International Accounting Standards
| by Paul Gosling 01 Oct 2003 Topic: News |
|
Virus attacks could lead to greater corporate regulation The Securities and Exchange Commission in the United States could be required to monitor listed companies� exposure to software contamination as part of their regulatory function, under proposals reportedly being considered by the White House. The President�s office is very concerned at the exposure of major corporations and of the integrity of e-commerce in the wake of the most severe dislocation of e-mails and websites by a spate of computer worms and viruses. The Sobig and MSBlast worms have caused literally billions of pounds in damage worldwide, marking the most severe disruption of the Internet in its history. Many corporate e-mail systems were knocked out, and an Irish hospital had to close for several days, as the worms ate into IT systems around the globe. At one point, 73% of all e-mails sent around the world were generated by the Sobig worm, according to anti-virus specialists Central Command. An earlier virus attack has been revealed as having closed down the safety systems for several hours at the Ohio nuclear power plant, fortunately at a time when the plant was not operational. Microsoft said that its Great Plains accounting software has not been affected, disputing reports that it could contain a security flaw allowing records to be corrupted. Sobig has now been assessed by security analysts mi2g as the most damaging virus ever, at a cost of $31bn by early last month - twice as bad as the previous worst virus, Klez. It is thought that, although the MSBlast and derivative viruses caused a smaller amount of damage in terms of economic cost, their impact on small firms was probably disproportionately severe. Most distributed �malware� - malicious software - has targeted users of Microsoft operating systems. The latest Windows XP and Windows Server 2003 seem particularly vulnerable to attack, with Microsoft having to repeatedly issue �patches� to correct software security holes. This has encouraged more corporations to consider transferring to Linux operating systems, but figures published by mi2g reveal that hackers have been more than twice as successful in penetrating Linux operating systems than Microsoft�s. Dealing with one threat opens a corporation to a bigger risk of another, it seems. Symantec, which produces the Norton anti-virus software, now offers overnight security monitoring services to protect corporations from hacker intrusions during non-trading hours. It is predicted that the success of the latest batch of malware will encourage many more copy-cat virus writers, while some rogue programmers are likely to develop their own sophisticated versions of these and earlier viruses. Policing the distribution of software viruses is extremely difficult, in part because of the spread of jurisdictions - an 18-year-old was arrested in the US for allegedly producing a version of the MSBlast worm, while a 24-year-old in Romania has been arrested in connection with investigations of the release of another variant. Both face long jail sentences if convicted. The MSBlast worm contained a hidden message, which was passed on via infected PCs to the Microsoft website - telling Bill Gates to improve his company�s software security systems. But one theory is that the main cause of the virus proliferation is not teenage boys having a go at society. Rather it is dishonest small businesses which send �spam� e-mails. These unwanted e-mails - offering such things as viagra, pornography and cheap mortgages - are dramatically increasing in frequency. They are named after a Monty Python television comedy sketch, in which customers are offered �spam, spam, spam and spam� for breakfast. �Judging by the massive growth in spam being sent over the past five years, this is clearly a lucrative business,� says DK Matai, executive chairman of mi2g. �With valid and up-to-date e-mail addresses becoming a valuable commodity, virus writers are likely to be prolific in seeking to obtain large numbers of e-mail addresses and contact information through their malware, just as hackers are already leveraging their skills in stealing credit card numbers and personal profiles.� So-called �Trojan� viruses control target PCs, turning them into �zombie� machines. Infected computers may then be instructed to send e-mails to programmers� clients. In this way businesses may obtain massive numbers of e-mail addresses, which they know are functioning - unlike most sold lists of e-mail contacts. mi2g also warns that companies can expect to be increasingly targeted by malicious individuals and possibly as part of a campaign of civil disruption by terrorists. There have already been several instances of political activists releasing virus attacks against chosen targets. Virus writers are also capable of taking charge of another person�s PC in order to purchase child pornography on-line, says the firm. There are even predictions that malware will evolve into �super-viruses�, which contain the most harmful ingredients of both worms (which infect target machines) and viruses - through which a single machine is infected. One of the most disturbing implications is that it could take a long period of time before a PC user becomes aware that their machine has been infected, or partially controlled by a Trojan virus. Several lessons need to be learnt from the latest outbreak of viruses and worms. Even some of the largest corporations have been victims, despite spending enormous sums on anti-viral software and firewalls. Indeed, some analysts have argued that because MSBlast was activated on computers while they were operating on the Internet - mostly always through broadband connections - no anti-virus software could be relied on to protect client machines. Many security analysts are now calling on ISPs to improve their own security measures to prevent damaging malware to be distributed. But some of those ISPs trying to introduce enhanced security to their e-mail distribution systems are inadvertently blocking legitimate attachments, such as PDF documents. Technology researchers, Ovum, warned corporations not to believe that anti-virus software constituted a comprehensive security strategy. �This crisis has encouraged IT administrators to believe, wrongly, that security equals anti-virus protection and it has sucked money from longer term development into fire-fighting,� says Graham Titterington, Ovum�s senior analyst. �So little is new, and yet we are so surprised by what has happened. Recent events should have seen managers dusting down their operational risk assessments and updating them. Until companies plan for the overall protection of their systems, similar attacks will happen over and over.� Security systems now represent one of the largest software sectors, with major growth expected in corporations� expenditure. Analysts Datamonitor predict that spend on IT security systems will rise from $7.1bn last year to $13.5bn by 2006. Intrusion protection, vulnerability assessment solutions and security management tools are all expected by Datamonitor to be areas of growth. Public sector needs own accounting rules, says ACCA Public sector and not-for-profit entities have wholly different objectives from private companies and so need a distinctive set of accounting principles, says ACCA. It was responding to the publication by the UK Accounting Standards Board of its discussion paper, Principles for Financial Reporting - Proposed Interpretation for Public Sector Entities, which aims to establish a common set of principles to be used by the for-profit and not-for-profit sectors. The ASB refers to �public benefit entities�, providing public services but which may be in either for private or public sectors. Its discussion paper says: �The fundamental characteristic that pervades public benefit entities (regardless of whether they are in the public or private sector) derives from their primary objective, which is to provide goods or services for the general public or social benefit rather than with a view to a financial return to equity shareholders.� But it adds that �the Board believes that a common set of principles should underlie financial reporting by all entities�. This view is challenged by ACCA, which has warned the ASB not to assume that its existing private sector principles can merely be expanded and re-expressed to suit public benefit entities. Roger Adams, ACCA�s executive director - technical affairs, said: �We believe that, rather than to try to tweak their existing Statement of Principles, the ASB should develop a specific set of principles for financial reporting in the public sector. The differences between the private and public sectors are such that it is unlikely that a suitable set of common principles could be developed. �Potential users of public sector financial statements clearly embrace a much wider audience than any private company. There are many stakeholders - media, employees, users of public services and taxpayers. If a defining �user� must be identified, we will say that it is the electorate - but the ASB argues that such a user is the �funder and financial supporter� of those statements, in other words, taxpayers. �But the ASB can only reach that conclusion because of its assumption that current private sector principles provide the essential information which users of public sector financial statements seek. In fact, we believe that they need a range of other information which is rarely provided by the private sector. This includes statements such as budget out-turn reports, which give an audited comparison of the actual use of resources with that agreed in the budget. This reflects the fact that public sector bodies have an important stewardship function. �The equation is fundamentally different - in place of the financial accountability of company management to shareholders, we have the political accountability of government to the electorate and its representatives. They hold government to account for the way in which financial resources are allocated.� Ron Hodges, reader in public sector accounting at Nottingham University Business School, backed ACCA�s view. �There is a general issue of taking what has been developed as private sector accounting policy with an emphasis on profit and the bottom line performance and transferring it into the public sector and saying this will do,� said Hodges. The purpose of private and public sector accounts were fundamentally different, he added, with the one making an organisation accountable to its shareholders and the other to its electorate. The ASB�s proposals may, though, be appropriate for a not-for-profit body with a clearly defined membership, such as a charity, he suggested. Hodges added that this was not a matter of academic differences of opinion, but that the variation in accounting practice drove managerial behaviour and influenced a variety of outcomes. One recently published paper, Hodges pointed out, reported that, in accounting terms, Australia�s most profitable organisation is its Government�s Department of Defence, because all revenue support was shown in the same way as trading income. Nor does the intellectual argument that the use of accruals accounting in the public sector achieves equivalence with the private sector necessarily hold true, said Hodges. The inflated capital charge of 6% which has been used by the UK Treasury was much higher than that used by many Plcs. This in turn could distort decisions and - along with the general use of resource accounting - put artificial financial pressure on the public sector to privatise operations or to use the Private Finance Initiative. �My real concern is that it actually affects the real resources allocated to the private and public sectors and therefore what is done on behalf of taxpayers,� Hodges said. �There are benefits from using an accruals system,� continued Hodges. But, he argued, it should be recognised that resource accounting as currently used is not as sector-neutral as its advocates suggest. Companies warned on international standards EU listed companies have been warned by the UK�s financial regulator to prepare for the adoption of International Accounting Standards. Howard Davies, chairman of the Financial Services Authority, said that he believed many companies remain unaware of the impact of IAS and have not made themselves ready for the profound changes that will be brought about. The FSA has now written to all UK listed companies reminding them of the new requirements. �I appreciate that the timetable is made more difficult, given the fact that not all the relevant standards have been agreed and some have not yet been published,� wrote Ken Rushton, the FSA�s director of listing. �Nevertheless a consequence of not being in a position to adopt IFRS (International Financial Reporting Standards) will be that issuers are unable to meet the reporting requirements and deadlines of the listing rules. Failure by issuers to submit preliminary or interim results within the required timescale is likely to result in the suspension of the issuer�s securities.� But the Quoted Companies Alliance, representing over 2,000 smaller UK listed companies, responded by calling on the European Union to delay implementation of the requirement on their members to comply with International Accounting Standards before 2007. It said that the primary reason for IAS was to assist the creation of a single capital market, which was less relevant to businesses with market capitalisations of £350m or less - as with its members - than for large Plcs. It added that many smaller listed companies simply could not afford the cost of preparing for international standards. Writing to European internal markets commissioner, Frits Bolkestein, the QCA�s chief executive, John Pierce, said that member companies also had particular difficulty with the requirement under the EU�s Transparency Obligations Directive for quarterly reporting. They were also very concerned at the cost and potential legal liabilities arising from the obligation to publish annual accounts and announcements in a public manner, rather than just to shareholders. The QCA further criticised the directive for failing to give companies the right to know who all their shareholders were. Meanwhile, ACCA has urged the European Commission to reconsider its approach to its Action Plan on Corporate Governance and Company Law. ACCA supports the principle of pan-European governance mechanisms and protection of shareholder rights, but disagrees with the Commission�s chosen priorities. John Davies, ACCA�s head of business law, said: �The Commission has proposed a feasibility study, which will examine an alternative to the current rules on the capital structure of limited liability companies. It believes a simplification of the current directive would promote business efficiency without reducing protection for shareholders and creditors. But this will not happen until 2006-2008. ACCA believes this timescale is too long and needs to be shortened. With IAS now looming, the key issue is the effect on companies� reported profits - there is a potentially serious impact on their ability to pay dividends, with the knock-on effect on their share prices. This is why the Commission needs to make a review of the current rules on company capital structures a short-term priority.� IAS is likely to have a significant impact on pensions and deferred tax. Large deficits or provisions will potentially inhibit distribution of dividends. Share-based payments are also likely to be affected where charges for share options impact on profits available for distribution. Financial instruments will also be affected. With such urgent issues to be addressed, ACCA believes the Commission�s plan to give priority to a review of the feasibility of the so-called European Private Company is misguided - especially as it believes there is no obvious demand for such a structure. �We fully support the plan to make listed companies produce annual corporate governance statements, to be presented on a �comply or explain� basis,� said Davies. �We also agree that a common approach to key principles and disclosure criteria is better than a full-blown European Code. We believe that there should be a stronger emphasis placed on ethics in the EC�s plan.� Desmond Hudson resigns as CEO designate ACCA has announced the resignation of Desmond Hudson, chief executive designate. Hudson, who was scheduled to take up the post of chief executive on 1 October, on CEO Anthea Rose�s retirement, has indicated his decision not to proceed with the appointment. Sam Wong, ACCA�s President, said: �It is with regret that we announce the decision of Des Hudson not to take up the role of chief executive. He leaves with our best wishes.� Chief operating officer, Helen Brand, supported by ACCA�s executive directors and staff, will take forward ACCA�s strategy until the appointment of a new chief executive. European audit oversight demanded The European Federation of Accountants (FEE) has published proposals for audit oversight at European level which it says would improve public confidence in financial reporting. It called for the early creation of a new oversight system, providing common principles for all member states. FEE said that its proposals went further than the Commission had suggested in its paper, Reinforcing Statutory Audit in the EU, published earlier this year. The FEE proposals call for robust oversight of the audit profession on public interest grounds, with these operating at member state level, but with the European Union co-ordinating national systems and addressing cross-border issues. The system of oversight used in each member state, said the Federation, should combine the profession and independent non-practitioners, with non-practitioners in the majority. The European Union should prioritise the creation of a co-ordinating body to bring together member states� oversight systems, which would also liaise with oversight arrangements used in the US and elsewhere. It would aim to reduce the need for duplication of oversight - both globally and cross-border within the EU - while spreading best practice. The FEE said that the co-ordinating body should be created as an independent legal entity to build confidence in it, with a public interest remit and the involvement of all relevant stakeholders. David Devlin, President of FEE, said: �Robust public oversight ensures that the public can have confidence that the audit profession is committed to working in the public interest at the required highest level of quality. FEE supports the creation of a European-level body to co-ordinate oversight arrangements at member state level and to help address cross-border issues. �The European accountancy profession is playing its part in the process of restoring credibility to financial reporting. FEE�s proposals regarding oversight of the audit profession, if accepted, would serve to restore public confidence in the single European capital market.� | |