The latest news headlines on issues and developments affecting the internal audit profession.
Dec. 18, 2020
Federal authorities are expressing increased alarm about the scope of the SolarWinds hack attack into U.S. government and other computing systems, which officials suspect was carried out by Russian hackers, the Associated Press reports. According to Dark Reading, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned of a "grave" risk to government and private networks, and said SolarWinds' Orion platform may not have been the only "initial access vector." Meanwhile, Microsoft Corp. said it had identified more than 40 victims of the hack and was working to notify them, ZDNet reports.
As Congressional negotiations for the latest U.S. federal stimulus package resume on Friday, there is an increasing likelihood that the government will shut down briefly over the weekend if senators object to temporary funding, The Washington Post reports (paywall). People briefed on the talks say the draft of the roughly $900 billion proposal includes $600 in payments for individuals, $300-per-week in supplemental unemployment insurance payments, additional aid for small businesses, and $17 billion to sustain the battered airline industry. The biggest issue in negotiations is currently aid to state and local governments and lawsuit liability protection for businesses, both of which are omitted from the current draft of the bill. To avoid a shutdown should talks continue to be stalled, a stopgap funding measure will be necessary before the end of the session.
With the prospect of many at-home workers returning to offices in 2021, indoor air quality is getting a lot of attention, according to a BBC News article. "Since COVID, the rush for indoor air quality improvements has gone through the roof," Raefer Wallis, an expert on indoor air quality told the BBC. The focus on air quality stems from acknowledgements by the World Health Organization and health experts that COVID-19 can be spread through airborne transmission, with poor ventilation playing a role. The IIA recently published a Knowledge Brief, COVID-19 and Indoor Air Quality Risk (PDF), on the topic from an internal audit perspective. In it, heating, ventilating, and air-conditioning (HVAC) systems expert David MacLean introduces key concepts related to HVAC operations and indoor air quality and analyzes newer abatement technologies.
Articles published in Bloomberg and The New York Times take a closer look at the long-term effects of the pandemic on working parents, who have had to determine how to manage at-home schooling and child care limitations during the COVID-19 pandemic. With millions of women dropping out of the labor market during the pandemic, The New York Times considers how short-term career interruptions compound women's losses (paywall) in wage growth, retirement savings, and Social Security benefits over time. Bloomberg cites studies showing that mothers are more likely than fathers (paywall) to deal with unexpected caregiving shocks and that women left the workforce at a greater rate than men. Research by SPC Global describes how the U.S. could add $1.6 trillion to GDP if women entered and stayed in the workforce at a rate similar to Norway's, which has government-subsidized day care.
Dec. 16, 2020
The European Commission has announced two major pieces of legislation that could dictate how technology companies are regulated in Europe for years to come, CNET reports. The Digital Services Act and the Digital Markets Act would set new rules for all digital services, including social media, online marketplaces, and other online platforms. The proposed regulations are designed to boost competition across the European Union, while also protecting consumers. Large tech companies could face fines of up to 10% of their global revenue — potentially reaching billions of dollars — for breaking the rules.
A Journal of Accountancy article highlights fraud risks that may be heightened during the COVID-19 pandemic. The article also describes oversights commonly identified in the American Institute of Certified Public Accountants (AICPA) Peer Review Program related to fraud-related risk assessments and documentation in organizations that issue financial statements. According to the article, external auditors are primarily concerned with two fraud risks: fraudulent financial reporting and misappropriation of assets. The article reviews the actions and documentation that external auditors should consider to detect and prevent fraud related to financial statements during an engagement that adheres to the AICPA's Generally Accepted Auditing Standards.
The 2020 holiday season combined with COVID-19 concerns is driving an unprecedented focus on cybersecurity among retail companies. According to a recent survey by Tripwire, 78% of retail security workers said their organizations had taken additional security precautions this season. "It's clear that COVID is driving changes in how retail organizations think about the holiday season," said Tim Erlin, vice president of product management and strategy at Tripwire. "They're starting earlier and expecting increased volume, along with increased risk." He notes that "more online shopping means more of the risks that go along with it, including attacks on both consumers and retailers, themselves." Additionally, 75% of respondents said their employers invested in more tools and technology, while almost 70% said employers updated processes and provided additional training. Fifty-one percent of respondents said their organization had increased use of managed services, and 39% had hired additional employees and contractors.
The U.S. Federal Reserve has joined an international coalition of more than 80 central banks focused on climate change risk, Reuters reported. The Network of Central Banks and Supervisors for Greening the Financial System (NGFS) comprises central banks on five continents, with the goal of promoting environment and climate risk management in the financial sector. Besides the Reserve Bank of India, the Federal Reserve was the only major global central bank that had not joined NGFS until now. The move could be a signal that the Federal Reserve is planning to include the impacts of global warming in regulation, Reuters reported.
Dec. 14, 2020
The most recent ZEW Financial Market Survey of more than 600 companies within the German information economy indicates that, despite some positives, many are unhappy with the results of the European Union's General Data Protection Regulation (GDPR), Lexology reports (paywall). Sixty percent of respondents claim that GDPR complicates processes, which leads to increased workloads and thus becomes a cost-pusher. Survey participants criticized: 1) the implementation of extensive changes in information obligations and data subject rights; 2) the implementation of new concepts such as privacy-by-design and privacy-by-default; and 3) the increased workloads for more than two-thirds of the companies. Additionally, more than half of companies stated they have incurred additional costs due to staff training and an increased need for external consulting services. Also, 17% stated that they saw GDPR as a threat to their own business activities, slowing down innovation and making the use of new technologies more difficult. However, among positive effects, 36% of respondents reported to have reviewed and optimized their processes as a result of the GDPR, and 29% have standardized their data processing.
This week's antitrust suits against Facebook by the U.S. Federal Trade Commission (FTC) and dozens of state attorneys general represent a philosophical shift by antitrust regulators on what constitutes a dangerous monopoly, Politico explains. The Facebook suits could pave the way for similar challenges to other dominant companies across industries including technology, pharmaceuticals, and finance, according to the article. The FTC has shown signs of a 180-degree shift in its thinking toward transactions that it had originally deemed too small to warrant its scrutiny. Regulators' objections have centered on the concept that dominant companies are applying "buy or bury" strategies for crushing competition.
A gauge of U.S. consumer sentiment unexpectedly increased in early December to the second-highest level since March, amid prospects for a vaccine to tame the COVID-19 pandemic, MSN reports. The University of Michigan's preliminary sentiment index rose 4.5 points to 81.4, from a final November reading of 76.9. In addition, respondents' outlook for the economy in the next five years climbed by the most since May 2011. The respondents to the survey were optimistic even as the number of coronavirus cases have increased, the number of unemployment claims have jumped, and critical aid programs are set to expire.
U.S. security firm FireEye published more details Sunday on what is now a widely reported supply chain cybersecurity attack involving software provider SolarWinds, multiple U.S. companies, and government networks. FireEye's investigations found that the breach came through malicious code passed through legitimate software updates for SolarWinds' Orion software. The report also stated that the "light malware footprint" and "prioritization of stealth" indicates the meticulous planning and manual interaction of state-sponsored cybercriminals. ZDNet reports that through Orion, the attackers gained access to public and private organizations around the world, including the U.S. Treasury Department and the U.S. Department of Commerce's National Telecommunications and Information Administration. "The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East," FireEye said. "We anticipate there are additional victims in other countries and verticals." The IT infrastructure management software is widely used, including by FireEye.