With fraud and cyber-attacks increasing by over 500% since the COVID-19 era began, all organizations, whether for-profit or not-for-profit, are under siege and being challenged with having to defend their data while also contending with a scattered workforce and diminished revenue. To help not-for-profit entities protect their information during these unprecedented times, this webinar will cover challenges entities face in preventing, detecting, and responding to fraud and cybersecurity-related activities.
What Risk Factors Not-For-Profit Organizations Need to Know in Today's COVID-...Citrin Cooperman
This webinar discusses risk factors non-profit organizations need to be aware of during the COVID-19 pandemic. It covers topics like fraud risks, enterprise risk management, and the fraud triangle. Panelists will discuss how non-profits can identify risks, establish risk management policies, and determine the appropriate response when suspecting fraud. Attendees can submit questions and learn about benefits of implementing enterprise risk management programs.
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Citrin Cooperman
This document discusses considerations around fraud, security, and legal risks in the age of COVID-19. It outlines an agenda covering financial fraud risks, IT and cybersecurity risks, and legal considerations when employees are working remotely. Some key risks discussed include increased opportunities for fraud due to remote work, supply chain attacks targeting third-party vendors, ensuring proper regulatory compliance, and oversight of management during the crisis. The document recommends forming a COVID-19 response committee and increased board involvement to monitor risks and provide oversight of the company during this time.
Navigating COVID's Impact on the Financial Services IndustryCitrin Cooperman
Citrin Cooperman professionals joined InfraGard for a webinar, “Navigating COVID's Impact on the Financial Services Industry and Lessons Learned/Actions Your Company Can Take From Their Experiences: Lessons Learned and Actions Your Company Can Take From Their Experiences."
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
In today's world, a cyber attack happens every 39 seconds on average. For every doom and gloom story we can tell, there are also instances where another organization’s proactive defense has helped to avoid a cyber attack.
During our final MasterSnacks: Cybersecurity session, we discussed strategies your company can implement to move your IT environment from reactive to proactive. We also shared examples of current clients whose proactive positions have had a real impact in thwarting hackers' attempts at infiltrating their organizations. We covered:
- Case studies on companies that have successfully staved off cyber attacks
- Proactive strategies for protecting your infrastructure
- Automated tools to facilitate more timely evaluation and monitoring
NFP Speak - Part 1: Navigating the COVID-19 Crisis as a Not-For-Profit - finalCitrin Cooperman
This document summarizes an upcoming webinar series for not-for-profits on navigating the COVID-19 crisis. The first webinar will discuss establishing a crisis committee, risk management considerations, relevant regulations, and take participant questions. It provides details on the webinar agenda, speakers, and how to join the webinar series for four subsequent sessions covering related financial, technology, sustainability, and resiliency topics.
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
As your business wages war against cyber criminals, you must combat the vulnerabilities posed by your own third-party service providers. Your external providers must be held accountable in order to keep your business safe and secure.
During Session 1 of our MasterSnacks:Cybersecurity series, we covered more about mitigating third-party risks by evaluating and managing your service providers. Key takeaways included:
- Third-party risk evaluation and management systems
- Strategies to mitigate risk
- The value and difference between SOC Reports
What Risk Factors Not-For-Profit Organizations Need to Know in Today's COVID-...Citrin Cooperman
This webinar discusses risk factors non-profit organizations need to be aware of during the COVID-19 pandemic. It covers topics like fraud risks, enterprise risk management, and the fraud triangle. Panelists will discuss how non-profits can identify risks, establish risk management policies, and determine the appropriate response when suspecting fraud. Attendees can submit questions and learn about benefits of implementing enterprise risk management programs.
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Citrin Cooperman
This document discusses considerations around fraud, security, and legal risks in the age of COVID-19. It outlines an agenda covering financial fraud risks, IT and cybersecurity risks, and legal considerations when employees are working remotely. Some key risks discussed include increased opportunities for fraud due to remote work, supply chain attacks targeting third-party vendors, ensuring proper regulatory compliance, and oversight of management during the crisis. The document recommends forming a COVID-19 response committee and increased board involvement to monitor risks and provide oversight of the company during this time.
Navigating COVID's Impact on the Financial Services IndustryCitrin Cooperman
Citrin Cooperman professionals joined InfraGard for a webinar, “Navigating COVID's Impact on the Financial Services Industry and Lessons Learned/Actions Your Company Can Take From Their Experiences: Lessons Learned and Actions Your Company Can Take From Their Experiences."
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
In today's world, a cyber attack happens every 39 seconds on average. For every doom and gloom story we can tell, there are also instances where another organization’s proactive defense has helped to avoid a cyber attack.
During our final MasterSnacks: Cybersecurity session, we discussed strategies your company can implement to move your IT environment from reactive to proactive. We also shared examples of current clients whose proactive positions have had a real impact in thwarting hackers' attempts at infiltrating their organizations. We covered:
- Case studies on companies that have successfully staved off cyber attacks
- Proactive strategies for protecting your infrastructure
- Automated tools to facilitate more timely evaluation and monitoring
NFP Speak - Part 1: Navigating the COVID-19 Crisis as a Not-For-Profit - finalCitrin Cooperman
This document summarizes an upcoming webinar series for not-for-profits on navigating the COVID-19 crisis. The first webinar will discuss establishing a crisis committee, risk management considerations, relevant regulations, and take participant questions. It provides details on the webinar agenda, speakers, and how to join the webinar series for four subsequent sessions covering related financial, technology, sustainability, and resiliency topics.
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
As your business wages war against cyber criminals, you must combat the vulnerabilities posed by your own third-party service providers. Your external providers must be held accountable in order to keep your business safe and secure.
During Session 1 of our MasterSnacks:Cybersecurity series, we covered more about mitigating third-party risks by evaluating and managing your service providers. Key takeaways included:
- Third-party risk evaluation and management systems
- Strategies to mitigate risk
- The value and difference between SOC Reports
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
Is Your Strategy in Place to Meet the NYS DFS Regulation?
Understanding New York State’s required cybersecurity policies and procedures, how these new regulations apply to you, and what you need to do to become compliant can all be confusing and overwhelming. To help you through this process, Citrin Cooperman and Walker Wilcox Matousek, LLP hosted an informational webinar to walk you through the complexities of this new regulation.
Key questions that were answered, include:
What’s required under the new regulation?
Does this new regulation apply to you?
How will you comply with this new regulation?
What are the consequences of not complying?
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
Sign up for our weekly TRU Snacks webinars here: https://www.citrincooperman.com/infocus/tru-snacks-webinar-series
Our TRU Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information from Citrin Cooperman’s Transition Response Unit (TRU) live every Thursday at noon.
In this TRU Snacks Webinar session, Technology, Risk Advisory, and Cybersecurity (TRAC) Partner Michael Camacho reviewed strategies to help combat the relentless attempts by hackers to infiltrate your business during these uncertain times.
This document provides an overview of cyber threats facing businesses in Gloucestershire. It discusses rising cybercrime rates nationally and locally, with the average financial loss to Gloucestershire from cybercrime being over £250,000 per month. Typical cyber attacks include phishing, ransomware, and DDoS attacks. The document urges businesses to purchase cyber insurance, stresses the importance of complying with new GDPR regulations, and provides resources for reporting cyber incidents and getting help. It concludes by recommending basic cybersecurity practices for businesses and individuals to better protect themselves online.
A Hacker's Playground - Cyber Risks During COVID-19Citrin Cooperman
This document summarizes a presentation given by Citrin Cooperman on cyber risks during COVID-19. It discusses how the pandemic has created new vulnerabilities like increased phishing attacks and risks from remote work. Statistics on breaches are presented showing rising costs and records compromised. Examples of recent hacking incidents the company responded to are shared. The presentation demonstrates common hacking techniques like password cracking and ransomware. It concludes by advising organizations to understand their cyber risk profile, take a proactive approach to security, verify third party protections, and educate employees on compliance and cyber threats. Contact information is provided for the cybersecurity practice at Citrin Cooperman.
The document outlines 10 common reasons why businesses fail. They include poor financial management, inadequate business planning, lack of understanding of pricing structures and margins, poor cash flow management, lack of financial reserves, inappropriate use of credit, poor tax management, failure to submit tax returns on time, poor processes and procedures, and failure to seek professional advice. Addressing these issues through financial tracking software, comprehensive business planning, regular pricing and cost reviews, cash flow monitoring, maintaining financial reserves, obtaining appropriate credit, managing taxes, following procedures, and consulting advisers can help businesses avoid common pitfalls and improve their chances of long-term survival.
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
The presentation included a discussion of practical steps in-house lawyers can take to build, grow, and measure their corporate compliance program, and why such programs are important for companies, especially those preparing for a sale.
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Case Study: The Role of Human Error in Information SecurityPECB
The document discusses how human error is a major cause of security incidents, accounting for 95% according to IBM. Examples are given of incidents caused by expired certificates, unencrypted emails to the wrong recipient, and phishing emails. Two case studies are described in more detail: a lottery rigging scheme by an IT director that lasted 10 years due to a lack of oversight, and a company security breach enabled by an unconfigured firewall and employee clicking a phishing link. The document advocates for education, separation of duties, documented procedures and infrastructure protection to help address the problem of human error in security.
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
This presentation showcases the reasoning for and the importance of cyberseucrity in the not-for-profit sector. Case studies reinforce the importance of being ahead of the curve when managing cyber risk.
Sans 20 CSC: Connecting Security to the Business MissionTripwire
The document summarizes Katherine Brocklehurst's presentation at the 2013 SANS CSC Summit where she discussed the role and challenges of the Chief Information Security Officer (CISO). Some key points included that the CISO needs business experience and the ability to communicate security issues to executives in a way that shows relevance to the organization's mission. The presentation also discussed using metrics and dashboards to provide visibility into the organization's security posture and risks across different business units and technical platforms to report to various stakeholders.
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
This document discusses cybersecurity risks that boards of directors need to address. It notes that 48% of directors cited data security as their top concern in a recent study, up from 25% in 2008. The document recommends that boards oversee management's efforts to mitigate cyber threats, assess risks, and devote adequate resources. It emphasizes that boards should communicate the importance of cybersecurity to management and create a culture that views it as a responsibility. While technical issues may be daunting, boards are not expected to be experts and should rely on management and consultants for advice.
Basics of insurance coverage and evolving issues surrounding cyber, data breaches, and a big picture overview of how it impacts businesses and the lawyers advising them.
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
Corruption and Fraud Risk Management using ISO 31000PECB
This webinar will ensure that participants develop the competence to master a model for implementing corruption and fraud risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal corruption and fraud risk assessment and manage risks in time by being familiar with their life cycle. This webinar will include the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard for corruption and fraud risk management.
Learning objectives:
• To understand the concepts, approaches, methods and techniques allowing an effective corruption and fraud risk management according to ISO 31000
• To acquire the competence to implement, maintain and manage an ongoing corruption and fraud risk management using ISO 31000
• To acquire the competence to effectively advise organizations on the best practices in corruption and fraud risk management
Presenter:
This webinar is presented by Valentyn Sysoev, who leads the consulting and audit projects as well as projects related to IS audit and IS assurance, crisis and business continuity management, international standards implementation - specifically, ISO31000 Risk Management, ISO 21500 Project Management, ISO 38500 Corporate Governance of IT, ITIL 3 and Cobit 5, at Active Audit Agency. Valentyn has over more than 8 year experience on information security areas as a consultant, auditor and advisor. Valentyn provides services for financial, insurance, industrial, energy and others customers as an expert on information security.
Identifying Your Agency's Vulnerabilities Emily2014
This document provides an overview of operational risks and how to identify vulnerabilities within an agency. It discusses the types of operational risks including people, processes, systems, and external events. An operational risk assessment can show where gaps have opened in existing programs related to human error, lack of procedures, system failures, and external dependencies. The document recommends not relying on historical data alone to predict future risks, and suggests improving communication and managing risks in real time. It also provides examples of how to assess risks from vendors and contractors through background checks, contract terms, and onsite reviews.
Cybersecurity risks affect all senior executives in an organization. While the CEO may want to delegate cybersecurity to the CTO, effective programs require input from multiple stakeholders. A comprehensive understanding of technical, financial, and regulatory risks is needed to develop an appropriate strategy. Regular communication to the CEO should focus on trends, risks, and major incidents rather than technical details. Quantifying potential financial losses from data breaches can help obtain support for necessary security investments.
The document discusses cybersecurity challenges facing modern businesses. It notes a gap between perceived security and realities of modern threats. While companies invest in security systems and staff, attackers still frequently succeed due to human errors like poor training. The document examines case studies like the Target breach to show how lack of ongoing training for both security professionals and end users undermine defenses. It discusses pros and cons of outsourcing security versus training internal staff. The presenter argues all organizations must make ongoing training and awareness programs a priority to close security gaps.
Cyber insurance provides coverage for losses from cyber incidents and security breaches. It helps manage cyber risks through risk sharing. However, the cyber insurance market is still immature with global losses from cyber incidents exceeding the total cyber insurance market. Key challenges include asymmetric information between insurers and clients, interdependent and correlated cyber risks, and limited reinsurance capacity due to lack of claims data and potential for simultaneous global attacks.
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
Is Your Strategy in Place to Meet the NYS DFS Regulation?
Understanding New York State’s required cybersecurity policies and procedures, how these new regulations apply to you, and what you need to do to become compliant can all be confusing and overwhelming. To help you through this process, Citrin Cooperman and Walker Wilcox Matousek, LLP hosted an informational webinar to walk you through the complexities of this new regulation.
Key questions that were answered, include:
What’s required under the new regulation?
Does this new regulation apply to you?
How will you comply with this new regulation?
What are the consequences of not complying?
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
Sign up for our weekly TRU Snacks webinars here: https://www.citrincooperman.com/infocus/tru-snacks-webinar-series
Our TRU Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information from Citrin Cooperman’s Transition Response Unit (TRU) live every Thursday at noon.
In this TRU Snacks Webinar session, Technology, Risk Advisory, and Cybersecurity (TRAC) Partner Michael Camacho reviewed strategies to help combat the relentless attempts by hackers to infiltrate your business during these uncertain times.
This document provides an overview of cyber threats facing businesses in Gloucestershire. It discusses rising cybercrime rates nationally and locally, with the average financial loss to Gloucestershire from cybercrime being over £250,000 per month. Typical cyber attacks include phishing, ransomware, and DDoS attacks. The document urges businesses to purchase cyber insurance, stresses the importance of complying with new GDPR regulations, and provides resources for reporting cyber incidents and getting help. It concludes by recommending basic cybersecurity practices for businesses and individuals to better protect themselves online.
A Hacker's Playground - Cyber Risks During COVID-19Citrin Cooperman
This document summarizes a presentation given by Citrin Cooperman on cyber risks during COVID-19. It discusses how the pandemic has created new vulnerabilities like increased phishing attacks and risks from remote work. Statistics on breaches are presented showing rising costs and records compromised. Examples of recent hacking incidents the company responded to are shared. The presentation demonstrates common hacking techniques like password cracking and ransomware. It concludes by advising organizations to understand their cyber risk profile, take a proactive approach to security, verify third party protections, and educate employees on compliance and cyber threats. Contact information is provided for the cybersecurity practice at Citrin Cooperman.
The document outlines 10 common reasons why businesses fail. They include poor financial management, inadequate business planning, lack of understanding of pricing structures and margins, poor cash flow management, lack of financial reserves, inappropriate use of credit, poor tax management, failure to submit tax returns on time, poor processes and procedures, and failure to seek professional advice. Addressing these issues through financial tracking software, comprehensive business planning, regular pricing and cost reviews, cash flow monitoring, maintaining financial reserves, obtaining appropriate credit, managing taxes, following procedures, and consulting advisers can help businesses avoid common pitfalls and improve their chances of long-term survival.
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
The presentation included a discussion of practical steps in-house lawyers can take to build, grow, and measure their corporate compliance program, and why such programs are important for companies, especially those preparing for a sale.
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Case Study: The Role of Human Error in Information SecurityPECB
The document discusses how human error is a major cause of security incidents, accounting for 95% according to IBM. Examples are given of incidents caused by expired certificates, unencrypted emails to the wrong recipient, and phishing emails. Two case studies are described in more detail: a lottery rigging scheme by an IT director that lasted 10 years due to a lack of oversight, and a company security breach enabled by an unconfigured firewall and employee clicking a phishing link. The document advocates for education, separation of duties, documented procedures and infrastructure protection to help address the problem of human error in security.
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
This presentation showcases the reasoning for and the importance of cyberseucrity in the not-for-profit sector. Case studies reinforce the importance of being ahead of the curve when managing cyber risk.
Sans 20 CSC: Connecting Security to the Business MissionTripwire
The document summarizes Katherine Brocklehurst's presentation at the 2013 SANS CSC Summit where she discussed the role and challenges of the Chief Information Security Officer (CISO). Some key points included that the CISO needs business experience and the ability to communicate security issues to executives in a way that shows relevance to the organization's mission. The presentation also discussed using metrics and dashboards to provide visibility into the organization's security posture and risks across different business units and technical platforms to report to various stakeholders.
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
This document discusses cybersecurity risks that boards of directors need to address. It notes that 48% of directors cited data security as their top concern in a recent study, up from 25% in 2008. The document recommends that boards oversee management's efforts to mitigate cyber threats, assess risks, and devote adequate resources. It emphasizes that boards should communicate the importance of cybersecurity to management and create a culture that views it as a responsibility. While technical issues may be daunting, boards are not expected to be experts and should rely on management and consultants for advice.
Basics of insurance coverage and evolving issues surrounding cyber, data breaches, and a big picture overview of how it impacts businesses and the lawyers advising them.
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
Corruption and Fraud Risk Management using ISO 31000PECB
This webinar will ensure that participants develop the competence to master a model for implementing corruption and fraud risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal corruption and fraud risk assessment and manage risks in time by being familiar with their life cycle. This webinar will include the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard for corruption and fraud risk management.
Learning objectives:
• To understand the concepts, approaches, methods and techniques allowing an effective corruption and fraud risk management according to ISO 31000
• To acquire the competence to implement, maintain and manage an ongoing corruption and fraud risk management using ISO 31000
• To acquire the competence to effectively advise organizations on the best practices in corruption and fraud risk management
Presenter:
This webinar is presented by Valentyn Sysoev, who leads the consulting and audit projects as well as projects related to IS audit and IS assurance, crisis and business continuity management, international standards implementation - specifically, ISO31000 Risk Management, ISO 21500 Project Management, ISO 38500 Corporate Governance of IT, ITIL 3 and Cobit 5, at Active Audit Agency. Valentyn has over more than 8 year experience on information security areas as a consultant, auditor and advisor. Valentyn provides services for financial, insurance, industrial, energy and others customers as an expert on information security.
Identifying Your Agency's Vulnerabilities Emily2014
This document provides an overview of operational risks and how to identify vulnerabilities within an agency. It discusses the types of operational risks including people, processes, systems, and external events. An operational risk assessment can show where gaps have opened in existing programs related to human error, lack of procedures, system failures, and external dependencies. The document recommends not relying on historical data alone to predict future risks, and suggests improving communication and managing risks in real time. It also provides examples of how to assess risks from vendors and contractors through background checks, contract terms, and onsite reviews.
Cybersecurity risks affect all senior executives in an organization. While the CEO may want to delegate cybersecurity to the CTO, effective programs require input from multiple stakeholders. A comprehensive understanding of technical, financial, and regulatory risks is needed to develop an appropriate strategy. Regular communication to the CEO should focus on trends, risks, and major incidents rather than technical details. Quantifying potential financial losses from data breaches can help obtain support for necessary security investments.
The document discusses cybersecurity challenges facing modern businesses. It notes a gap between perceived security and realities of modern threats. While companies invest in security systems and staff, attackers still frequently succeed due to human errors like poor training. The document examines case studies like the Target breach to show how lack of ongoing training for both security professionals and end users undermine defenses. It discusses pros and cons of outsourcing security versus training internal staff. The presenter argues all organizations must make ongoing training and awareness programs a priority to close security gaps.
Cyber insurance provides coverage for losses from cyber incidents and security breaches. It helps manage cyber risks through risk sharing. However, the cyber insurance market is still immature with global losses from cyber incidents exceeding the total cyber insurance market. Key challenges include asymmetric information between insurers and clients, interdependent and correlated cyber risks, and limited reinsurance capacity due to lack of claims data and potential for simultaneous global attacks.
Taming the Legal Lion: Critical Compliance Issues for Smart NonprofitsGreenlights
This document discusses critical compliance issues for nonprofits, including legal compliance, human resources, and insurance protection. It outlines several key areas of risk for nonprofits, including their assets, activities, potential liabilities, and those they could be liable to. It then details important issues relating to board governance, fiduciary duties, excess benefits, reasonable compensation, personal liability, and protections for board members. The document also addresses financial practices, policies around conflicts of interest, expense reimbursement, executive compensation, whistleblowing, document retention and making documents public. Finally, it covers personnel and volunteer risks such as hiring, background checks, handbooks, terminations, and whistleblowing issues.
Your business faces risks on multiple fronts, so risk management should be a strategic priority. Identifying and addressing risks helps your business run smoothly, and keeps you focused on pursuing your business objectives. We discuss strategies to mitigate your IT threats, explore insurance options and assess your internal control needs.
The document provides an overview of internal controls and fraud prevention topics for school districts. It discusses the importance of internal controls in protecting resources from waste, abuse and noncompliance. Specific risks faced by districts are outlined such as financial, operational and reputational risks. Examples of fraud schemes and real fraud cases in districts are also summarized. The document recommends that districts assess fraud risks, implement strong IT controls and segregation of duties, and establish procedures for monitoring, oversight and reporting of fraud allegations.
Retirement Plans: Managing Your Fiduciary ResponsibilitySecureDocs
The document provides information about retirement plan governance and fiduciary responsibilities. It discusses the importance of establishing clear roles, processes, and oversight for retirement plans to help ensure compliance and protect fiduciaries from liability. It emphasizes having the right people involved, clearly identifying duties, documenting formal procedures, and routinely monitoring activities. Well-documented governance helps fiduciaries fulfill their responsibilities and prepares plans for potential IRS or DOL audits.
Financial Management for Business AssociationsHammad Siddiqui
The document discusses internal controls, frauds, and budgets, with the objectives of understanding internal controls, learning budgeting techniques to prepare effective budgets, and concluding by sharing experiences with internal controls. It includes a case study example of potential fraud at a business chamber and recommendations for internal controls to mitigate fraud risk, as well as explanations and best practices for financial budget preparation.
Encouraging Internal Compliance Communication WebinarCase IQ
Attorney Lisa Noller and Michael Weisman, Chief Counsel, Compliance at Kraft Foods Group, discuss tips for getting your employees to speak up about workplace misconduct.
This document discusses achieving effective compliance with the Payment Card Industry Data Security Standard (PCI DSS). It begins by outlining some of the challenges organizations face in securing sensitive data like credit card information. It then provides background on the development of PCI standards in response to significant fraud losses. The document notes that compliance alone does not equal security, and that organizations often take a minimal approach or see compliance as a "check the box" exercise rather than part of an overall security strategy. It emphasizes the need for a holistic, risk-based approach rather than focusing solely on technical controls or compliance. Finally, it suggests some lessons learned and ways to move forward, including understanding data flows, limiting access, and building value beyond just certification.
Tips for Implementing a Whistleblower HotlineCase IQ
Shannon Walker, President of Whistleblower Security, shares tips for setting up a whistleblower hotline and answers some important questions and concerns often brought up when implementing and maintaining a whistleblower program.
To watch the entire webinar, visit: http://i-sight.com/webinar-how-to-set-up-a-whistleblower-hotline/
This document discusses whistleblowing and its importance. It provides definitions and notes that whistleblowing involves raising genuine concerns about wrongdoing in the workplace. While protections exist, whistleblowers often face negative consequences. The document then outlines the legal protections for whistleblowers under the Public Interest Disclosure Act and regulatory expectations for effective whistleblowing policies and procedures. It gives an overview of Ofqual's approach to handling whistleblowers and data on disclosures received. Challenges in addressing whistleblowing are also discussed.
Original air date: May 9, 2017
Rebroadcast and recording information at http://www.mhmcpa.com
The role of the audit committee is ever-evolving. In addition to assisting with reviews of financial reporting and audit preparation, committees are increasingly being tasked with enterprise risk assessment. From cybersecurity threats to the management of employee benefits, audit committees are looking for how organizations are assessing and managing their key risks. An evaluation of your organization’s audit committee practices helps ensure that your committee is prepared to fulfill its ever-changing role.
In this session, we will take a deep dive into audit committee charters, emerging best practices related to the activities of audit committees and provide some practical advice for managing meetings and interactions with the audit committee.
The Importance of Internal Controls in Fraud Prevention Rea & Associates
Presentation made by Ohio Accounting Firm, Rea & Associates, on the how strong internal controls can help Ohio companies deter fraud in the workplace. Special attention is given to the 5 components of internal controls and how to diffuse the traingle of fraud.
5 Steps to Creating an Ethical Work CultureCase IQ
You get it. Being an ethical organization matters. A lot.
But ethics isn’t just a quarterly HR campaign or a glossy conduct guide; in order to really have a bottom-line business impact, organizational ethics must function as an integral pillar of company culture over time.
So, what are the best practices to make sure your organization is regularly thinking about ethics and including it in everyday decision making? What are some creative ways to bring focus to this vital but often overlooked function? And how can you most effectively deal with and investigate an incident or a breach when it occurs?
Drilling Down on Strategic Alternatives in the Current Energy Crisis: Boards ...Burleson LLP
Download slides for the second part of our four-part webinar series on "Boards of Directors and Corporate Governance." Featured topics include:
Fiduciary Duties of Directors, Officers, and Controlling Shareholders
Zone of Insolvency
Strategies to Limit D&O Liability
Special Committees
Practical Advice Under Controlling Law
For questions, please contact Partner Trent Rosenthal at trosenthal@burlesonllp.com.
Corporate governance involves directing and controlling corporations through specifying the distribution of rights and responsibilities among stakeholders such as boards, managers, shareholders, and others. It establishes rules and procedures for decision making regarding corporate affairs and provides the structure to set objectives, attain them, and monitor performance. Key aspects of corporate governance include promoting efficient resource use and investor trust, as well as maintaining integrity, managing risk, and protecting investor rights through transparency and independence.
2013 Nonprofit Seminar - Conducted by Chambliss, Bahner & Stophel, along with the Center for Nonprofits and Community Foundation of Greater Chattanooga
Holding management to account: where is it all heading?Bovill
The document provides an overview and history of regulatory changes aimed at holding individuals in the financial sector more accountable. It summarizes the key elements of the new Senior Managers and Certification Regime including prescribed responsibilities, a responsibility map, conduct rules, and a reverse burden of proof. It notes challenges with the new regime and predictions that some elements may prove unworkable. It advises firms and senior managers on steps they should take to prepare for and adapt to the new accountability standards.
The document discusses managing governance, risk, and compliance (GRC) in an integrated way to avoid redundant efforts or gaps in oversight. It notes that managing risks in isolation across different groups can result in duplicate work monitoring the same risks or failures to monitor some risks. The document advocates coordinating GRC disciplines to improve efficiency and reduce risks. It also discusses recent initiatives by the Securities and Exchange Board of India to improve corporate governance practices in listed companies.
Similar to Not-For-Profit Risks in the COVID-19 Environment (20)
C-Suite Snacks Webinar Series: Modern Decision SupportCitrin Cooperman
The role of finance continues to evolve in response to the ever-changing business environment. In order to keep your business agile, it is important to make sure that you're fully benefiting from a best-in-class FP&A function.
During this C-Suite Snacks webinar, Dominic DiBernardo, Partner and Corporate Performance Management Practice Leader, discusses what modern decision support looks like and the ingredients for a great financial planning and analysis (FP&A) function.
“Citrin Cooperman” is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. Citrin Cooperman is an independent member of Moore North America, which is itself a regional member of Moore Global Network Limited (MGNL).
C-Suite Snacks Webinar Series: Building an Advisory BoardCitrin Cooperman
The document discusses when privately-held companies should consider establishing an advisory board and the value they can provide. It notes that advisory boards, unlike fiduciary boards, do not have legal duties and their votes are non-binding. The benefits of advisory boards include helping with business development, filling executive skill gaps, providing objective insights, and driving strategy. It recommends treating an advisory board similarly to a public company board by setting meeting schedules far in advance, having clear agendas, respecting members' time, and keeping minutes if there are multiple shareholders.
C-Suite Snacks Webinar Series: Prepping Your Company's Financials for SaleCitrin Cooperman
This document provides an overview of the steps needed to prepare a company's financials for sale. It recommends building an advisory team that includes investment bankers, accountants, and a financial reporting team. It discusses quantifying adjusted EBITDA and net working capital, which are key metrics that will be validated and negotiated with potential buyers. The document outlines adjusting the financials for non-recurring and owner-related expenses to present an accurate view of the business's earnings ability. With the financials prepared, the next steps are marketing the business and guiding it through the buyer's due diligence and deal closing processes.
Preparing for the new lease accounting standard can seem like a daunting task. In this webinar, we reviewed how you can handle and prepare to navigate your business through the new lease accounting standard in 2022.
Lease Accounting: Preparing Your Business for 2022Citrin Cooperman
Making a smooth transition to the new lease accounting standards and putting new practices in place for the future is a top priority for any business as they plan for 2022. During this webinar session, we reviewed how you can handle and prepare to navigate your business through the new lease accounting standards.
Topics included:
- What private companies should think about for 2022
- How the lease accounting standards can impact your financial
statements, financial covenants, and taxes
- Identifying opportunities for your business due to the new lease
accounting standards
High Net Worth Webinar Series - Tax Planning and Update for 2022Citrin Cooperman
As 2021 comes to an end, business owners and individuals are seeking opportunities to maximize their savings through year-end tax planning. This webinar session will help you navigate the many complexities, obstacles, and impending tax landscape changes that the 2021 tax year brings to the table and what 2022 has in store.
C-Suite Snacks Webinar Series: The Talent Wars - Can Benefits Be Your Secret ...Citrin Cooperman
This webinar discusses how companies can use benefits as a secret weapon to win the talent wars. It covers open enrollment and employee engagement strategies like using technology for enrollment, communications, and year-round support. Meeting human capital demands through multi-generational benefits is discussed. Cost containment and trending benefits strategies include risk financing options, chronic condition management, and consortium programs. Trending benefits include mental health, telemedicine, student loan repayment, and more. Questions are taken at the end.
High Net Worth Webinar Series - The Business of Digital Assets & BlockchainCitrin Cooperman
The recent rise of Bitcoin and digital assets has created significant new opportunities and challenges for investors. This emerging asset class is transforming both the technology and finance industries. In this session, you will learn about Bitcoin, its progeny, the emerging use cases for digital assets, and how investors are getting involved.
High Net Worth Webinar Series - Estate Planning Strategies and UpdatesCitrin Cooperman
There’s much uncertainty in the world of estate planning for high net worth individuals and their families. With numerous legislative proposals that would drastically alter the current estate planning landscape, listen in as our Trust and Estate Services Practice team discusses: various proposals, including those in Congress and the Biden Administration’s Green Book, estate and gift planning strategies for the remainder of tax year 2021, and more.
Showtime for Shuttered Venue Operators Grant (SVOG) RecipientsCitrin Cooperman
We discuss the ever-changing guidance around the conditions attached to the distribution of these funds and the specific requirements your organization needs to execute.
C-Suite Snacks Webinar Series: A Year Like No Other - Manufacturing and Distr...Citrin Cooperman
Our second annual Manufacturing and Distribution Pulse Survey Report explores the impact of the pandemic on the industry, and how businesses have pivoted to survive, including managing new product offerings, technology implementation, and supply chain disruptions.
During this webinar session, we discussed how 200 leaders of M&D companies, ranging from $20 million to over $1 billion in revenue, responded to our survey.
Topics included:
• How COVID-19 has accelerated the 4th Industrial Revolution
• Product sourcing changes
• Business pivots and what made them successful
Manufacturing & Distribution Update: The Economic Impact on the IndustryCitrin Cooperman
This presentation focused on what the future is likely to bring to manufacturers and distributors as the nation attempts to claw its way back from the worst of the COVID-19 crisis.
High Net Worth Webinar Series: SALT Thoughts - Pass-Through Entity Taxes & Re...Citrin Cooperman
During this webinar, we discussed how to potentially mitigate the impact of the state and local tax (SALT) cap at the federal level. New York State has joined the list of states that have enacted an elective pass-through entity tax in an effort to do just that. We also dove into the possibility of changing residency to a low-tax or no-tax state. With state tax rates on the rise in some places and the realization that remote work is doable, many individuals are contemplating making a move. To succeed in making a change like this, one must be aware of the technical rules and be willing to significantly adjust one’s life. We talked through all these considerations.
The New Rage in SALT: State Pass-Through Entity TaxCitrin Cooperman
Several states have enacted pass-through entity taxes in response to the $10,000 SALT deduction cap under the Tax Cuts and Jobs Act. New York, New Jersey, Maryland, Rhode Island, Connecticut, and California allow pass-through entities like partnerships and S corporations to elect to pay a tax on state-source income, with owners then receiving a credit. Key considerations for these taxes include tax rates, estimated payment requirements, utilization of credits, and impacts on tiered structures.
C-Suite Snacks Webinar Series: What's Your IP Worth? Discovering the Value of...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
Every day brings news of a new music catalog sale, strategic piece of intellectual property purchased by a large company or private equity firm, or major transaction of a patent-driven business.
During this C-Suite Snacks webinar session, we discussed which intangible assets and intellectual property are commanding the highest prices and what is behind the value of these assets. Key takeaways included:
- An overview of what drives IP value
- COVID-19 impacts on IP value
- Current IP value trends
C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...Citrin Cooperman
This document summarizes a webinar on choosing between buying or building best-in-class finance and accounting functions. It discusses that finance excellence has four dimensions: strategy, process, talent, and technology. It also outlines assessing the current state, conducting cleanup, and stabilizing operations before transforming. The path includes assessing costs and controls, conducting cleanup to ensure accurate historical data, and options for stabilization including internal rebuilding, outsourcing, or a hybrid model. Finally, it compares considerations for fully building the function internally versus buying services externally or using a hybrid approach.
C-Suite Snacks Webinar Series: Not Sold on Selling Your Business? Why Now is ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
The recently proposed tax provisions in the Biden Administration’s American Families Plan should provide substantial incentives for business owners to discuss the creation of an Employee Stock Ownership Plan (ESOP).
During this C-Suite Snacks webinar session, Howard Klein and Heather Oboda covered more about ESOPs, including:
- An overview of what an ESOP is including financial and non-financial benefits
- The common misconceptions about ESOPs
- How the current tax proposals make an ESOP more attractive
MasterSnacks: Cybersecurity - Disaster Recovery: Hoping for the Best but Plan...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
Since a disaster is more a matter of “when” and not “if,” it’s critical to have a plan in place to ensure a rapid recovery. Whether it’s a natural cataclysm or a human-made catastrophe, having actionable, tested steps in place to recover could mean the difference between a brief outage and weeks of downtime.
During session 2, we covered disaster recovery planning. Key takeaways included:
- Knowing the key components to include in a plan
- Understanding Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Differentiating between disaster recovery, business continuity, and incident response plans
C-Suite Snacks Webinar Series: Mise en Place: Ensuring the Success of Your Bu...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
While restaurant owners are taking precautionary health measures to protect their staff and customers, reopening may require a difference business approach altogether. Many realize that customer needs and expectations have shifted, and it is imperative for these owners to adjust to the new reality in order to succeed.
During our C-Suite Snacks webinar session, we covered how to set your business up for success in order to thrive going forward. Key takeaways included:
- Leveraging on landlords and new lease options
- Rethinking operations and e-commerce expectations
- Minding your PPPs, RRFs, SVOGs, and ERTCs
- Strategies for cash flow and revenue streams
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
AI Transformation Playbook: Thinking AI-First for Your BusinessArijit Dutta
I dive into how businesses can stay competitive by integrating AI into their core processes. From identifying the right approach to building collaborative teams and recognizing common pitfalls, this guide has got you covered. AI transformation is a journey, and this playbook is here to help you navigate it successfully.
Prescriptive analytics BA4206 Anna University PPTFreelance
Business analysis - Prescriptive analytics Introduction to Prescriptive analytics
Prescriptive Modeling
Non Linear Optimization
Demonstrating Business Performance Improvement
During the budget session of 2024-25, the finance minister, Nirmala Sitharaman, introduced the “solar Rooftop scheme,” also known as “PM Surya Ghar Muft Bijli Yojana.” It is a subsidy offered to those who wish to put up solar panels in their homes using domestic power systems. Additionally, adopting photovoltaic technology at home allows you to lower your monthly electricity expenses. Today in this blog we will talk all about what is the PM Surya Ghar Muft Bijli Yojana. How does it work? Who is eligible for this yojana and all the other things related to this scheme?
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
SATTA MATKA SATTA FAST RESULT KALYAN TOP MATKA RESULT KALYAN SATTA MATKA FAST RESULT MILAN RATAN RAJDHANI MAIN BAZAR MATKA FAST TIPS RESULT MATKA CHART JODI CHART PANEL CHART FREE FIX GAME SATTAMATKA ! MATKA MOBI SATTA 143 spboss.in TOP NO1 RESULT FULL RATE MATKA ONLINE GAME PLAY BY APP SPBOSS
Profiles of Iconic Fashion Personalities.pdfTTop Threads
The fashion industry is dynamic and ever-changing, continuously sculpted by trailblazing visionaries who challenge norms and redefine beauty. This document delves into the profiles of some of the most iconic fashion personalities whose impact has left a lasting impression on the industry. From timeless designers to modern-day influencers, each individual has uniquely woven their thread into the rich fabric of fashion history, contributing to its ongoing evolution.
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
Discover the Beauty and Functionality of The Expert Remodeling Serviceobriengroupinc04
Unlock your kitchen's true potential with expert remodeling services from O'Brien Group Inc. Transform your space into a functional, modern, and luxurious haven with their experienced professionals. From layout reconfiguration to high-end upgrades, they deliver stunning results tailored to your style and needs. Visit obriengroupinc.com to elevate your kitchen's beauty and functionality today.
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Not-For-Profit Risks in the COVID-19 Environment
1. NFP SPEAK
NOT-FOR-PROFIT
RISKS IN THE
COVID-19
ENVIRONMENT
CITRIN COOPERMAN’S
NOT-FOR-PROFIT COVID-19
WEBINAR
evolution
WEDNESDAY, AUGUST 5, 2020
11:00 AM – 12:00 PM EST
actioninto
MODERATOR: John Eusanio
PANELISTS: Bridget Weiss, Ken Yormark, & David Roath
2. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
WELCOME & INTRODUCTION
John Eusanio, CPA, CGMA
Partner & Not-For-Profit Practice Leader
4. evolution KEY REMINDERS / USING ZOOM
actioninto
• The webinar is 1 hour and based on your participation.
• You have joined in listening mode only.
• You will have the opportunity to submit questions to our moderator/speakers by typing
your questions into the Q&A icon on the Zoom panel.
• This session is being recorded and a playback link will be sent.
5. 5
Polling Question #1
For those of you joining us today, do you
require CPE/CLE?
A. Yes – CPE
B. Yes – CLE
C. Both CPE/CLE
D. No
evolution
action
6. Bridget M. Weiss, JD
Partner
202.942.5839
bridget.weiss@arnoldporter.com
evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
MODERATOR & SPEAKERS
John Eusanio, CPA, CGMA
Partner & Not-For-ProfitPractice
Leader
646.979.6091
jeusanio@citrincooperman.com
Ken Yormark, CPA, CFE,
CFF, CAMS
Partner & Forensic & Litigation
Services Practice Leader
347.505.6350
kyormark@citrincooperman.com
David Roath, CPA
Partner & TRAC Practice Leader
203.707.9788
droath@citrincooperman.com
7. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
Bridget M. Weiss, JD
Partner, Tax-Exempt Organizations Practice
Arnold & Porter
BOARD FIDUCIARY RESPONSBILITIES
9. evolution Role of Nonprofit Board of Directors
actioninto
What is the role of a nonprofit Board – and what are the
practical responsibilities associated with its role?
• Set the strategic direction for the organization
• Provide oversight of programs and operations
• Evaluate risk and ensure establishment of effective compliance
programs
….Withing the context of:
• Recognizing appropriate role of the Board versus management
• Observing fiduciary duties
10. evolution Fiduciary Duties of Nonprofit Directors
actioninto
Nonprofit directors and officers owe fiduciary duties to
the nonprofit entity itself: (1) duty of obedience, (2) duty
of care, and (3) duty of loyalty
• Consider how the current crisis impacts fiduciary
obligations
11. evolution Fiduciary Duties – Duty of Obedience
actioninto
Duty of Obedience
• Nonprofit directors must not engage in ultra vires acts –
acts that the nonprofit, under its governing documents and
applicable law, cannot perform because such acts are
prohibited or beyond the scope of the corporation’s powers
• Critically, directors must be faithful to the nonprofit’s
mission and ensure that its activities are consistent with,
and advance, its exempt purposes
12. evolution Fiduciary Duties – Duty of Obedience
actioninto
Duty of Obedience in Emergency Actions
• Check governing documents and applicable law!
• Consideration of validity of board meetings and action:
what is typically required?
• “Emergency” powers: (1) quorum for board action,
(2) modification of lines of succession to accommodate
incapacity of directors/officers, (3) notice of board meeting,
(4) alternative directors
13. evolution Fiduciary Duties – Duty of Care
actioninto
Duty of Care: requires that a director devote sufficient
time, exercise diligence and use reasonable judgement to
ensure that the nonprofit is run prudently and with due regard
for its tax-exempt purposes
• This may be more accurately described as a “duty to be
informed” – directors should be informed about an issue
before making decisions, ask appropriate questions, be
active and engaged in deliberations
• Directors are not expected, or legally required, to be
experts on everything – can rely on Board committees,
outside advisors and staff, where reasonable
Consideration of extra burdens during COVID-19 crisis!
14. evolution Fiduciary Duties – Duty of Loyalty
actioninto
Duty of Loyalty: requires that a director act solely in the
best interest of the organization rather than own best
interests, or those of the director’s associates
• One important aspect of the duty of loyalty is to retain the
confidentiality of information that is explicitly deemed
confidential by the organization, as well as information that
appears to be confidential from its nature or matter
• The duty of loyalty also encompasses a director’s obligation
to avoid conflicts of interest – a violation of this duty may
result in personal liability for the director, and allow a court
to void a transaction in which a conflict was present
Importance of establishing and enforcing a conflict of
interest policy!
15. evolution Fiduciary Duties – Business Judgment Rule
actioninto
Business Judgment Rule: in general, if a board of
directors properly exercises its fiduciary duties, its members
will be protected from liability for their actions
• A business decision is presumed reasonable if the directors
act on an informed basis, in good faith and in the
honest belief that the action is in the best interests of
the nonprofit
• Presumption can be overcome with a showing that the
board acted with gross negligence – but possible, and
greater likelihood of reputational risk
• There is also liability protection for volunteer directors
under federal and (some) state law
16. 16
Polling Question #2
Which of the following fiduciary
responsibilities apply to a Nonprofit
Board.
A. Duty of Care
B. Duty of Loyalty
C. Duty of Obedience
D. All of the above
evolution
action
17. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
NOT-FOR-PROFIT FRAUD RISKS
KEN YORMARK, CPA, CFE, CFF, CAMS
PARTNER, & FORENSIC & LITIGATION SERVICES PRACTICE LEADER
CITRIN COOPERMAN
18. evolution The Factors of Fraud
actioninto
The Fraud Triangle
• Perceived pressure - personal financial pressure or work-
related
• Rationalization - finding good reasons for doing things that
we know are wrong.
• Opportunity – perception that an opportunity exists
The 20 / 60 / 20 Rule
19. evolution Not For Profits Fraud Susceptibility
actioninto
• Tend to place executive control in their founder, executive director,
or substantial contributor
• Focus funds on their core service
• Often engage untrained volunteers
• Boards comprised of volunteers
• Transactions tend to be non-reciprocal
• Susceptible to negative publicity
20. evolution Frauds Commonly Committed Against NFPs
actioninto
• Credit card abuse
• Fictitious vendor schemes
• Conflicts of interest
• Payroll schemes
• Deceptive fundraising practices
• Failing to comply with donor-imposed restrictions on a gift
• Fraudulent financial reporting
• Misclassifying fundraising & administrative expenses to mislead donors
• Fraudulent statements of compliance requirements with funding sources
21.
22. evolution Internal Control Questions You Should Consider
actioninto
• Do your controls now operate differently?
• Has your risk changed?
• Has the control owner changed?
• Are alternative control plans in place if individuals
become unavailable?
23. evolution Work From Home Considerations
actioninto
• Current controls are not revised to account for remote workforces
• Reduced oversight and communication across the organization
• Noncompliance with organizational policies or applicable accounting
standards, laws, and regulations
• Confidential data is not adequately protected
• Increased user access or change in job responsibilities may result in lack of
segregation of duties
24.
25. evolution Fighting Fraud
actioninto
• Establish effective internal controls
• Establish a fraud hotline
• Red flags of fraud to be aware of:
• Bank reconciliations not performed in a timely manner
• One individual has control over disbursements
• Altered documents
• Inventory shortages
• Employees living beyond their means
• Accounts receivable open for long periods of time
• Donors not receiving receipts for contributions
26. evolution Suspecting Fraud
actioninto
• Do nothing - avoid bad publicity or hope that the problem will disappear
• Attempt to handle the issue internally
• Engage law firm and/or forensic accountants
• Identify how the loss occurred,
• Preserve any available evidence,
• Quantify the loss,
• Control the flow of information and
• Minimize the loss.
• At completion – aide management in establishing adequate fraud
prevention and risk management policies
27. evolution Lessons Learned
actioninto
• It starts with the tone at the top
• Most frauds are detected through tips or by accident
• The higher an individual’s position the greater their ability to
commit fraud.
• Don’t rely upon annual audits
• Sufficient insurance coverage should be in place.
28. 28
Polling Question #3
Are you confident that your company has
made the necessary changes to its
internal controls in light of the remote
world we are currently functioning in?
A. Yes
B. No
C. Not Sure
evolution
action
29. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
TECHNOLOGY, RISK ADVISORY, AND
CYBERSECURITY (TRAC)
DAVID ROATH, CPA
PARTNER AND TRAC PRACTICE LEADER
CITRIN COOPERMAN
30. 30
30
ABOUT OUR TRAC PRACTICE
TRAC Overview
In today’s environment, companies are exposed to mounting
risks associated with increased business complexity, technology
challenges, the growing regulatory environment, and
cybersecurity threats and breaches.
Business walks a fine line between risk and reward. Citrin
Cooperman’s Technology, Risk Advisory, and Cybersecurity
Practice (TRAC) offers integrated services in the areas of:
• IT Risk
• Risk Advisory including internal audits, SOX, and compliance
• Cybersecurity and privacy
We help focus on risk, so you can focus on what counts – your
business. Let us help you stay OnTRAC!
TECHNOLOGY, RISK ADVISORY, AND CYBERSECURITY (TRAC)
31. 31
31
THE PRE-COVID CYBER THREAT LANDSCAPE
15.1 Billion Records Were
Lost, Stolen, or Exposed In
2019
Increase In the Number of
Breaches in 2019 vs 2018:
284%
There Is a Cyber Attack
Every 39 Seconds
43% of Cyber Attacks
Target Small Businesses
91% of Breaches Are the
Result of Phishing Attacks
Average Days to Detect a
Breach: 206
Average Days to Contain a
Breach: 73
Average Cost of a Breach Is
39.5% Higher When
Unprepared
32. 32
32
2019
THE PRE-COVID CYBER THREAT LANDSCAPE
• No industry or sector is spared
• Breaches are more sophisticated, on a larger scale,
and have greater impact
• Data breaches have serious financial consequences
for organizations
• According to the Ponemon Institute’s most recent
annual study, the average organizational cost of a
data breach in 2019 was $8.2 million, or $150 per
compromised record
• COVID increases the likelihood of a data
breach at a time when companies are ill-
equipped to deal with the repercussions
• WFH distractions combined with 18,000,000
spear-phishing emails per day is creating a
perfect storm
• The recession created by COVID makes it
more difficult for companies to recover from
an attack
2016
2017
2008
2009
2010
2011
2012
2013
2014
2007
2015
HackingTeam
2018
2020
33. 33
33
CYBERSECURITY AND PRIVACY RISKS
A set of scenarios based on impacts to Assets by potential
Threats and their ability to leverage Vulnerabilities
ASSETS
Processes, information, and systems with
varying degrees of value to the organization
THREATS
Actors that are motivated to attack or
misuse your assets
VULNERABILITIES
Flaws, control weaknesses, or exposures of
an asset to compromise
UNDERSTANDING
YOUR RISK
35. 35
35
KNOW WHAT THE HACKERS ARE AFTER
MOTIVATIONS & INCENTIVES
Defense, National
Security, Critical
Infrastructure
36. 36
36
THE COST OF A BREACH
• Fines and penalties
• Technology expenditures
• Forensics
• Legal counsel
• Notification
• Downtime
• Reputation
37. 37
37
FROM BAD TO WORSE: CYBERSECURITY IN THE
COVID ERA
Working From Home: The Risks (Cybersecurity & Privacy)
• Technology
• VPN networks set-up recently “in a rush” to allow employees to work from home
• Vulnerabilities can result from the usage of unsecured personal computers and networking
equipment (e.g., routers)
• A remote workforce can make it more difficult for IT staff to monitor and contain threats to network
security
• Unsecured video conferencing
• Social Engineering
• Attacks are up over 600% since February 2020
• Potential distractions increase likelihood of successful spear-phishing and malware attacks
• Other Risks
• Workforce reductions could lead to disgruntled employees
• Privacy concerns (e.g., family, Amazon Echo, etc.)
40. 40
40
NFP CYBERSECURITY AND PRIVACY DISRUPTERS: HOT
TOPICS
1 Governance and Risk Assessment
Vulnerability Management
Third-Party Risk Management
Training and Awareness
2
6
4
Incident Response and Recovery3
Data Security and Privacy Compliance5
41. 41
41
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
GOVERNANCE AND RISK ASSESSMENT
➢ Most NFP administrators do not know their critical systems or data,
and have not thought about the likelihood and impact of a data
breach
➢ You can’t protect what you don’t know you have
➢ It is much easier (and far less expensive) to be proactive versus
being reactive when responding to risk
➢ How mature should a company’s controls be?
The Issue
INDEX
42. 42
42
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
GOVERNANCE AND RISK ASSESSMENT
The Action
➢ Identify and document the following:
➢ Critical systems and sensitive data
➢ Protections that are in place
➢ Outsourced IT providers
➢ Identify and prioritize the threats and threat actors
➢ Where they can originate from
➢ Likelihood of an incident
➢ Impact and cost
➢ Determine how mature the business needs to be
➢ Develop a written information security program
➢ Consider using an industry framework for assessment (e.g., NIST)
➢ Establish a formal cybersecurity committee
INDEX
43. 43
43
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
VULNERABILITY MANAGEMENT
The Issue
➢ Social Engineering
➢ The most efficient path to steal an organization’s data or deliver
ransomware is through the use of social engineering attacks
➢ Spear-phishing emails, USB drives, smishing and vishing attacks
➢ Gmail is blocking more than 100 million phishing emails every day
➢ 94% of malware and 91% of breaches originate with a spear phishing
attack
➢ Whaling attacks are becoming prevalent
➢ Technical vulnerabilities
➢ Every unpatched or misconfigured server, network device, application,
computer, and mobile device is a potential target of attacks
➢ Penetration testing is conducted by only 20% of companies
➢ Equifax is an example of unpatched server leading to a massive
breach
INDEX
44. 44
44
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
VULNERABILITY MANAGEMENT
The Action
➢ For social engineering, utilize a “trust but verify” approach to gauge
employees’ ability to detect and avoid attacks by conducting simulated
social engineering campaigns that include:
➢ Spear-phishing campaigns
➢ USB drive drops
➢ Smishing and vishing simulations
➢ Penetration and/or vulnerability testing
➢ Utilize a professionally-simulated “bad guy” to identify weaknesses
before an attacker does
➢ Conduct tests on a periodic basis, prioritizing and addressing any
vulnerabilities that are identified
INDEX
45. 45
45
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
INCIDENT RESPONSE AND RECOVERY
The Issue
➢ The average cost of a data breach is almost 40% higher when there
is no incident response plan
➢ A study showed that 77% of organizations didn't have formal
cybersecurity incident response plan (CSIRP) applied consistently
across their organization
➢ Without having a plan in place, it is impossible to execute an effective
response when a data breach is occurring
➢ Not having a plan can result in the following:
➢ Extended downtime
➢ Loss of public trust
➢ Compliance penalties
INDEX
46. 46
46
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
INCIDENT RESPONSE AND RECOVERY
The Action
➢ Develop a formalized cyber incident response plan
➢ Clearly define roles and responsibilities
➢ Establish effective methods of communication
➢ Routinely test and improve the plan
➢ Perform viability testing on backups on a regular basis
➢ If your business does not have internal forensic resources, proactively
enlist the aid of a third-party incident response and forensics firm on
retainer
➢ Develop relationships with local law enforcement or similar agencies
INDEX
47. 47
47
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Third-party services are critical to an NFP organization’s success, and
include:
➢ Technical support providers
➢ Cloud-based financial applications
➢ Security monitoring
➢ Email
➢ Data backup solutions
➢ These providers are not immune to disruption, including those related
to COVID-19, ranging from depleted manpower to insolvency
➢ The pandemic has uncovered many unanticipated issues and
limitations, related to inadequate resources
➢ A service provider may have an overseas workforce located in
an area that has yet to be hit by or will see a resurgence of
COVID-19
The Issue
INDEX
48. 48
48
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Develop policies and procedures
➢ Components may include purpose, definitions, scope of coverage, roles and responsibilities, monitoring,
exit strategies, governance, and oversight
➢ SOC Report and SLA requirements
➢ Compile a third-party inventory
➢ Utilize business stakeholder surveys, accounts payable vendor listings, and legal and/or procurement
contract databases
➢ Inherent risk assessments
➢ A grading system completed by the business
The Action
INDEX
49. 49
49
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Require vendor due diligence questionnaires
➢ Completed by the vendor
➢ Determine and evaluate residual risk and perform ongoing monitoring
The Action
INDEX
Inherent Risk Rating
ControlAssessmentRating
Very High High Medium Low Very Low
N T E N T E N T E N T E N T E
Poor Onsite 12
Scoped
Testing
Remote 18
Scoped
Testing
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Fair Onsite 12
Scoped
Testing
Remote 18
Scoped
Testing
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Good Remote 12
Scoped
Testing
Remote 18
Scoped
Inquiry
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Very
Good
Remote 12
Scoped
Testing
Remote 18
Scoped
Inquiry
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
50. 50
50
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
DATA SECURITY AND PRIVACY COMPLIANCE
➢ A business needs to document what type of information it collects so that
it can determine the relevant regulations that need to be met
➢ Different data types have different regulation requirements
➢ Personally identifiable information (PII) State Regulations,
GDPR
➢ Protected Health Information (PHI) HIPAA
➢ Credit card data PCI DSS
➢ Why a company should achieve compliance:
➢ Enhance security
➢ Avoid fines and penalties
➢ Build confidence with customers and business partners
➢ Currently, there is no federal standard, so all 50 states have implemented
their own data breach notification regulations, with 24 states enacting data
security and privacy regulations
➢ If you have employees or customers that live in those states, you may
need to comply with the applicable state requirements
The Issue
INDEX
51. 51
51
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
DATA SECURITY AND PRIVACY COMPLIANCE
➢ Every NFP should assign someone within your organization to be
responsible for enforcing privacy compliance
➢ How to achieve compliance:
➢ Don’t pass responsibility to unqualified individuals
➢ Don’t store sensitive data unless it has a critical business purpose
➢ Document and maintain evidence of your efforts
➢ The typical compliance process involves a gap assessment, followed
by remediation, compliance testing, and the issuance of any reporting
➢ Compliance is not a “one and done” – it is ongoing and requires
sustainment efforts to remain compliant
The Action
INDEX
52. 52
52
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
CYBERSECURITY AWARENESS TRAINING
The Issue
➢ Employees are the weakest link in the security chain and need to be
aware of the risks that could impact their organization, including:
➢ Not being aware of spear phishing and other social engineering
attacks
➢ Not being aware of the importance of handling and securing hard
copies of sensitive data
➢ Not being aware of regulatory compliance requirements
➢ Not being aware of remote and mobile computing best practices
➢ Not being aware of the dangers related to USB drives
INDEX
53. 53
53
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
CYBERSECURITY AWARENESS TRAINING
The Action
➢ Each business should develop a training program delivery format and
duration that maximizes retention of key concepts for their employees
➢ When to provide training:
➢ During the onboarding process
➢ Annually for all employees
➢ Focused training for anyone with direct contact with PHI, PII, or
other sensitive information
➢ Extra focus should be placed on detecting and avoiding social
engineering attacks
INDEX
54. 54
54
NEXT STEPS
➢ Perform a risk and/or maturity assessment of your organization
➢ Meet relevant regulatory compliance requirements
➢ Implement a robust cybersecurity awareness training program
➢ Develop written information security policies and procedures
➢ Evaluate third-party vendor security policies and procedures
➢ Conduct penetration and vulnerability testing
➢ Establish and test a comprehensive incident response plan
55. 55
55
IT RISK, CYBERSECURITY & PRIVACY SERVICES
IT Risk and Cybersecurity Programs
• Virtual Chief Information Security Officer
(vCISO)
• IT Policy and Procedure Development
• Third-Party Risk Management
• Disaster Recovery / BCP
• IT / Cybersecurity Due Diligence
Cybersecurity & Privacy Business Risk and
Maturity Assessment
• SCORE Report
• Cybersecurity & Privacy Business Risk and
Maturity Assessment
• IT Risk Assessment
Threat and Vulnerability Management
• External and InternalNetwork Attack and
PenetrationTesting
• Spear-Phishing Campaign
• PhysicalSecurity Assessment
• Wireless Network Security Assessment
• Server Security Assessment
• Web ApplicationSecurity Assessment
• Network Device ConfigurationReviews
Incident Breach Preparedness and Response
• Incident Response Preparedness
• CyberSecure Incident Response and Forensics
Business walks a fine line between riskand reward. This set of services helps you manage uncertainty around IT risk, cybersecurity,and privacy, so you can focus on what
counts – your business. Let us help you stay OnTRAC!
Compliance and Frameworks
• Cyber ComplianceServices
▪ PCI, HIPAA, GDPR, NIST, GLBA, CMMC
• Third-Party Assurance
▪ SSAE18 (SOC 1, 2, 3, Cybersecurity)
Data Mapping and Other Data Services
• Data Mapping
• DatabaseCreation and Other Data Services
• Data Analytics
56. 56
Polling Question #4
Do you have an understanding of what the
key application and sensitive data are
that need to be protected at your
company?
A. Yes
B. No
C. Maybe
evolution
action
58. evolution COVID-19 RESPONSE UNIT
actioninto
Find constant, real-time access to tax alerts, industry-specific
communications, and recession preparedness tools you can use to help with
your business needs. Please visit our COVID-19 Response Unit at
(www.citrincooperman.com/CRU).
59. evolution ABOUT CITRIN COOPERMAN’S NOT-FOR-
PROFIT PRACTICE
actioninto
Citrin Cooperman’s dedicated Not-For-Profit Practice forms collaborative partnerships with
not-for-profit organizations to gain a deep understanding of their missions and drive creative
solutions tailored to their unique needs.
We are committed to your compliance, governance, regulatory, and consulting
needs so you can focus on what counts: your mission.
Our team members are active on boards of local not-for-
profit organizations and national associations. This
enhances our ability to serve our clients and demonstrates
our commitment to providing unparalleled service to the
not-for-profit industry.
To learn more about our Not-For-Profit Group and the
services we provide, please click the following link
https://www.citrincooperman.com/industries/not-for-profit.
61. evolution DISCLAIMER
actioninto
These materials provided by Citrin Cooperman & Company, LLP, are intended to provide general
information on a particular subject or subjects and are not an exhaustive treatment of such subject(s)
and are not intended to be a substitute for reading the legislation. Any advice contained in this
communication, including attachments and enclosures, is not intended as a thorough, in-depth
analysis of specific issues. Nor is it sufficient to avoid tax-related penalties. The materials are being
provided with the understanding that the information contained therein should not be construed as
legal, accounting, tax or other professional advice or services. Before making a decision or action that
may affect you or your business, you should consult with Citrin Cooperman & Company, LLP, or
another qualified professional advisor. The materials and the information contained therein are
provided as is, and Citrin Cooperman & Company, LLP, makes no express or implied representations
or warranties regarding these materials. Without limiting the foregoing, Citrin Cooperman & Company,
LLP, does not warrant that the materials or information contained therein will be error-free or will meet
any particular criteria or performance or quality. In no event shall Citrin Cooperman & Company, LLP,
its affiliates, officers, principals and employees be liable to you or anyone else for any decision made
or action taken in reliance on the information provided in these materials. The information and content
provided in these materials is owned by Citrin Cooperman & Company, LLP, and should only be used
for your personal or internal use and should not be copied, redistributed or otherwise provided to third
parties.