This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

SEC issues report on implementing internal accounting controls for cyber threats

  • SEC (US Securities and Exchange Commission) Image

Oct 16, 2018

The SEC has issued “Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirement.”

The report focuses on issuers’ compliance with the requirements of Sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934, under which certain issuers must “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed with, or that access to company assets is permitted only with, management’s general or specific authorization.” Specifically, the report investigates nine issuers who fell victim to cyber scams, such as e-mails from fake executives or fake vendors.

The report provides the following key considerations related to implementing internal accounting controls for cyber threats:

  • “Internal accounting controls may need to be reassessed in light of emerging risks, including risks arising from cyber-related frauds.”
  • “Public issuers subject to the requirements of Section 13(b)(2)(B) must calibrate their internal accounting controls to the current risk environment and assess and adjust policies and procedures accordingly.”
  • “Given the prevalence and continued expansion of these attacks, issuers should be mindful of the risks that cyber-related frauds pose and consider, as appropriate, whether their internal accounting control systems are sufficient to provide reasonable assurances in safeguarding their assets from these risks.”

For more information, see the press release and report on the SEC’s Web site.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.