Publications

March 15, 2010
Choosing the Right Risk-Management Framework
When it comes to choosing a framework for implementing enterprise risk management, companies should research their options carefully and weigh the many choices out there. In this article, experts offer their tips on how to select the one framework that best fits a company’s needs.
CONTENT AREA: Articles
TOPICS: Corporate Governance, Audit Committee & Board, COSO, Enterprise Risk Management

March 15, 2010
Digital Multifunctional Devices: Forensic Value and Corporate Exposure
Every day, billions of pages of confidential information -- medical records, legal documents, and financial data -- are produced and distributed using sophisticated digital office systems -- printers, copiers, facsimile, and MFDs. Many businesses may be unaware that whenever these devices are connected to a network, the risk of unauthorized access and data loss exists. Critical data and documents are therefore vulnerable to security breaches, yet organizations often focus on securing their network, PCs and servers and not on device input/output equipment - leaving a back door open to anyone intent on undermining your business interests. An MFD may also be a source of electronic evidence for an auditor or investigator.
CONTENT AREA: Articles
TOPICS: Technology, IT Controls, Security, Enterprise Risk Management, Fraud

March 15, 2010
Gaining Assurance Over Critical Spreadsheets
This section of Protiviti's " Spreadsheet Risk Management: Frequently Asked Questions," addresses common questions about gaining assurance over critical spreadsheets. Topics covered are: How can the organization ensure that spreadsheet owners are appropriately managing spreadsheet risk? Is it possible to rely on the spreadsheet risk management process to provide assurance over the critical spreadsheets? And, how often should spreadsheets or the spreadsheet control environment be evaluated?
CONTENT AREA: Questions & Answers
TOPICS: IT Audit, Risk-management frameworks, Sarbanes-Oxley Act, IT Controls, Process-Level Control

March 15, 2010
Organizing for Risk Oversight
How the board views risk oversight as a process should dictate how it chooses to organize itself for purposes of executing that process. The risk oversight process enables the board and management to develop a mutual understanding regarding the risks the company faces over time as it executes its business model for creating enterprise value. There is no one size that fits all. This issue of Board Perspectives: Risk Oversight discusses some of the factors that boards of directors should consider as they organize their board for risk oversight.
CONTENT AREA: Newsletters
TOPICS: Corporate Governance, Audit Committee & Board, Risk Management & Assessment, Enterprise Risk Management

March 15, 2010
Private Companies and Initial Public Offerings
This section of Protiviti's "Guide to The Sarbanes-Oxley Act," addresses common questions focused on private companies and initial public offerings. Topics covered are: Any advice for a privately held company that intends to either undertake an IPO or sell to a public company during the next two to three years? If a private company has plans to go public sometime in the future, with plans to file an S-1 three years from now (which would require three years of audited financial statements), would three years of internal control attestation reports by its public accountants be required as well? And, should a privately held company implement provisions of Sarbanes-Oxley?
CONTENT AREA: Questions & Answers
TOPICS: Sarbanes-Oxley Act, Internal Controls, Section 404 - Internal Control Reporting

March 8, 2010
Bribery Bill: The Impact on U.K. Business
In March 2009, the U.K. government published a draft Bribery Bill which places greater accountability on individuals and corporations registered or carrying out business in the U.K. to prevent bribery by their employees or agents. The bill is expected to be enacted during 2010.The information in this article is based on the Bribery Bill as it currently stands. Issues related to corporate hospitality, facilitation payments and offset arrangements have been raised by the industry, and such activities will be limited by the “improper performance” test and subject to prosecutorial discretion.
CONTENT AREA: Articles
TOPICS: Cross Border & Non-US Issues, United Kingdom, Ethics, Fraud, Laws & Regulations

March 8, 2010
Designing Backup for Recovery
The goal of this article is to discuss how a backup system needs to be designed to facilitate recoveries. The purpose of a backup is to provide a mechanism to recover lost information. Therefore, backup systems must be designed to allow those recoveries to take place with as little effort or cost as possible.
CONTENT AREA: Articles
TOPICS: Business Continuity Management, Disaster Recovery, IT Infrastructure, Risk Management & Assessment, Document Retention, Enterprise Risk Management

March 8, 2010
Landmark Case Could Be a Game Changer: E-discovery is No Longer Just a Legal Issue
Last month, a court order laid down criteria for evaluating discovery conduct that potentially impacts the risk profile of every company involved in U.S. litigation. For C-level executives that have had difficulty staying with the e-discovery conversation in the past, now is the time to pay attention. Given the potential impact to the risk profile of organizations involved in U.S. litigation, the objective of issuing this Flash Report is to supplement and highlight the legal analyses with the business message to help executives outside of the legal department understand what this ruling really means from a nonlegal point-of-view.
CONTENT AREA: Regulatory Updates
TOPICS: Audit Committee & Board, Risk Management & Assessment, Investigations/Forensics, Ethics, Fraud, Laws & Regulations

March 8, 2010
Revenue Recognition: Does Your Company Have it Right?
Most pre-IPO companies realize the need for consistent, reliable revenue recognition -- and they are not going public until they get it. While elevated pressures on company directors and executives for more revenue accountability, better internal controls and improved risk management are not new as a result of Sarbanes-Oxley, recent economic events have created a climate in which the bar is being raised even higher. This article reviews several areas where emerging regulations either already have or may soon impact an organization’s revenue risk management practices and its internal control environment.
CONTENT AREA: Articles
TOPICS: Revenue, Audit Committee & Board, Risk Management & Assessment, Best Practices

March 8, 2010
The IIA Proposes Revisions and New Standards to its International professional Practices Framework
On February 15, 2010, The Institute of Internal Auditors (IIA) opened a 90-day comment period on proposed revised and new Standards for the International Standards for the Professional Practice of Internal Auditing. The IIA’s Internal Audit Standards Board (IASB) periodically reviews all of The IIA’s guidance (at least once every three years). It is proposing three new Standards, 14 changes to existing Standards, deletion of two Standards, and edits and deletions to some glossary terms.
CONTENT AREA: Regulatory Updates
TOPICS: Internal Audit, Audit Committee & Board, Internal Audit Administration, Internal Controls, Training & Development