New SEC rulings regarding Y2k status disclosures - now also disclosure on embedded systems demanded
_____
'A full description of a company's Year 2000 readiness will generally include, at the very least, the following three elements.
First, the discussion should address both information technology ("IT") and non-IT systems. 37 Non-IT systems typically include
embedded technology such as microcontrollers. 38 These types of systems are more difficult to assess and repair than IT
systems. In fact, companies often have to replace non-IT systems since they cannot be repaired. To date, only a few
companies have addressed non-IT issues in their disclosure. 39 We are concerned that companies are overlooking non-IT
systems when they provide Year 2000 disclosure. 40
...
Second, for both their IT and non-IT systems, companies should disclose where they are in the process of becoming ready for
the Year 2000. 41 The status of the company's progress, identified by phase, including the estimated timetable for completion of
each remaining phase, is vital information to investors and should be disclosed. 42 There are no universal definitions for the
phases in a Year 2000 remediation program. 43 However, for the most part, the phases are self-explanatory, and we
recommend that companies briefly describe how they define each phase. Another challenge is describing the status of multiple
computer systems. Companies should tailor the disclosure and the format for their own particular circumstances. 44
The third essential component is a description of a company's Year 2000 issues relating to third parties with which they have a
material relationship. Due to the interdependence of computer systems today, the Year 2000 problem presents a unique policy
issue. For example, if a major telecommunications company discloses that it may have a business interruption, this may require
many other companies to disclose that they too may have a business interruption, if material. Thus, each company's Year 2000
issues may affect other companies' disclosure obligations. Companies should disclose the nature and level of importance of
these material relationships, as well as the status of assessing these third party risks. 45
sec.gov |
