This page contains a list of all of the publications available on KnowledgeLeader from the following categories: Articles, Newsletters, Performer Profiles, Protiviti Booklets, Questions & Answers, Regulatory Updates, and Survey Reports. If you would like to explore a specific publication category, please use the links on the left.
The following 1382 items are listed by date.
March 22, 2010
2009 IT Internal Audit Capabilities and Needs Survey
To gauge how IT Internal Audit professionals perceive their present capabilities and knowledge, Protiviti conducted a survey of 200 IT Audit professionals asking more than 70 questions in three subject areas: General Technical Knowledge, IT Audit Process Knowledge, and Personal Skills and Capabilities. Our findings show that automated and continuous monitoring, security and privacy, and fraud identification and prevention are among the top priorities for IT internal auditors.
CONTENT AREA: Survey Reports
TOPICS: Internal Audit, Continuous Auditing, IT Audit, Security, Fraud, Privacy
March 22, 2010
Assessing and Reducing Information Exposure
As someone responsible for security, you should ask yourself several questions to determine how much of your corporate information is at risk. While it may sound simple, many organizations don’t take the time to examine information from all sides, including both an internal view and an external view. As information traverses networks, applications, endpoints and people, an information exposure assessment of actual data loss risk across networks, Web applications, storage and endpoints can help companies determine how exposed their information might be.
CONTENT AREA: Articles
TOPICS: IT Infrastructure, Risk Management & Assessment, Security, Network & Internet Security, Enterprise Risk Management, Privacy
March 22, 2010
Defining, Redefining and Achieving Work-Life Balance: A Moving Target
Although U.S. unemployment hovers at double digits, employees demand work-life balance, which seems counterintuitive. According to the news reports, job prospects for new college graduates and those who are unemployed seem bleak. Shouldn’t those who have jobs just be happy that they are employed? What does work-life balance really mean, and how can it become a reality?
CONTENT AREA: Articles
TOPICS: Human Resources, Performance Management/Measurement
March 22, 2010
Internal Auditing is an Asset for Small Companies as well as Large Ones
The term “internal audit” usually inspires two immediate responses. The first is fear: The second is the image of a large FORTUNE 500 company with the people and other resources that an internal audit function requires. But smaller organizations and even entrepreneurs can perform internal auditing or have it performed in an efficient and cost-effective way that produces positive change and results, improves the business and its underlying processes, and may even make employees happier about the work they do and how they do it.
CONTENT AREA: Articles
TOPICS: Internal Audit, Audit Committee & Board, Audit Planning, Risk Management & Assessment
March 22, 2010
SEC Publishes Interpretive Guidance on Climate-Change Disclosure (证交会发布有关气候变化的披露准则解释指引)
2010年1月27日,美国证券交易委员会(简称“证交会”)经投票后决定向上市公司提供解释指引,以指导其在应对涉及气候变化的商业活动或法律事项时应如何运用证交会现行披露准则。证交会的解释指引着重强调了四个方面可能会引发有关气候变化的披露,而这些披露主要体现在主要风险因素的披露、管理层讨论与分析(MD&A),以及在某些情况下,企业的业务描述部分。
CONTENT AREA: Regulatory Updates
TOPICS: Financial Reporting, Compliance, Laws & Regulations, China
March 22, 2010
U.S. and Foreign Nonaccelerated Filers and Foreign Locations
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on U.S. and foreign nonaccelerated filers and foreign locations. Topics covered are: Is Section 404 applied differently to smaller companies? Based on experiences to date by U.S. and foreign filers, what are the lessons for companies who have just begun their compliance efforts? And, when evaluating the severity of control deficiencies, how do foreign private issuers apply the reference to “interim financial statements” included in the definition of a material weakness?
CONTENT AREA: Questions & Answers
TOPICS: Financial Reporting, Taxation, Cross Border & Non-US Issues, Sarbanes-Oxley Act, External Auditor, Section 404 - Internal Control Reporting, IFRS
March 15, 2010
Choosing the Right Risk-Management Framework
When it comes to choosing a framework for implementing enterprise risk management, companies should research their options carefully and weigh the many choices out there. In this article, experts offer their tips on how to select the one framework that best fits a company’s needs.
CONTENT AREA: Articles
TOPICS: Corporate Governance, Audit Committee & Board, COSO, Enterprise Risk Management
March 15, 2010
Digital Multifunctional Devices: Forensic Value and Corporate Exposure
Every day, billions of pages of confidential information -- medical records, legal documents, and financial data -- are produced and distributed using sophisticated digital office systems -- printers, copiers, facsimile, and MFDs. Many businesses may be unaware that whenever these devices are connected to a network, the risk of unauthorized access and data loss exists. Critical data and documents are therefore vulnerable to security breaches, yet organizations often focus on securing their network, PCs and servers and not on device input/output equipment - leaving a back door open to anyone intent on undermining your business interests. An MFD may also be a source of electronic evidence for an auditor or investigator.
CONTENT AREA: Articles
TOPICS: Technology, IT Controls, Security, Enterprise Risk Management, Fraud
March 15, 2010
Gaining Assurance Over Critical Spreadsheets
This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions," addresses common questions about gaining assurance over critical spreadsheets. Topics covered are: How can the organization ensure that spreadsheet owners are appropriately managing spreadsheet risk? Is it possible to rely on the spreadsheet risk management process to provide assurance over the critical spreadsheets? And, how often should spreadsheets or the spreadsheet control environment be evaluated?
CONTENT AREA: Questions & Answers
TOPICS: IT Audit, Risk-management frameworks, Sarbanes-Oxley Act, IT Controls, Process-Level Control
March 15, 2010
Organizing for Risk Oversight
How the board views risk oversight as a process should dictate how it chooses to organize itself for purposes of executing that process. The risk oversight process enables the board and management to develop a mutual understanding regarding the risks the company faces over time as it executes its business model for creating enterprise value. There is no one size that fits all. This issue of
Board Perspectives: Risk Oversight discusses some of the factors that boards of directors should consider as they organize their board for risk oversight.
CONTENT AREA: Newsletters
TOPICS: Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management