EFRAG and Sustainability

Yet another development in the ongoing saga of change in the field of ESG Reporting is the  public consultation paper on ‘Due Process Procedures for EU Sustainability Reporting Standard-S​etting,’released by the European Financial Reporting Advisory Group (EFRAG). The group is seeking input by 15 September 2021.

As the paper states, “a robust yet agile and adaptable due process is necessary to meet urgent standard-setting needs within a rapidly moving landscape.” The proposals cover principles, oversight and agenda setting, as well as substantial detail on the process of standards setting itself. They affirm that it will be digital from the outset, noting that companies will need to tag reported data according to a “digital categorisation system” to be developed together with the sustainability reporting standards. Likely, this will be based on XBRL. Promisingly, it specifies that the digital implications are to be considered when developing and drafting new or amended standards.

The adoption of shared European sustainability reporting standards is part of the EU’s proposed Corporate Sustainability Reporting Directive (CSRD), and as such EFRAG has been invited to start interim work on drafting these standards, even prior to the relevant legislation being finalised. See also www.xbrl.org for further details.

Ransomware A Continuing Problem

Ransomware is continuing to plague many organization, particularly those with large holdings of sensitive data, like educational institutions and government departments.

A Ransomware attacker gains entry into a victim’s system, encrypts their files thus making them inaccessible and then demands a ransom payment from the victim before providing the encryption key to enable the victim to gain access to their own files. The costs can range from a few hundred dollars to many thousands or even millions, often payable in Bitcoin. 

Paying the ransom is usually not a good idea because it does not address the original weakness that made the intrusion possible. Ransomware insurance is worth considering, but also cannot replace proper security policy and procedure.

As one source puts it, “Organizations must patch aggressively, establish complete backups, prepare a comprehensive response plan, and focus on educational training for every employee to make sure they are prepared to manage attacks and continue with little disruption.” Follow this link for further information.

Proper controls must be adopted proactively and with a great deal of diligence. They cost money and time to develop and maintain. But in the end, this cost may well be a lot less than the alternatives of responding to a successful attack.

The Gartner report “Detect, Protect, Recover: How Modern Backup Applications Can Protect You From Ransomware” can be downloaded from their site.

  

Coping with Growing Security Risks

As with many areas, the pandemic has accelerated the trend towards mobile workforces and the concomitant shift to cloud-based apps away from intranet based functionality. This shift raises a host of new security exposures, ranging from those inherent in the cloud to the security shortcomings sometimes extant in externally sourced apps.

Many organizations recognize this conundrum and are trying to address it. In a recent survey of 535 security leaders, forty-nine percent of the security leaders' pointed to their jobs being tougher than two years ago. The biggest challenges include “a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).”

Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost.”

Determining where the new money for security will go is likely to reflect this new reality. It’s a big challenge.

For additional information, check out this link.

CPA Founding Partner

Chartered Professional Accountants of Canada (CPA Canada), one of the largest national accounting organizations in the world, has chosen to become a founding partner of ThinkTwenty20.