cyber security procedures are incorporated into the due diligence process, companies can proactively understand and mitigate the potential risks of acquiring a compromised entity. If your company is involved in M&A activity and you don’t incorporate cyber security procedures into the due diligence process, you could be putting your company and the contemplated transaction at risk.
Categories: Assurance

The Rising Tide in Risk Management

by Mark Gibbons 30. October 2015 15:59
Based on the results of a survey conducted in September 2015[1] with 150 directors of public company boards, it seems that directors are finally starting to understand their critical role in addressing cyber security. Indeed, cyber attacks are becoming more and more frequent, often targeting high-profile companies and their sensitive data and information. As the attacks become more widespread and damaging, the involvement of the corporate board in mitigating cyber risk has become an imperative. Of the 150 corporate board directors surveyed, 22% reported having experienced a cyber breach within the past two years, which has doubled since 2013 (11%). While those numbers are alarming, the good news is that 69% of corporate directors reported their board being more involved with cyber security than it was in the previous 12 months. Additionally, more than 70% of board members report having increased their company’s investments in cyber security within the last 12 months. 28% have purchased cyber insurance. Though the tide seems to be turning, the survey results indicate that there are many corporate boards and directors that haven’t yet taken key steps to mitigate cyber risk and protect their digital assets. Only 34% of directors reported having conducted a formal assessment of their critical digital assets, while 32% have had an assessment, but have no final strategy in place based on those assessments. Furthermore, although third-party vendors are a critical source of cyber attacks, only 35% of directors have developed cyber risk requirements for their third-party vendors. Has your board performed a risk assessment of its critical assets? Do you have a plan in place to mitigate cyber attacks? Don’t be the 21% without a plan in place.   To view the results of the survey, conducted by our Alliance partner BDO, click here. [1] Survey conducted by Market Measurement on behalf of Urish Popeck’s alliance partner BDO.
Categories: Risk Management

30% of CFOs See Transfer Pricing as the Greatest Risk

by Dennis Stuchell 26. July 2012 15:40
Among 60 chief financial officers of companies with more than $1 billion in annual revenues, nearly one-third (30%) said that transfer pricing was their biggest tax-related challenge and risk, according to a new survey by Alvarez & Marsal reported by WSJ.com). Only four CFOs reported spending most of their time—and money—on transfer pricing issues, but the prevalent concern among respondents helped push transfer pricing to Number 2 on the survey of risk, just behind global compliance.   The higher risk profile for transfer pricing has resulted from increased attention by the IRS.  Intellectual property, including trademarks, trade names, patents, copyrights, and internally developed software, is increasingly being shared among multinationals. The IRS, under Sec 482, requires related parties to report transfer pricing at arm’s length. In this environment, a well structured corporate transfer pricing plan is essential to withstand IRS audit scrutiny. 
Categories: Advisory

Governance Update: Liability Risk for Boards Increasing

by Ken Urish 14. September 2011 13:20
In a plus for corporate governance advocates and a rare positive emerging from the current economic climate, the financial crisis appears to have driven home the need for boards to manage risk more effectively. This conclusion is based on the findings of a survey of board members of public companies with revenues ranging to $750M that was released this month by our alliance partner BDO. As the responsibility of boards has grown in recent years due to regulatory requirements, board risk management activities have been focused heavily on compliance. Now, facing increased risks as a result of the financial crisis, it appears that boards are more willing to take a proactive role in risk management. In the survey, when asked what topics they would like to spend more time on, a majority (55%) of board members at public companies cite risk management, more than any other area. Moreover, an even greater percentage (61%) believe their liability risk as a director has increased during the past few years. Interestingly, the study shows that the CEO position is considered by board members to be the most helpful position for assessing and managing risk (44%), with the CFO following at 33%. 
Categories: Assurance

Marcellus Shale and Industry Risk Factors

by Tim Marshall 7. July 2011 10:09
Here in Western and Central Pennsylvania, we are reminded daily of the many and complex issues relating to developing the Marcellus Shale gas reserves. Evolving regulatory and legislative actions include environmental policy issues, disputes over regulatory jurisdiction, neighbor vs. neighbor conflicts, and the pending enactment of extraction taxes/impact fees.  The ever-increasing presence of energy companies such as Exxon emphasizes the high stakes and the fact that decisions that are made now can have a lifetime impact on our region’s development and quality of life. As we advise our clients here in Pennsylvania on Marcellus Shale issues, we are also taking into account conditions in the oil and gas industry at large. Risks in the oil and gas industry have never been more pronounced, and regulatory uncertainty and volatile oil and gas prices are at the top of the list. Spills, natural disasters and geopolitical issues have hit the industry in rapid succession over the past year, setting off a wave of regulatory intervention and soaring oil prices. To supplement our locally-based Marcellus knowledge, Urish Popeck professionals are supported by the national knowledge base of BDO’s Natural Resources practice.  They recently published the 2011 BDO Oil and Gas Risk Factor Report.  In it you will find the risk factors listed in the most recent SEC 10-K filings of the 100 largest publicly traded U. S. E&P companies.
Categories: Advisory