Lastest news

If you haven’t already done so, it is now time to put the necessary steps in place to ensure your firm is compliant with the European General Data Protection Regulation 2016/679/EU (GDPR), which will apply from 25 May 2018. GDPR seeks to build upon the core rules regarding the processing of personal data, which are contained in the existing Data Protection Directive 95/46/EC, by putting measures in place to expand and strengthen the rights of data subjects while also making businesses more accountable for data privacy compliance. In the accountancy profession, accountants handle highly sensitive and private data. If you are a data controller, you should be mindful of the following: Accountability and governance Data controllers must: Be able to demonstrate their compliance with GDPR; Implement appropriate technical and organisational measures to ensure that data is processed in a manner that ensures appropriate security and confidentiality of the personal data; and Retain records of their processing activities unless they can avail of an exemption. Steps to implement: establish an effective governance and accountability framework to ensure compliance with GDPR; and review policies and procedures in light of GDPR requirements to assess any changes required. Data subjects’ rights GDPR enhances existing rights, and also introduces new rights, for data subjects relating to data portability, restricting processing, and the right to be forgotten. Steps to implement: ensure policies and procedures appropriately cover all data subjects’ rights, both existing and new. Legal basis for processing personal data The processing of personal data should be lawful, fair and transparent. Steps to implement: document the personal data held and analyse the legal basis for processing; and review privacy notices and procedures to assess any changes required. Consent Obtaining consent for the lawful processing of personal data is more onerous under GDPR. A data subject will have the right to withdraw his or her consent at any time. Steps to implement: review how you obtain consent in light of GDPR and make any necessary changes; ensure that any consent given is clear and unambigious; and where processing has multiple purposes, ensure that consent is obtained for all purposes. Data protection officer Certain data controllers and data processors will need to appoint a data protection officer (DPO) who will be responsible for monitoring compliance with GDPR. Steps to implement: determine whether it is necessary to appoint a DPO. Data breach notifications Data controllers must notify the supervisory authority within 72 hours of becoming aware of a data breach unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. In cases of high risk, the data controller must also communicate the breach to the data subject without undue delay. The data processor must notify the data controller without undue delay after becoming aware of a personal data breach. Steps to implement: implement procedures to detect, report and investigate personal data breaches within the specified timeframe. Data protection impact assessment In high risk processing operations, the data controller must, prior to the processing, carry out a data protection impact assessment (DPIA) of the envisaged processing operations to evaluate in particular the origin, nature, particularity and severity of that risk. Steps to implement: determine how and when to implement a DPIA; and consider the outcome of DPIA when determining the appropriate measures to be taken in order to demonstrate compliance with GDPR. Sanctions Organisations may now be subject to administrative fines of up to €20 million or 4% of annual global turnover, whichever is higher. Steps to implement: take these fines into consideration when implementing the governance framework. Data processors Data processors will have direct liability under the GDPR. Steps to implement: if appointing a data processor, ensure that appropriate contracts are in place to ensure compliance with the GDPR. Breeda Cunningham FCA is Director at the Regulatory & Compliance Department at Dillon Eustace.

The Financial Reporting Council (FRC) has confirmed that it will review the governance and culture at audit firms as concerns emerge about the handling of conflicts of interest and the delivery of improvements in audit quality. Acknowledging that audit quality is not yet consistently sufficiently high, the FRC has committed to promoting continuous improvement, taking action where necessary and focusing on areas of higher risk to the public interest. As the UK's Competent Authority for Audit, the FRC recently published an update on developments in audit which notes that, while progress has been made, audit firms need to focus on the pace of improvement in audit quality and consistency. Key findings The key findings in the FRC's report include:   While progress has been made on the implementation of new standards for auditor independence, concerns have been raised that in dealing with perceived conflicts of interest, not all audit firms are demonstrably serving investors’ interests; A faster pace of improvement in, and greater consistency of, audit quality requires strong leadership of - and the right culture in - the audit firms. The FRC proposes to review the effectiveness of governance and the culture of firms adopting its Audit Firm Governance Code, which clarifies and emphasises the public interest role of independent non-executives of those firms; Audit committee chairmen surveyed by the FRC remain overwhelmingly positive as to tendering developments and audit quality; The FRC will increase the transparency of its audit quality reviews on individual audit engagements by publishing periodic lists of those entities whose audits it has reviewed; Insufficient auditor scepticism has been identified areas of significant risk such as the assessment of potential impairments and judgements concerning material accounting treatments; Audit firms can accelerate audit quality improvements through root cause analysis and structured support of the introduction of data analytic tools; and Justifiable confidence in audit is underpinned by sound and effective enforcement. Since July 2016, the FRC has concluded four audit related cases resulting in sanctions of £6,525,000; begun its first investigation under the new Audit Enforcement Procedure into the audit of Sports Direct International; and following high profile public announcements, launched enquiries into the audits of Rolls Royce and British Telecom. According to Melanie McLaren, FRC board member and Executive Director of Audit and Actuarial Regulation, “The FRC is determined to make a success of our competent authority status and, in liaison with the professional bodies for audit, will promote further improvements in audit quality. In doing so we will work with auditors, audit committees and investors to highlight good practice and advocate continuous improvement; keeping pace with, and accelerating changes in, audit and its use of technology in improving effectiveness and quality. In doing so we will continue to challenge and hold the leadership of the audit firms to account.” To read the Developments in Audit document in full, click here.

With internal audit plans currently being finalised, Deloitte has developed a hot topics booklet to highlight some of the key areas that organisations are considering including as part of their strategic plans. Some of the emerging areas include: Governance, which is very much back on the agenda with increasing focus from boards and new regulatory and legislative requirements; Third party management as, with increased use of third party providers, organisations are looking to obtain increased assurances on how these third party providers are being managed; and Combined assurance as organisations attempt to maximise the assurance that is being obtained based on work being carried out. Deloitte's Internal Audit Hot Topics document provides more detail on these areas and a number of other topics which may be included in internal audit plans. It also highlights how internal audit can help organisations address these topics.

For the first time in almost a decade, the economies of all EU member states are expected to grow throughout the entire forecasting period (2016, 2017 and 2018) according to the European Commission’s Winter Forecast. However, the outlook is surrounded by higher-than-usual uncertainty. Real GDP in the euro area has grown for 15 consecutive quarters. Employment is also growing at a robust pace and unemployment continues to fall, although it remains above pre-crisis levels. Private consumption is still the engine of the recovery, and investment growth continues but remains subdued. The Commission expects euro area GDP growth of 1.6% in 2017 and 1.8% in 2018. This is slightly revised up from the Autumn Forecast (2017: 1.5%, 2018: 1.7%) on the back of better-than-expected performance in the second half of 2016 and a rather robust start into 2017. GDP growth in the EU as a whole should follow a similar pattern, it says, and is forecast at 1.8% this year and next (Autumn Forecast: 2017: 1.6%, 2018: 1.8%). Risks surrounding these projections are exceptionally large and although both upside and downside risks have increased, the overall balance remains tilted to the downside. According to Pierre Moscovici, Commissioner for Economic and Financial Affairs, Taxation and Customs, the European economy has proven resilient to the numerous shocks it has experienced over the past year. “Growth is holding up and unemployment and deficits are heading lower. Yet with uncertainty at such high levels, it’s more important than ever that we use all policy tools to support growth. Above all, we must ensure that its benefits are felt in all parts of the euro area and all segments of society.” Exceptional risks The particularly high uncertainty surrounding the forecast is due to the still-to-be-clarified intentions of the new administration of the United States in key policy areas , as well as the numerous elections to be held in Europe this year and the upcoming Article 50 negotiations with the UK. The balance of risks remains on the downside although both upside and downside risks have increased. In the short-term, fiscal stimulus in the United States could have a stronger impact on growth than currently expected. In the medium-term, risks to the growth outlook stem from legacies of the recent crises; the UK’s vote to leave the European Union; potential disruptions to trade; faster monetary tightening in the United States, which could have a negative influence on emerging market economies; and the potential consequences of high and rising debt in China. To read the main report, click here and to read the Ireland report, click here.

Millennials’ loyalty to their employers is on the rise as pessimism about the future increases. Millennials are more anxious now about their futures than they were just a year ago, according to research published by Deloitte. The survey, which canvassed the views of 8,000 millennials in over 30 countries, also found that just one in three millennials now expect economic conditions to improve. Punit Renjen, Deloitte Global CEO, believes that their pessimism is a reflection of how millennials’ personal concerns have shifted. “Four years ago, climate change and resource scarcity were among millennials’ top concerns,” he said. “This year, crime, corruption, war and political tensions are weighing on the minds of young professionals, which impacts both their personal and professional outlooks.” The findings show that those in emerging markets are significantly more positive than they were last year with confidence levels now standing at 57% - the highest level ever recorded by Deloitte. Loyalty The research contains good news for employers. Millennials, who have a reputation for moving on to new opportunities every few years, appear to be more loyal to employers than they were a year ago. Just 38% of those surveyed plan to move within two years, down from 44% last year, and 31% plan to stay with their current employer for five years or more. The number of millennials who might leave their current employer “soon” also dropped from 17% in 2016 to just 7% this year. In a period of great uncertainty, the value of stability appears to be growing with millennials inclined to turn down offers of freelance or consultancy work – particularly if their employer frequently provides opportunities to engage with “good causes”. To read Deloitte's 2017 Millennial Survey in full, click here.

The majority of audit committee members are dissatisfied with their organisation’s focus on cybersecurity and managing the associated risks. Just 35% of Irish audit committee members are satisfied with their company’s focus on cybersecurity according to a new KPMG report. This compares to an even lower global average of 25%. The 2017 Global Audit Committee Pulse Survey also found that more than 40% of those surveyed believe their risk management programmes require “substantial work” with a similar percentage noting that it is increasingly difficult to oversee major risks. Areas for improvement Audit committees are largely satisfied that their agendas are properly focused on maintaining internal controls over financial reporting and key assumptions underlying critical accounting estimates. However, they see room for improvement when it comes to focusing on CFO succession planning, talent and skills in the organisation and aligning the company’s short- and long-term priorities. Nearly four in 10 respondents noted that their audit committee’s effectiveness would be most improved by having a “better understanding of the business and key risks”. Meanwhile, nearly one third said additional expertise related to technology or cybersecurity would be helpful. Main takeaways Although audit committees express confidence in financial reporting and audit quality, challenges remain. They include legal and regulatory compliance, cybersecurity risk, company controls around risk, tone at the top and organisational culture. The report cites six main takeaways for audit committees:   Risk management remains a top concern for audit committees; Internal audit can maximise its value to the organisation by focusing on key areas of risk and the adequacy of the company’s risk management processes generally; Tone at the top, culture and pressure for short-term results are key challenges that may require more attention; CFO succession planning and ‘bench strength’ in the finance organisation are notable weak spots; The implementation of new accounting standards and non-GAAP financial measures may need a more prominent place on audit committee agendas; and Audit committee effectiveness hinges on understanding the business. To download KPMG’s 2017 Global Audit Committee Pulse Survey, click here.