Technology plays a role in board members’ top two concerns


In a business environment where a damaging Twitter post can have disastrous effects on a company’s financials, reputational risk remains the top nonfinancial concern for corporate directors, according to a new survey report.

Another risk rooted in technology—cybersecurity and information technology risk—is rising quickly among directors’ concerns, according to the fifth annual Board of Directors Survey report by accounting, tax, and consulting firm EisnerAmper.

Directors from more than 250 boards participating in the survey were asked which areas of risk—aside from financial risk—were most important to their board. Respondents—who participate on boards of publicly traded, private, and private-equity-owned companies as well as not-for-profits in the United States—were allowed to list multiple areas of risk concern.

Almost three-fourths of all respondents (72%) listed reputational risk among those areas, nearly identical to the 73% who listed reputational risk in 2013. Meanwhile, cybersecurity and IT risk rose nine percentage points from 2013 to 62%, overtaking regulatory compliance risk, which fell six percentage points to 50%.

Private company directors chose cybersecurity and IT risk as their No. 1 concern.

Steven Kreit, a partner in EisnerAmper’s public companies practice, said in a news release that regulatory concerns seem to have dropped following the rollout of legislation in the United States such as the Dodd-Frank Wall Street Reform and Consumer Protection Act, P.L. 111-203, and the Patient Protection and Affordable Care Act, P.L. 111-148.

“When we take into account additional feedback from the participants, it paints a picture of boards coming to terms with both Dodd-Frank and health care reform,” Kreit said.

The survey was completed before two separate and opposing appeals court decisions Tuesday fanned the flames of the political debate over U.S. health care reform legislation.

Meanwhile, rising cybersecurity and IT concerns create an imperative for senior management to get up to speed on risks related to the security of technology. While 74% of directors said their CEOs have a strong understanding of regulatory compliance challenges, barely half (51%) said their CEOs possess a strong understanding of cybersecurity topics.

CFOs also were perceived by board members as more often having a strong understanding of regulatory compliance changes (79%) than cybersecurity (58%).

“Given the results of the survey, we have a concern that boards need to have deeper intelligence about issues that might create reputational harm in their companies and must be better prepared to move quickly in the event of a problem,” EisnerAmper CEO Charles Weinstein, CPA, said in the report. “Boards recognize the potential harm, but they have yet to plan accordingly.”

Accounting standards remain a significant area of regulatory compliance concern for board members. As companies begin to digest the new, converged accounting standard on revenue recognition, which was released in May, 59% of directors said they are concerned or very concerned about accounting standards as an area of regulatory compliance risk.

Tax ranked second (57%) in areas of regulatory compliance concern. None of the other areas—health care reform, Dodd-Frank, energy legislation, and environmental—exceeded 42%.

Ken Tysiac ( ) is a JofA editorial director.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.