Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - RSRV
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
ITEM 1A. RISK FACTORS
We do not employ a Chief Information Officer. The Audit Committee discusses risks and threats most applicable to the Company and inquires of management regarding design and effectiveness of controls in place to address the prevention, detection, mitigation and remediation of cybersecurity incidents. The Audit Committee provides regular reports to the full Board of Directors.
Due to the our size, our information technology (“IT”) environment does not utilize overly complicated systems or processes. We do not sell products or conduct business in an online environment and our primary transactional activity is done through partnerships with oil and gas operators and other investment managers. We utilize a third party managed services provider (“Provider”) for security applications, monitoring, and updates to our information technology environment. The Chief Financial Officer serves as the relationship manager for and has regularly scheduled meetings with the Provider to evaluate whether the services provided meet our needs, review hardware and software obsolescence, and identify any new threats that need to be addressed. We also engage a separate third-party vendor to provide staff IT security education, testing for social engineering vulnerabilities, and reporting on employee training.
We utilize various third-party service organizations for critical areas of operations, including stockholder transfer agent services, accounting software, financial reporting software and regulatory filings, and mineral management software. We obtain System and Organization Controls (“SOC”) reports for each vendor and ensure that internal controls are designed and implemented to adequately meet the applicable user controls identified within the SOC report for each vendor.
To date, we have not experienced a cybersecurity incident that resulted in a material adverse effect on our business strategy, results of operations or financial condition ; however, there can be no guarantee that we will not experience such an incident in the future.
Not applicable.
6
ITEM 1B. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 1C.ITEM 1A. CYBERSECURITY
Governance
Risk Management and Strategy
Through the Provider, automated security tools are used to monitor all Windows-based systems and provide defense against cyberattacks perpetrated on or against these systems and to protect internal systems from known and unknown cybersecurity threats. These security tools include:
•Advanced, next-generation endpoint security software, which detects attempted attacks on internal Windows-based systems and analyzes the attack providing context for said attacks to analysis teams. This data is then used to mitigate the attack and resolve the incident.
•Privilege management software, which provides application context to reviewers to aid in the preemptive identification of malicious activities on a system. When administrative permissions are requested, details regarding the requesting process are forwarded to our provider for review and analysis before granting administrative privileges, limiting an attacker’s ability to affect and compromise systems in the environment.
•Email security tools provided and managed by our Provider, which protect against email-based attacks. These tools include an email security gateway and an additional automated email filtering security. These tools provide advanced, AI-powered phishing detection and remediation for all Microsoft 365 email users in the environment.
We require all devices used by employees to be protected with the security measures listed above. It is also our policy that all devices be used by the employee only and any use by non-employees is prohibited.
7
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| VTAK | 15 minutes ago |
| DEFI | 43 minutes ago |
| KLNG | an hour ago |
| PRPL | an hour ago |
| MMTRS | an hour ago |
| RSRV | an hour ago |
| PLMK | 2 hours ago |
| CBAT | 2 hours ago |
| XBP | 2 hours ago |
| CDZI | 2 hours ago |
| DQWS | 2 hours ago |
| CVKD | 2 hours ago |
| IPDN | 2 hours ago |
| MAMO | 2 hours ago |
| CNTN | 2 hours ago |
| TLGYF | 2 hours ago |
| MDLK | 2 hours ago |
| TOON | 2 hours ago |
| IMNN | 2 hours ago |
| SGRP | 2 hours ago |
| CABR | 2 hours ago |
| SOWG | 2 hours ago |
| PPTA | 2 hours ago |
| COCP | 2 hours ago |
| PVLA | 2 hours ago |
| LBRA | 2 hours ago |
| DOMH | 3 hours ago |
| AQB | 3 hours ago |
| AIRJ | 3 hours ago |
| LMFA | 3 hours ago |
| GALT | 3 hours ago |
| LTCH | 3 hours ago |
| YHNA | 3 hours ago |
| BTBD | 3 hours ago |
| AIFF | 3 hours ago |
| CNET | 3 hours ago |
| XTNT | 4 hours ago |
| NXDT | 4 hours ago |
| CWBHF | 4 hours ago |
| THMG | 4 hours ago |
| VRME | 4 hours ago |
| AIB | 4 hours ago |
| MRDN | 4 hours ago |
| NTHI | 5 hours ago |
| QIND | 5 hours ago |
| BIRD | 13 hours ago |
| HSDT | 13 hours ago |
| EMMA | 13 hours ago |
| PAL | 13 hours ago |
| TBH | 13 hours ago |
