FASB and IASB’s Joint Transition Resource Group for Revenue Recognition (TRG) met and discussed four issues related to the new revenue recognition standard.

Source: www.kpmg-institutes.com

Further indications that questions and issues will be abundant with the new revenue recognition standards.  Will answers or more specific rules be provided? Perhaps not, because to do so would move away from the “principle” approach.

See on Scoop.it – Tate – Law, Liability, Risk Management, Governance, D&O and Business

Companies are increasing their engagement with shareholders and the investor community to better understand the company’s vulnerabilities and opportunities through an investor lens.

Source: www.kpmg-institutes.com

An interesting read.

See on Scoop.it – Tate – Law, Liability, Risk Management, Governance, D&O and Business

International organized crime groups, lured by the prospect of thefts that can net hundreds of millions of dollars, increasingly are turning to cybercrime, said the new head of the Justice Department’s criminal division.
Leslie Caldwell, who took over the position in June, said she plans to mak

Source: www.programbusiness.com

See on Scoop.it – Tate – Law, Liability, Risk Management, Governance, D&O and Business

Journal of Accountancy article, revenue transition group debates difficult implementation issues, click here. Not surprising, right? There will be a learning curve. And these are big changes coming, with more emphasis on principles and less on details.  So naturally, accountants are looking for the details.  See also my post, new revenue recognition and audit committee members going back to school, click here.

Dave Tate, Esq., and CPA (inactive)

Have you noticed the plethora of risk management and uncertainty commentators? By far the great majority of the comments and guidelines essentially are outlines to help you organize and focus your risk management processes.

For example, the new February 12, 2014, National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity by itself doesn’t identify, suggest or implement any particular action for your computer system or equipment that will prevent hacking. And isn’t that along with monitoring hacking and hacks and timely responding and resolving them what you are really interested in for safety?

But in addition to providing outlines for risk management processes the comments and guidelines create potential or actual rather vague, unspecific standards of care to be followed with the potential for criticism or liability if you don’t. The result is useful not only for risk management but also for people who want to criticize and for plaintiff attorneys including for punitive damage claims. See my prior post Rise of the Processes, http://tatetalk.com/2014/05/03/rise-of-the-processes.

What should you do? Learn and keep on top of the risk and uncertainty management processes that apply to your activities, business and industry, and apply them. That’s really the only solution. Ignore risk and uncertainty management at your own risk.

Is it safe yet?  Dave Tate, Esq. (San Francisco / California)

Have you taken a look at the new FASB / IASB revenue recognition accounting pronouncement entitled Revenue from Contracts with Customers, Topic 606 which was just released?

Accountants and audit committee members will be going back to school as the pronouncement essentially re-writes the revenue recognition rules effective for US public companies for annual reporting periods beginning after December 15, 2016, and for other entities shortly thereafter.

The new revenue reporting standards apply for both US and international entities thus providing for comparability in that regard. The new standards return the US to more principles based accounting, similar in a sense to the more principles based accounting that existed when I first became a CPA. Of course US accounting standards thereafter became more and more specific as the principles based standards were deemed too flexible or vague.

The new pronouncement applies to all contracts with customers except for the list of specific revenue recognition pronouncements which will continue to remain and are listed at pages 17 and 18 of the pronouncement such as for certain lease contracts, financial instruments, investments, receivables and a few other areas.

This new revenue recognition pronouncement really is a sea change. Certainly not everything relating to revenue recognition is changing, but definitely there are enough changes to require accounting professionals and audit committee members to go back to school.

I don’t believe returning to a more principles approach is better, but perhaps it also isn’t worse. It’s definitely a major change. As the new approach does away with some of the existing specifics, and is based more on judgment it is arguable that in some instances it can hurt comparability and consistence between entities and industries.

We should also note that the new pronouncement is expected to require much greater and specific disclosures than currently exist.

I believe that the powers that be primarily enacted the new pronouncement because it moves the US and international standards into conformity, which is a good thing. But as a result, during the next 5 or more years there will be a lot of questions with how to implement, and I expect as in the past more detailed and specific guidance and pronouncements will again be enacted.

Audit committee members and accountants need to make sure that they are up to speed.

There will be a lot more to follow in this topic. Thanks for listening.

Dave Tate, Esq. (San Francisco / California) litigation attorney, and also board member and inactive CPA with experience in audit committees, risk management, governance and compliance.

Click on the following and share with others, 1-Page Risk & Uncertainty Management – Processes & Oversight – Dave Tate Esq 07052014. See also the additional materials in the “About” section at the top of the blog.

Dave Tate, Esq. (San Francisco/California)

Does the NIST Framework for Improving Critical Infrastructure Cybersecurity create a standard for executive officers and boards of directors of private companies? Good question, right?

Short answer, it is at least developing into a standard in cybersecurity, although the Framework itself time and again says that it is voluntary. If the Framework isn’t currently a standard, although it might be, it will become one of the applicable standards, but not necessarily the only standard.

For executive officers and directors, whether you like or agree with the Framework, if you aren’t already in the process, you need to get comfortable with the Framework and include it in addition to your other processes in cybersecurity risk management. I expect that as cyber hacking problems and catastrophic events continue to occur, and they will occur, executives and board members including board members who are responsible for risk oversight will start to be asked about whether their organization uses the Framework, their organization’s stage of implementation and sophistication in cyber risk management, and other questions based on the Framework provisions.

See also, for example, the new NACD Cyber-Risk Oversight, Director’s Handbook Series, 2014 Edition, in conjunction with the Internet Security Alliance (ISA) and AIG, referring to the NIST Framework including at Principle 4, Directors should set the expectation that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget, referencing the NIST Framework.

The NIST Framework core processes are: identify, protect, detect, respond and recover. But the details of those processes don’t tell anyone what specifically to do to prevent or protect a business or entity from a cyber hack or breach now or in the future. Thus, the possible standard is a process. What if the process is followed in good faith, but a breach still occurs including a catastrophic breach? In that circumstance is there a breach of duty by an officer, director or the business or entity? In that circumstance is there liability, assuming the required post-breach procedures are followed? I would argue no, there cannot be and is no breach of duty or liability. It is impossible to stop all hacks and breaches. If you have doubt, do an internet search for cyber hacks in 2014 to see the huge numbers of attacks, origins and targets.

The following is a link to the NIST Framework in pdf form, nist cybersecurity-framework-021214-final

Dave Tate, Esq.

I have updated my risk and uncertainty management process and oversight paper. Click on the following to view.

Risk & Uncertainty Management – Processes & Oversight Dave Tate Esq 07052014

Dave Tate, Esq.

This is a re-post of a 2013 post to a Reuters article about new oil rig safety regulations. Many of the regulations are relevant to other businesses and industries where catastrophic incidents can occur. In part, for example, the regulations require risk management processes, involvement of the entire enterprise, that there be specifically identified people who are responsible and accountable for the risk management, and risk management on a 24/7 basis with employee authority to shutdown operations in certain circumstances. Below I have posted the link to the Reuters article, and also a link to part of the applicable CFR (posted on http://www.law.cornell) if you want to look at the actual regulations.

U.S. launches new stop work rules for safety on oil rigs | Reuters.

http://www.law.cornell.edu/cfr/text/30/250.1902

Dave Tate, Esq. (San Francisco)
Linkedin connection, http://www.linkedin.com/in/davetateesq