News round-up: May 2020
FRC assesses company responses to climate change
The Financial Reporting Council (FRC) has announced a major review of how companies and auditors assess and report on the impact of climate change.
The review will consider how the quality of information can be improved to support informed decision-making by investors and other stakeholders.
The FRC plans to monitor the ways companies and their advisers fulfil their responsibilities by reviewing a sample of company reports and accounts across industries to assess the quality of their compliance with reporting requirements relating to climate change, as well as the quality of their disclosures. It hopes this will also encourage better practice.
In addition, the FRC will assess a sample of audits to review how auditors are ensuring the impact of climate risk has been appropriately reflected in company reports and accounts, including the key areas of judgment and related disclosures.
In a further review, the FRC will consider how investors are addressing the climate challenge in the stewardship of their investments and in their response to systemic and market risks. This will take place when it monitors the first reports under the new Stewardship Code, which will be issued from the beginning of 2021.
Scientists highlight the top five biggest global risks
A group of 222 scientists from 52 countries has identified the failure of climate change mitigation and adaptation, extreme weather events, major biodiversity loss and ecosystem collapse, food crises and water crises as being the five most severe global risks in terms of their potential impact on both businesses and mankind.
The group identified four of these risks – climate change, extreme weather, biodiversity loss and water crises – as also being the most likely to occur, according to the survey by international sustainability research network Future Earth.
GDPR fines set to rise in 2020
Fines and reported data breaches may have increased in the past year, but law firm DLA Piper believes that the penalties handed out under the European Union’s General Data Protection Regulation (GDPR) are not as harsh as they could have been—although that could change in 2020.
The law firm’s latest GDPR data breach survey found that, at the time of questioning, organisations had made a total of 160,921 personal data breaches notifications to data protection supervisory authorities within the European Economic Area (EEA) since GDPR came into force on 25 May 2018. This equates to an average of 278 each day since the end of January 2019.
The Netherlands, Germany and the UK had the most data breaches notified for the 20 months since GDPR came into effect, with 40,647, 37,636 and 22,181 respectively. These three countries also topped the table for the total number of breach notifications in last year’s report.
Trade tensions loom large on Political Risk Map 2020
Trade tensions are likely to continue to escalate throughout 2020 and will result in persistent global political and economic uncertainty for multinational businesses, according to a report by insurance brokers Marsh.
“The Political Risk Map 2020” echoes findings from the World Economic Forum’s (WEF’s) “Global Risks Report 2020”, which ranked economic confrontations between major powers among the most concerning risks for the year ahead.
According to the report, Hong Kong experienced the second-largest deterioration in its short-term political risk index (STPRI) score globally – after Sudan – following months of protests that have strained its relationship with mainland China. It also predicted that the UK’s negotiations over its future relationship with Europe will continue to dominate the political risk landscape in this region.
The STPRI scores for several Latin American countries – including Colombia, Chile, Ecuador, Haiti, Bolivia, and Argentina – have deteriorated as governments find it increasingly challenging to balance economic reforms and social stability.
Secrets of the cyber “leaders”
Despite higher levels of investment in advanced cyber security technologies over the past three years, fewer than a fifth of organisations are effectively stopping cyber attacks and finding and fixing breaches fast enough to reduce their impact, according to a report by Accenture.
The consultancy’s third “Annual State of Cyber Resilience” study explores the extent to which organisations prioritise security, the effectiveness of security efforts and the impact of new security-related investments. It found that leading organisations focused a larger share of their total budgets on sustaining the IT capabilities they already have, whereas “non-leaders” tended to place significantly more emphasis on piloting and scaling new capabilities, which can produce new risks.
Accenture also found that “leaders” were nearly three times less likely to have had more than 500,000 customer records exposed through cyber attacks in the past 12 months. Conversely, they were more than three times as likely to provide users of security tools with the required training than the non-leaders.
Data security flaws put firms at risk
Alarming insights into the risks threatening data security in enterprises across the globe have been revealed in a report by data security firm Lepide.
The 2020 “State of Data Security Report” found that companies were unable to see where they held sensitive data, or what sensitive data they were creating. Many allowed users to access this data who should not have these privileges.
Many mismanaged stale data and did not protect sensitive data, so failed to comply with standards such as GDPR,
HIPAA, PCI and CCPA. Users with passwords that never expire are creating easy hiding places for hackers.
Coso issues ERM support
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released new enterprise risk management (ERM) guidance. “Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management”, offers tangible steps to implement an effective and tailored ERM programme.
This article was first published in May 2020.
