Horizons Spring/Summer 2021

Audit committee considerations for auditor responsibilities Lastly, external auditors have responsibilities, too. Auditors should get a sense for the level of oversight from a board and review meeting minutes, noting risk assessments reviewed, strategic plans assessed, and scenario planning performed. As external auditors, there will be focus on general disclosures about the pandemic and its overall impact on a reporting entity, along with other topics, such as asset impairments, going concern, use of estimates, lease concessions, restructurings, Paycheck Protection Program loans and Economic Injury Disaster Loans, income taxes, and subsequent events. Key Leadership Role Board leadership is critical and must continue to evolve in response to the pandemic. Technology and security are foundational areas to monitor for company success. Protecting your organizational information is now more important and as complicated as ever..

What: ∙ Rolling employee and contractor unavailability.

∙ Rolling supply chain unavailability.

∙ Sudden facility unavailability.

∙ Client or supply chain entity bankruptcy or other viability issues. ∙ Technology and technology-dependent commitments made via contracts or other agreements. Then, companies should be prepared to answer questions related to the items noted. In conjunction with the overall strategy and scenario planning, technology is an enabler for success. Technology leaders such as the chief information officer and chief information security officer should communicate cyber risk to the board. This is more of an art than a science. Technology leaders should not fall into the trap of presenting technical details about vulnerabilities. Rather, they should prepare to discuss issues in terms of “business risks” and the options the company has to manage the risks so that executives and the board can make decisions. For example: “To maintain our competitiveness and business viability, we must be able collaborate on client matters anytime and anywhere,” and to do so, we have three options: ∙ Option B: Implement a cloud solution to address the risks related to security, compliance, information retention, etc. ∙ Option C: Implement a cloud solution to help support our legal, regulatory, and risk management obligations; or implement security enhancements such as multifactor authentication, encryption for client communication, and backup resources to support quicker recovery. ∙ Option A: Do nothing.

CYBER SECURITY ADVISORY SERVICES

RubinBrown's Cyber Security Advisory Services team monitors emerging threats and trends, develops tools and methodologies to address them, and delivers specialized services to organizations seeking independent third party security services.

Rob Rudloff, CISSP-ISSMP Partner Cyber Security Services 303.952.1220 rob.rudloff@rubinbrown.com Audrey Katcher, CPA, CISA Partner Cyber Security Services 314.290.3420 audrey.katcher@rubinbrown.com

Spring/Summer 2021

9