Publications

June 27, 2011
PCI SSC Publishes PCI DSS Virtualization Guidelines
Earlier this month, the PCI Security Standards Council (SSC) released the PCI DSS Virtualization Guidelines Information Supplement. The guidelines provide guidance to those in the payment chain on the use of virtualization technology in cardholder data environments in accordance with PCI DSS.
CONTENT AREA: Regulatory Updates
TOPICS: Accounts Receivable, Consumer Products & Retail Industry, IT Controls, Security, Security Management Practices, Privacy, Cloud Computing

June 27, 2011
Perspectives on Sarbanes-Oxley Compliance – Where Companies are Saving Costs and Achieving Greater Efficiencies
In 2002, the Sarbanes-Oxley Act became law amid a chorus of complaints that the burden and cost of compliance would be too much to bear. Nine years later, the results of a survey on SOX show that, after the first year of compliance, most companies view the benefits to outweigh the costs and are continuing to leverage compliance efforts to improve their organizations. In this podcast, Executive Vice President Bob Hirth and Managing Director Jim DeLoach review these and other notable findings from Protiviti's 2011 Sarbanes-Oxley Compliance Survey.
CONTENT AREA: Podcasts
TOPICS: Sarbanes-Oxley Act, External Auditor, IT Controls, PCAOB, Section 404-Internal Control Reporting, Benchmarking

June 27, 2011
Physician Payments Sunshine Provisions in Healthcare Report – Tracking and Monitoring Spending on Healthcare Professionals and Organizations
Consumer advocates and the media have commented in recent years on the need for transparency and disclosure of financial interests related to payments made to physicians by pharmaceutical and medical device manufacturers. In 2009, the US Senate reintroduced the Physician Payments Sunshine Act; and on March 23, 2010, the Patient Protection and Affordable Health Care Act of 2009 (the “Act”) was signed into law. These manufacturers must capture payment information beginning in January 2012 to determine their ability to comply with the first reporting requirement in March 2013.
CONTENT AREA: Articles
TOPICS: Healthcare & Pharmaceuticals Industry, Compliance, Cost Management, Laws & Regulations, Performance Management/Measurement

June 27, 2011
Social Media Risk Poll
This week’s poll question asks: Does your organization’s 2011 audit plan include evaluating social media risks?
CONTENT AREA: Polls
TOPICS: Human Resources, Information Technology Risk, IT Audit, IT Controls, Risk Assessment, Social Media Risk

June 27, 2011
Telephone Consumer Protection Act (TCPA)
This section of "The Global Privacy and Information Security Landscape: Frequently Asked Questions" focuses on the Telephone Consumer Protection Act (TCPA). Topics covered include, What is the TCPA? What are the requirements of the TCPA? And, what kind of damages may an individual recover from a telemarketer who violates the TCPA?
CONTENT AREA: Questions & Answers
TOPICS: Communications Industry, Security, Security Management Practices, Laws & Regulations, Privacy

June 20, 2011
2011 Sarbanes-Oxley Compliance Poll
This week’s poll question asks: Has your organization recently reviewed its Sarbanes-Oxley compliance process with the purpose of streamlining the effort?
CONTENT AREA: Polls
TOPICS: Sarbanes-Oxley Act, External Auditor, IT Controls, PCAOB, Section 404-Internal Control Reporting, Benchmarking

June 20, 2011
2011 Sarbanes-Oxley Compliance Survey
The initial years of complying with the Sarbanes-Oxley Act of 2002 often require significant expenditure in terms of time, money and other resources. In subsequent years, costs tend to stabilize and even fall; and more organizations find that the benefits – including a stronger internal control environment and improved effectiveness and efficiency in operations – outweigh the costs. Protiviti’s second Sarbanes-Oxley Compliance Survey provides valuable and important insights into how companies are complying with the internal control related provisions of the Sarbanes-Oxley Act. This publication reports on the current state of Sarbanes-Oxley compliance for all types of organizations, the related costs, associated benefits and value, as well as how to achieve a desired state of verifiable compliance and sustainability, hopefully at a reasonable cost.
CONTENT AREA: Survey Reports
TOPICS: Sarbanes-Oxley Act, External Auditor, IT Controls, PCAOB, Section 404-Internal Control Reporting, Benchmarking, Dodd-Frank Act

June 20, 2011
Electronic Communications Privacy Act (ECPA)
This section of "The Global Privacy and Information Security Landscape: Frequently Asked Questions" focuses on the Electronic Communications Privacy Act (ECPA). Topics covered include: What is the ECPA? Who needs to comply with the ECPA? Are ISPs covered?
CONTENT AREA: Questions & Answers
TOPICS: Security, Security Management Practices, Laws & Regulations, Privacy

June 20, 2011
Improving Risk Assessments and Audit Operations
OK, you've been managing Sarbanes-Oxley compliance for years and your internal controls over financial reporting are solid. What's next for the internal audit team? How do you monitor other risks? Audit and compliance executives from Disney, Office Depot, Timken and elsewhere gave attendees at Compliance Week 2011 a glimpse into their programs. Full coverage inside.
CONTENT AREA: Articles
TOPICS: Internal Audit, Audit Committee & Board, Audit Planning, Risk Assessment, Performance Management/Measurement

June 20, 2011
The Affective Risk Management Organization
There are many good risk management standards out there for people to use including the latest in the line: ISO 31000. This is good for organizations and the profession of risk management, but to what extent can we expect this, or any other standard, to be implemented effectively by organizations?
CONTENT AREA: Articles
TOPICS: Enterprise Risk Management, Risk Assessment, Strategic Risk