Lesson from Yahoo! case: Heed disclosure requirements.

Byline: BridgeTower Media Newswires

By Joseph J. Floyd

Proper reporting for public registrants involves much more than producing financial statements in accordance with generally accepted accounting principles. In fact, the disclosures made in public filings may be as or more important and meaningful to financial statement users than what is reported on the financial statements alone.

In Item 303(a) of Regulation S-K, the U.S. Securities and Exchange Commission requires that a public registrant discuss its financial condition, changes in financial condition, and results of operations in the company's management discussion and analysis section of its public filings.

The requirements include identifying "any known trends or any known demands, commitments, events, or uncertainties that will result in or that are reasonably likely to result in the registrant's liquidity increasing or decreasing in any material way."

Another major requirement is to report "any known trends or uncertainties that have had or that the registrant reasonably expects will have a material favorable or unfavorable impact on net sales or revenues or income from continuing operations."

Complying with Item 303(a) means companies must open the door to senior management discussions and share a significant amount of information with investors. Not surprisingly, for many management teams, sharing positive news is easy, whereas openly sharing information regarding problems is not.

A recent SEC Accounting and Auditing Enforcement Release regarding the settlement of an action against Altaba Inc. (the "company") provides a very useful example of the failure to comply with disclosure requirements for an unfavorable event that involved a material data breach of personal customer information. The company is better known by its former name, Yahoo! Inc.

Of great concern, the SEC indicates that many people in the company, including senior executives, had complete transparency regarding the extent of the data breach and its risks to the company, yet the information was withheld from the shareholders for almost two years.

Below is a summary of the key facts in the case, including what the company knew compared to what it contemporaneously disclosed, as well as observations that will help audit committees and those that advise public registrants to avoid similar lapses in judgment.

Background

Per the AAER, the company in late 2014 learned of a "massive breach of its user database that...