Category Archives: D&O

Audit Committees – Setting Up An Internal Audit Function – From The IIA, With Comments

Posted on by

I have attached below a link to this discussion by the Institute of Internal Auditors. This is a worthwhile discussion for key areas, although broad and lacking in specifics. I’m not being critical in that comment – this is a detailed and time intensive endeavor. I will say that as an audit committee member I would have more involvement in the process than these points indicate. As an audit committee member I want to be sure that internal audit is very helpful to me in accomplishing my oversight responsibilities. And that approach is in keeping with director and audit committee member responsibilities and the business judgment rule, and is beneficial to everyone including the shareholders, the audit committee, the board, the executive offers, internal audit, the external auditor, and others. Click on the following link for the IIA discussion – CLICK HERE

Dave Tate, CPA (California, inactive), Attorney, San Francisco and California
Tate’s Excellent Audit Committee Guide (updated October 2015)

Click to access tates-excellent-audit-committee-guide-10242015.pdf

SEC official: PCAOB’s standard setting too slow

Posted on by

The PCAOB’s pace of developing auditing standards is too slow, SEC Chief Accountant James Schnurr said. He plans reviews of the process in hopes of speeding it up.

Click on the following link for the article: journalofaccountancy.com

Generally, I agree. The PCAOB should be up-to-date in its overview actions – shareholders deserve the best. Events simply move faster than regulatory entities can adjust.  But also interesting – the SEC criticizing the PCAOB? Looking at itself, is the SEC really in a position to criticize?

Question – if it is determined after-the-fact that an audit firm lacks independence, is the audit by that firm of any value?  In other words, can the audit still be relied upon?  One of the keystones of audit is that the auditing firm is independent of the entity that it is auditing. Perhaps it can still be determined that the issue or area causing the lack of independence did not materially impact the audit and the audit opinion?  But this is problematic.

Dave Tate, Esq. (San Francisco / California)

3 Major Changes Congress Wants to Make to Social Security – On the Scale of Risk Management How Would You Score Congress?

Posted on by

Social Security needs change to survive over the long run, and Congress seems willing to take up the daunting task of a Social Security overhaul. – Sean Williams – Investment planning

Click on the following link for the article: www.fool.com

No surprise here.  Inactive and lack of diligent long-term planning. This issue has been around for 40-50 years.  A serious issue for old, middle age and young alike.

If you are young, why do you want to pay 13-14% (half from you and half from your employer) into this program when there is no reasonable certainty that it will be around for you when you retire, and if it is around there is no reasonable certainty about what the benefits will be.

If you are near or at retirement and you paid into this program for 40-50 years you are probably safe, if you don’t live for another 20 years.

If you are in the middle, not near retirement, and have been forced to pay into this program for 25-35 years, good luck to you.

How would you rate the Social Security program risk management? See my prior blog post about the NIST cybersecurity risk management framework, Click for Post .  I would rate Social Security risk management as Tier 1 – Tier 2.

Dave Tate, Esq. (San Francisco / California)

UK pressures Bank of America unit on risk management – Wall Street Journal

Posted on by

(Reuters) – British regulators are pressuring Bank of America Corp’s European investment-banking arm to improve its risk management practices, saying the current ones are “simplistic” an…

Click on the following for the article: au.news.yahoo.com

You may have been following the efforts to bring European and U.S. accounting standards into conformity, and how difficulty that has been.  I would evaluate the chance of bringing the various different governance and risk management codes into conformity as zero. And as the European regulatory agencies appear to be getting more active and demanding both with the code provisions and enforcement, we might expect European developments in these areas to become more center stage.  Dave Tate, Esq. (San Francisco / California)

Regulator launches consultation on ‘The essential trustee’ – Press releases – GOV.UK

Posted on by

U.K. Guide to trustees’ duties is updated.

I am following up on a post by a LinkedIn group member about a new regulatory initiative by the U.K. Charity Commission on trustee standard of care.  You can click on the following link to access the article: www.gov.uk

The following are my initial comments about the post and the regulatory proposal.

Thank you Jane.  I clicked on the materials.  As they are rather long for a morning before work read, I’ll have to get back to them in detail.  Preliminarily it appears to pretty much follow what in the U.S. would be the business judgment rule.

The very real distinction is whether a regulatory agency will really enforce the requirements. And with charities there are so many different types and missions, and people of tremendously different backgrounds who serve on the boards.

I have served on two nonprofit boards and as an audit committee chair – on one of the boards all members were pretty sophisticated, on the other board perhaps less than half would fit that criteria. But on both boards they all supported the mission, did not have conflicts, and tried to make correct and diligent decisions within their abilities.

Should some of the board members on the second board not be allowed to serve as board members?  Tough call. Depending on the final outcome of the regulations, they could have a chilling or at least limiting effect on who can or wants to serve on a charity board. The U.K. initiative will be very interesting to watch.

Dave Tate, Esq. (San Francisco / California)

Updated 2-Page Board & Director Oversight Guidelines

Posted on by

Updated 2-Page Board & Director Oversight Guidelines, click on the following link, 2-Page Board & Director Oversight Guidelines Dave Tate, Esq 10302014

Dave Tate, Esq.

US looking past Ebola to prepare for next outbreak – all risk management topics

Posted on by

WASHINGTON (AP) — The next Ebola or the next SARS. Maybe even the next HIV. Even before the Ebola epidemic in West Africa is brought under control, public health officials are girding for the next health disaster.

Click on the following link for the discussion: news.yahoo.com

These are all risk management topics.

How would the World and U.S. preparedness on this issue be rated under the NIST guidelines for cybersecurity risk management – you judge or evaluate for yourself – see my blog post at https://directorofficernews.com/2014/08/31/why-the-framework-for-improving-critical-infrastructure-cybersecurity-is-useful-for-other-risk-management-areas/

Dave Tate, Esq. (San Francisco / California)

Compliance Questions That Keep Dogging the [Compliance] Profession

Posted on by

A good discussion from Matt Kelly at Compliance Week – compliance questions that keep dogging the compliance profession.

Click on the following link for the discussion: www.linkedin.com

Dave Tate, Esq. (San Francisco / California)

Want to beat auditors and adversaries? Think like an attacker | Government Health IT

Posted on by

Security is always a top concern, but the stakes are particularly high in the healthcare industry. Click on the below link for an article discussing security “desk” audits by the Department of Health and Human Services Office for Civil Rights (OCR) – the article discusses an audit at Concentra Health Services earlier this year.

Click on the following link for the article: www.govhealthit.com

My thoughts:  The healthcare industry has special cybersecurity needs and requirements – nothing new here about that. But I am surprised when I still see articles suggesting that it is now time to get serious about it. And according to the article, Concentra Health was serious about security measures – but a limitation in laptop encryption was identified by Concentra itself. Takeaway: if they didn’t do so, be sure to address and remedy these situations immediately. The article also doesn’t tell us how much time had passed between the identification and what had been done or was being done. Situations arise and will continue to arise even if diligent efforts and processes have been in place.  Each situation is unique and requires individual investigation and evaluation.

Dave Tate, Esq. (San Francisco / California)

Updated 1-Page Risk and Uncertainty Management Processes and Oversight

Posted on by

Enjoy,

1-Page Risk and Uncertainty Management Processes and Oversight David Tate Esq 10302014

Dave Tate, Esq.