SEC official: PCAOB’s standard setting too slow

The PCAOB’s pace of developing auditing standards is too slow, SEC Chief Accountant James Schnurr said. He plans reviews of the process in hopes of speeding it up.

Click on the following link for the article:

Generally, I agree. The PCAOB should be up-to-date in its overview actions – shareholders deserve the best. Events simply move faster than regulatory entities can adjust.  But also interesting – the SEC criticizing the PCAOB? Looking at itself, is the SEC really in a position to criticize?

Question – if it is determined after-the-fact that an audit firm lacks independence, is the audit by that firm of any value?  In other words, can the audit still be relied upon?  One of the keystones of audit is that the auditing firm is independent of the entity that it is auditing. Perhaps it can still be determined that the issue or area causing the lack of independence did not materially impact the audit and the audit opinion?  But this is problematic.

Dave Tate, Esq. (San Francisco / California)


3 Major Changes Congress Wants to Make to Social Security – On the Scale of Risk Management How Would You Score Congress?

Social Security needs change to survive over the long run, and Congress seems willing to take up the daunting task of a Social Security overhaul. – Sean Williams – Investment planning

Click on the following link for the article:

No surprise here.  Inactive and lack of diligent long-term planning. This issue has been around for 40-50 years.  A serious issue for old, middle age and young alike.

If you are young, why do you want to pay 13-14% (half from you and half from your employer) into this program when there is no reasonable certainty that it will be around for you when you retire, and if it is around there is no reasonable certainty about what the benefits will be.

If you are near or at retirement and you paid into this program for 40-50 years you are probably safe, if you don’t live for another 20 years.

If you are in the middle, not near retirement, and have been forced to pay into this program for 25-35 years, good luck to you.

How would you rate the Social Security program risk management? See my prior blog post about the NIST cybersecurity risk management framework, Click for Post .  I would rate Social Security risk management as Tier 1 – Tier 2.

Dave Tate, Esq. (San Francisco / California)

UK pressures Bank of America unit on risk management – Wall Street Journal

(Reuters) – British regulators are pressuring Bank of America Corp’s European investment-banking arm to improve its risk management practices, saying the current ones are “simplistic” an…

Click on the following for the article:

You may have been following the efforts to bring European and U.S. accounting standards into conformity, and how difficulty that has been.  I would evaluate the chance of bringing the various different governance and risk management codes into conformity as zero. And as the European regulatory agencies appear to be getting more active and demanding both with the code provisions and enforcement, we might expect European developments in these areas to become more center stage.  Dave Tate, Esq. (San Francisco / California)

Regulator launches consultation on ‘The essential trustee’ – Press releases – GOV.UK

U.K. Guide to trustees’ duties is updated.

I am following up on a post by a LinkedIn group member about a new regulatory initiative by the U.K. Charity Commission on trustee standard of care.  You can click on the following link to access the article:

The following are my initial comments about the post and the regulatory proposal.

Thank you Jane.  I clicked on the materials.  As they are rather long for a morning before work read, I’ll have to get back to them in detail.  Preliminarily it appears to pretty much follow what in the U.S. would be the business judgment rule.

The very real distinction is whether a regulatory agency will really enforce the requirements. And with charities there are so many different types and missions, and people of tremendously different backgrounds who serve on the boards.

I have served on two nonprofit boards and as an audit committee chair – on one of the boards all members were pretty sophisticated, on the other board perhaps less than half would fit that criteria. But on both boards they all supported the mission, did not have conflicts, and tried to make correct and diligent decisions within their abilities.

Should some of the board members on the second board not be allowed to serve as board members?  Tough call. Depending on the final outcome of the regulations, they could have a chilling or at least limiting effect on who can or wants to serve on a charity board. The U.K. initiative will be very interesting to watch.

Dave Tate, Esq. (San Francisco / California)

Updated 2-Page Board & Director Oversight Guidelines

Updated 2-Page Board & Director Oversight Guidelines, click on the following link, 2-Page Board & Director Oversight Guidelines Dave Tate, Esq 10302014

Dave Tate, Esq.

US looking past Ebola to prepare for next outbreak – all risk management topics

WASHINGTON (AP) — The next Ebola or the next SARS. Maybe even the next HIV. Even before the Ebola epidemic in West Africa is brought under control, public health officials are girding for the next health disaster.

Click on the following link for the discussion:

These are all risk management topics.

How would the World and U.S. preparedness on this issue be rated under the NIST guidelines for cybersecurity risk management – you judge or evaluate for yourself – see my blog post at

Dave Tate, Esq. (San Francisco / California)

Compliance Questions That Keep Dogging the [Compliance] Profession

A good discussion from Matt Kelly at Compliance Week – compliance questions that keep dogging the compliance profession.

Click on the following link for the discussion:

Dave Tate, Esq. (San Francisco / California)

Want to beat auditors and adversaries? Think like an attacker | Government Health IT

Security is always a top concern, but the stakes are particularly high in the healthcare industry. Click on the below link for an article discussing security “desk” audits by the Department of Health and Human Services Office for Civil Rights (OCR) – the article discusses an audit at Concentra Health Services earlier this year.

Click on the following link for the article:

My thoughts:  The healthcare industry has special cybersecurity needs and requirements – nothing new here about that. But I am surprised when I still see articles suggesting that it is now time to get serious about it. And according to the article, Concentra Health was serious about security measures – but a limitation in laptop encryption was identified by Concentra itself. Takeaway: if they didn’t do so, be sure to address and remedy these situations immediately. The article also doesn’t tell us how much time had passed between the identification and what had been done or was being done. Situations arise and will continue to arise even if diligent efforts and processes have been in place.  Each situation is unique and requires individual investigation and evaluation.

Dave Tate, Esq. (San Francisco / California)

Updated 1-Page Risk and Uncertainty Management Processes and Oversight


1-Page Risk and Uncertainty Management Processes and Oversight David Tate Esq 10302014

Dave Tate, Esq.

10Minutes on why the COSO Update deserves your attention

COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today’s environment.

Click on the following for PWC’s discussion:

From PWC – short and sweet – COSO 2013 does deserve your attention.  See also my prior September 13, 2014, post re COSO 2013 CLICK HERE. If you are required to follow COSO for your internal controls, or if you are required to follow at least some standards or processes for your internal controls, expect to be asked why not and what standards or processes you are following. Dave Tate, Esq.