Have you noticed the plethora of risk management and uncertainty commentators? By far the great majority of the comments and guidelines essentially are outlines to help you organize and focus your risk management processes.

For example, the new February 12, 2014, National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity by itself doesn’t identify, suggest or implement any particular action for your computer system or equipment that will prevent hacking. And isn’t that along with monitoring hacking and hacks and timely responding and resolving them what you are really interested in for safety?

But in addition to providing outlines for risk management processes the comments and guidelines create potential or actual rather vague, unspecific standards of care to be followed with the potential for criticism or liability if you don’t. The result is useful not only for risk management but also for people who want to criticize and for plaintiff attorneys including for punitive damage claims. See my prior post Rise of the Processes, http://tatetalk.com/2014/05/03/rise-of-the-processes.

What should you do? Learn and keep on top of the risk and uncertainty management processes that apply to your activities, business and industry, and apply them. That’s really the only solution. Ignore risk and uncertainty management at your own risk.

Is it safe yet?  Dave Tate, Esq. (San Francisco / California)

Have you taken a look at the new FASB / IASB revenue recognition accounting pronouncement entitled Revenue from Contracts with Customers, Topic 606 which was just released?

Accountants and audit committee members will be going back to school as the pronouncement essentially re-writes the revenue recognition rules effective for US public companies for annual reporting periods beginning after December 15, 2016, and for other entities shortly thereafter.

The new revenue reporting standards apply for both US and international entities thus providing for comparability in that regard. The new standards return the US to more principles based accounting, similar in a sense to the more principles based accounting that existed when I first became a CPA. Of course US accounting standards thereafter became more and more specific as the principles based standards were deemed too flexible or vague.

The new pronouncement applies to all contracts with customers except for the list of specific revenue recognition pronouncements which will continue to remain and are listed at pages 17 and 18 of the pronouncement such as for certain lease contracts, financial instruments, investments, receivables and a few other areas.

This new revenue recognition pronouncement really is a sea change. Certainly not everything relating to revenue recognition is changing, but definitely there are enough changes to require accounting professionals and audit committee members to go back to school.

I don’t believe returning to a more principles approach is better, but perhaps it also isn’t worse. It’s definitely a major change. As the new approach does away with some of the existing specifics, and is based more on judgment it is arguable that in some instances it can hurt comparability and consistence between entities and industries.

We should also note that the new pronouncement is expected to require much greater and specific disclosures than currently exist.

I believe that the powers that be primarily enacted the new pronouncement because it moves the US and international standards into conformity, which is a good thing. But as a result, during the next 5 or more years there will be a lot of questions with how to implement, and I expect as in the past more detailed and specific guidance and pronouncements will again be enacted.

Audit committee members and accountants need to make sure that they are up to speed.

There will be a lot more to follow in this topic. Thanks for listening.

Dave Tate, Esq. (San Francisco / California) litigation attorney, and also board member and inactive CPA with experience in audit committees, risk management, governance and compliance.