Here are five things that companies should have on their radar for 2014. I see these as hot-button issues that will affect all U.S. companies to varying degrees. I am not suggesting that they are the only things to watch nor are they necessarily the most important things to watch (although some may be). My point is these five issues are “going down” in 2014 whether we’re watching them or not! Here we go:
1. Data Security/Privacy: Although not yet a formal mandate, data security and privacy is a burning issue and one that affects many, if not most, industries. We expect to see a lot of future regulation in this area. By being proactive and recognizing security/privacy as a business issue rather than an IT issue, you may be able to mitigate future risk by getting ahead of the curve. A new year is an excellent time to ensure that processes are in place to safeguard customer privacy and provide cyber security (as further reason why, look no further than Target’s recent and massive customer data breach). Determine who needs what information in order to do their jobs by identifying and agreeing on the organization’s key targets (“crown jewels”), and limit access by others to sensitive information. Ensure cyber awareness is embedded in the tone at the top and cascaded downward in the organization. Remind customers and vendors to keep strict control of account access and passwords. Periodically test the effectiveness of cyber breach response plans. These are some of the steps your organization can take in formulating and executing its security and privacy strategy.
For further insights, read Protiviti’s recent latest IT security report, Knowing How – and Where – Your Confidential Data Is Classified and Managed: A Survey on the Current State of IT Security and Privacy Policies and Practice.
2. Affordable Care Act: Given the confusion and noise surrounding this landmark healthcare reform, organizations need make sure their risk management and internal audit teams are knowledgeable and up-to-date on regulatory mandates, deadlines and impacts. Deadlines too numerous and specific to outline here – and often changing – apply in 2014, so stay informed. One helpful resource is the Small Business Administration’s website containing key information about the Affordable Care Act.
3. New COSO Framework: The Committee of Sponsoring Organizations of the Treadway Commission in 2013 published a long-anticipated update of their 1992 Internal Control – Integrated Framework and announced that the updated framework would supersede the old framework, effective December 15, 2014. Although the SEC does not mandate adoption of a specific framework, the regulatory agency staff has indicated it plans to monitor the transition for issuers using the 1992 Framework to evaluate whether any staff or Commission actions become necessary or appropriate at some point in the future. Anticipating an easy transition, a majority of public companies responding to The Institute of Internal Auditors’ September 2013 North American Pulse of the Profession Survey anticipate transitioning to the new framework before or by that date. One important point: The SEC staff has indicated that the longer issuers continue to use the 1992 framework, the more likely they are to receive questions from the staff about whether the issuer’s use of the 1992 framework satisfies the SEC’s requirement to use a suitable, recognized framework (particularly after December 15, 2014, when COSO will consider the 1992 framework to have been superseded by the 2013 framework). So make sure your company is on track to complete the transition.
For more information on the new COSO framework, read our FAQ guide, The Updated COSO Internal Control Framework: Frequently Asked Questions.
4. Windows XP Phase-out: Microsoft has announced it will stop supporting XP as of April 2014, which means companies that use the 12-year-old operating system are running out of time to avoid potential security breaches, software incompatibility and noncompliance with Payment Card Industry Data Security Standards (PCI DSS). At first, this may appear to be a non-issue, but I was surprised to learn that, according to Net Applications, one in three PC users still runs the XP operating system. Depending upon the replacement operating system you decide to use, certain patches and fixes may be required, and some custom-designed in-house systems may no longer be compatible. IT upgrades take time, so start yesterday!
5. Mandatory eInvoicing: As of fiscal 2013, all federal vendors are required to submit invoices electronically and receive electronic payment. This mandate has been expanded, in 2014, to included federal healthcare reimbursements. Many Latin American countries – including Mexico and Brazil – require that all commerce transpire electronically. It will be increasingly important for your company to know how these mandates affect you, so plan your AP/AR automation accordingly.
Like they say on the street, these issues are going down! What steps have you taken at your company to deal with them? What was your experience? Any advice you’d like to share with your peers?