Publications

May 2, 2011
Background on Privacy and Information Security
This section of "The Global Privacy and Information Security Landscape: Frequently Asked Questions" provides a background on privacy and information security. Topics covered include: What types of businesses have the most significant exposure to privacy risk? What steps have lawmakers and regulators taken to address concerns about privacy? And, what are the primary objectives of privacy legislation?
CONTENT AREA: Questions & Answers
TOPICS: Information Technology Risk, Network & Internet Security, Security Architecture & Models, Security Management Practices, Laws & Regulations, Privacy

May 2, 2011
Comparing the COSO ERM Framework with ISO 31000
In 2001, COSO published its ERM Framework, noting at the time that it was “increasingly clear that a need exists for a robust framework to effectively identify, assess and manage risk.” Eight years later, the International Organization for Standardization published ISO 31000 to provide principles and generic guidelines on the implementation of risk management. In this podcast, Protiviti Managing Director Jim DeLoach details the similarities and key differences between these two global standards and how to apply each.
CONTENT AREA: Podcasts
TOPICS: Enterprise Risk Management, Risk Assessment, COSO, Project Management, Training & Development

May 2, 2011
Guide to Public Company Readiness
While public offerings require a wide range of organizational, legal, underwriting and external market expertise, this publication focuses on how to be prepared for an initial public offering (IPO) from an infrastructure and back-office perspective. Infrastructure considerations frequently pose the greatest risks to the execution of an IPO – particularly those that relate to financial reporting; the efficiency of the financial close process; governance, risk management and compliance; and the information technology (IT) environment.
CONTENT AREA: Protiviti Booklets
TOPICS: Financial Reporting, Corporate Governance, Enterprise Risk Management, Information Technology Risk, Sarbanes-Oxley Act, Initial Public Offering, Laws & Regulations

May 2, 2011
SEC Issues Study and Recommendations on Section 404(b) for Issuers with Public Float between $75 and $250 Million
Last year, Section 989G(b) of The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 mandated a study by the Securities and Exchange Commission (SEC) on Section 404(b) of the Sarbanes-Oxley Act of 2002 for issuers with public float between $75 and $250 million. The final study was issued on April 22. The attached Flash Report summarizes the study’s approach to gathering information and elaborates further on its recommendations.
CONTENT AREA: Regulatory Updates
TOPICS: Sarbanes-Oxley Act, External Auditor, Section 302-Executive Certifications, Section 404-Internal Control Reporting, Dodd-Frank Act

May 2, 2011
Where IT Services are Headed
The services model is likely to become the dominant model for IT operations in the long term. Note the use of the words dominant and long term. Long term means that the dominance will not arrive in the next 2 to 3 years.
CONTENT AREA: Articles
TOPICS: Business Continuity Management, Information Technology Risk, IT Infrastructure, IT Strategy, Cost Management, Cloud Computing

April 25, 2011
Provisioning Process: A Discussion
This article discusses some of the IT account provisioning issues currently faced by small- and medium-sized businesses and lays out a strategy for a streamlined provisioning process. These are the first steps required to move toward automating the provisioning process with an identity management strategy.
CONTENT AREA: Articles
TOPICS: IT Controls, IT Infrastructure, IT Audit, Access Control Systems, Network & Internet Security, Internal Controls, Process-Level Control

April 25, 2011
SPB’s investments in internal audit-specific technology allow a small audit team to cover more ground and focus on value-adding activities
SPB has been an affinity insurance specialist since 1965. In this profile, Christelle Legrix, SPB’s director of internal audit, discusses how a very small audit team has leveraged technology to see results. The use of technology allows the internal audit function to align with the board’s expectation of consistent follow-up on audit recommendations to monitor improvement.
CONTENT AREA: Performer Profiles
TOPICS: France, Financial Services Industry, Audit Testing, Continuous Auditing, IT Audit

April 25, 2011
The Importance of Strong IT Governance During a Financial Crisis
The recent financial crisis and its lingering consequences have sparked many questions about how the economic downturn could have been prevented or how its effects might have been mitigated. One area that has not been given as much attention is the importance of strong IT governance during difficult times. In this podcast, Protiviti Managing Director Jonathan Wyatt discusses the keys to effective IT governance.
CONTENT AREA: Podcasts
TOPICS: Information Technology Risk, IT Controls, IT Governance, IT Infrastructure, IT Strategy

April 18, 2011
Managing Risk as Part of ERP Implementations
When undertaking a large investment such as an enterprise resource planning (ERP) implementation, there is little margin for error. It is critical for the project to be completed on time and be as effective as possible. An organization cannot afford to miss important aspects of an implementation such as efficient and effective control design and hope to “build it in at the end of the project.”
CONTENT AREA: Articles
TOPICS: Information Technology Risk, Strategic Risk, IT Infrastructure, IT Controls, Project Management

April 18, 2011
Recent Data Breach Could Be Another Wakeup Call
Earlier this month, a large marketing organization suffered a breach resulting in the unauthorized exposure of customer email addresses. This Flash Report discusses the issues posed by this breach and what third-party service providers (and organizations using third-party service providers) should do to reduce the risks. The questions discussed focus on whether the data governance framework protects sensitive data and information from all types of cyber threats.
CONTENT AREA: Regulatory Updates
TOPICS: Information Technology Risk, IT Infrastructure, Security Architecture & Models, Security Management Practices