Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - EXPR
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
ITEM 1A. RISK FACTORS.
As a “smaller reporting company,” as defined in Rule 12b-2 under the Exchange Act, we are not required to provide the information required by this Item.
ITEM 1B. UNRESOLVED STAFF COMMENTS.
Not applicable.
ITEM 1C.ITEM 1A. CYBERSECURITY.
Except as otherwise specifically stated therein, the description of the Company’s cybersecurity risk management program set forth is as of February 3, 2024 (the last day of the Company’s 2023 fiscal year), which was prior to the completion of the Sale Transaction. Although our Board of Directors (the “Board”) still oversees cybersecurity risks, due to limited resources and personnel following the Sale Transaction, we currently no longer have in place the cybersecurity risk management program and governance structure described below, which may make us susceptible to heightened cybersecurity risks.
RISK MANAGEMENT AND STRATEGY | ||||||||||||||
Cybersecurity risk management is an integral part of our enterprise risk management strategy, which is overseen by the Board. Cybersecurity is critical to maintaining the trust of our customers and business partners, and we are committed to protecting our and their confidential and sensitive information and to mitigating cybersecurity risks that impact our systems and networks. In order to respond to the threat of security breaches and cyberattacks, we have developed a program, overseen by our Chief Technology Officer, that is designed to assess, identify, and manage material risks from cybersecurity threats. Our information security program is focused on protecting and preserving the confidentiality, integrity and continued availability of all information owned by, or in the care of, the Company.
This program includes an incident response plan that provides controls and procedures for timely and accurate reporting of any material cybersecurity incident. We periodically conduct cross-functional tabletop training exercises to rehearse our response to cyber-related breach incidents or other major security events. We also mandate information security awareness training for all employees, along with testing employee readiness through phishing simulations and providing periodic security information updates.
We regularly perform evaluations of our information security program and continue to invest in our capabilities to keep our customers, partners, suppliers and information assets in our possession safe. Although we employ service provider due diligence and onboarding procedures to identify potential cybersecurity risk, our ability to monitor the cybersecurity practices of our service providers is limited and there can be no assurance that we can prevent or mitigate the risk of any compromise or failure in the information system, software, networks and other assets owned or controlled by our vendors. While we have measures in place designed to prevent a breach or unauthorized use or disclosure of customer data and other sensitive personal information, we cannot guarantee that any of our security measures or the security measures of third parties with whom we work will effectively prevent others from obtaining unauthorized access to our customers’ information or other personally identifiable information.
GOVERNANCE | ||||||||||||||
The Board oversees our information security program. The Audit Committee of the Board (the "Audit Committee"), which is tasked with oversight of certain risk issues, including cybersecurity, receives reports from the Chief Technology Officer throughout the year. The Board and the Audit Committee also receive updates about the results of readiness assessments led by outside advisors who provide a third-party independent assessment of our technical program and our internal response preparedness. The Audit Committee regularly briefs the full Board on these matters, and the full Board also receives periodic briefings on cybersecurity threats to enhance our directors’ literacy on security issues.
EXP OldCo Winddown, Inc. | 2023 FORM 10-K | 9
Our Chief Technology Officer is responsible for developing and executing our information security program. The Chief Technology Officer partners with key corporate functions for the purpose of identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risks are monitored, implementing appropriate mitigation measures, reporting cybersecurity breaches and other information security incidents, and maintaining our information security program. The failure of our information systems to operate effectively, problems with transitioning to upgraded or replacement systems, or a breach in security of these systems could adversely impact our merchandise distribution, transaction processing, financial accounting and reporting, the efficiency of our operations, and our ability to properly forecast earnings and cash requirements. The Chief Technology Officer has more than a decade of information technology leadership experience, including responsibility for cybersecurity matters. Our information security team, reporting to the Chief Technology Officer, have appropriate cybersecurity experience and education, including CISSP and CompTIA certifications. Our management team receives regular updates on our cybersecurity posture and reviews detailed information about our cybersecurity preparedness. At least quarterly, management provides the Board and the Audit Committee with updates about our cybersecurity and related risk exposures, our policies and procedures to mitigate such exposures and the status of projects to strengthen our information security infrastructure and program maturity and defend against and respond to cybersecurity threats.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| BRRN | 1 day, 2 hours ago |
| NRT | 4 days, 7 hours ago |
| EXPR | 4 days, 21 hours ago |
| DJCO | 4 days, 23 hours ago |
| ISSC | 5 days ago |
| CETX | 5 days, 1 hour ago |
| GIPL | 5 days, 1 hour ago |
| BLYQ | 5 days, 2 hours ago |
| BRRN | 5 days, 9 hours ago |
| FCEL | 1 week, 1 day ago |
| OTLK | 1 week, 1 day ago |
| IMKTA | 1 week, 1 day ago |
| FORD | 1 week, 1 day ago |
| BDL | 1 week, 1 day ago |
| FUST | 1 week, 2 days ago |
| VPLM | 1 week, 2 days ago |
| SIF | 1 week, 4 days ago |
| BLIN | 1 week, 4 days ago |
| CLAY | 1 week, 4 days ago |
| EEGI | 1 week, 5 days ago |
| SMME | 1 week, 5 days ago |
| AVXL | 1 week, 5 days ago |
| LMNR | 1 week, 5 days ago |
| SNTW | 1 week, 5 days ago |
| TRCK | 1 week, 5 days ago |
| OCC | 1 week, 5 days ago |
| GEF | 1 week, 5 days ago |
| TBLT | 2 weeks ago |
| AVGO | 2 weeks, 1 day ago |
| TOL | 2 weeks, 1 day ago |
| CSPI | 2 weeks, 1 day ago |
| CIEN | 2 weeks, 1 day ago |
| A | 2 weeks, 1 day ago |
| ARKR | 2 weeks, 2 days ago |
| LTCH | 2 weeks, 2 days ago |
| LIVE | 2 weeks, 2 days ago |
| HEI | 2 weeks, 2 days ago |
| ESOA | 2 weeks, 2 days ago |
| AVO | 2 weeks, 2 days ago |
| JOB | 2 weeks, 2 days ago |
| ABM | 2 weeks, 2 days ago |
| MGYR | 2 weeks, 2 days ago |
| OPXS | 2 weeks, 2 days ago |
| HPE | 2 weeks, 2 days ago |
| NDSN | 2 weeks, 3 days ago |
| HOV | 2 weeks, 3 days ago |
| NVOS | 2 weeks, 3 days ago |
| YCBD | 2 weeks, 3 days ago |
| TTC | 2 weeks, 3 days ago |
| APDN | 2 weeks, 4 days ago |
