Publications

October 10, 2011
Forty Hard-Won Business Continuity Lessons from the 2011 Earthquakes in New Zealand and Japan
Drawing mainly on news coverage of the earthquakes in Christchurch, New Zealand and the Sendai region of Japan earlier this year, this article presents a series of forty generally applicable lessons for business continuity management.
CONTENT AREA: Articles
TOPICS: Business Continuity Management, Disaster Recovery, Operations Security, Physical Security

October 10, 2011
Is Your Company Vulnerable to a Rogue Trader?
Financial instruments are powerful tools utilized by traders to manage market risk. However, things can easily go wrong when transactions are managed inappropriately, or an individual intentionally attempts to transact outside of approved boundaries and conceal his or her activities. To mitigate the potential for such risk, companies typically implement risk policies as well as robust middle and back office control infrastructures.
CONTENT AREA: Articles
TOPICS: Enterprise Risk Management, Energy & Utilities Industry, Financial Services Industry, Ethics, Fraud

October 10, 2011
Is Your Organization an Early Mover? (您的企业是先行者吗?)
作为一个行业“先行者”（early mover），应能够迅速识别独特的市场机会或风险，在其他同行开始行动之前或与其他同样抓住这一机会的同行一道，利用所获信息来评估自己面前的选择机会和应对方案，从而把握机会或降低风险。时间即先行者的优势。市场的变化随时导致关键战略假设无效，而相对充裕的时间则令其在决策时有了更多的选择空间。身处现今错综复杂的商业环境，一旦公司不能成功跻身“先行者”之列，很可能被市场所淘汰。
CONTENT AREA: Newsletters
TOPICS: Audit Committee & Board, Enterprise Risk Management, Strategic Risk, Performance Management/Measurement, China

October 10, 2011
Separate Risk Committee Poll
This week’s poll question asks: Does your own organization have a separate risk committee associated with the board of directors?
CONTENT AREA: Polls
TOPICS: Audit Committee & Board, Enterprise Risk Management, Strategic Risk

October 10, 2011
Should the Board Have a Separate Risk Committee?
In certain circumstances, the Dodd-Frank legislation in the United States requires a separate risk committee comprised of independent directors for boards of financial institutions. Over time, it is possible we could see some “trickle-down effect” of this approach on the board risk oversight of non-financial services companies. With this perspective as a context, the question is: should the board of directors establish a separate risk committee of the board?
CONTENT AREA: Newsletters
TOPICS: Audit Committee & Board, Enterprise Risk Management, Strategic Risk

October 10, 2011
The European Union (EU) Data Protection Directives
This section of "The Global Privacy and Information Security Landscape: Frequently Asked Questions" focuses on European Union privacy laws and regulations. Topics covered include: What are the European Union (EU) Data Protection Directives? What is the purpose of the EU General DP Directive? And, what role do the EU member states play?
CONTENT AREA: Questions & Answers
TOPICS: Cross Border & Non-US Issues, European Union, Security, Investigations/Forensics, Security Management Practices, Laws & Regulations, Privacy

October 3, 2011
2011 IT Audit Benchmarking Survey Report
Protiviti conducted this inaugural IT Audit Benchmarking Survey with input from close to 500 professionals, in order to analyze IT audit trends and gaps in today's dynamic technology environment. We define “IT audit” as the process of collecting and evaluating evidence of the management of controls over an organization’s information systems, practices, controls and operations. Perhaps not surprisingly, we found that the growth and prevalence of technology throughout most operations in a company are outpacing the assessment, management and monitoring of related IT risks. The key trends and takeaways from the study are discussed further in this report.
CONTENT AREA: Survey Reports
TOPICS: Information Technology Risk, IT Audit, IT Controls, IT Governance, Audit Reporting

October 3, 2011
Canada - Laws and Regulations
This section of "The Global Privacy and Information Security Landscape: Frequently Asked Questions" focuses on privacy laws and regulations in Canada. Topics covered include: What is PIPEDA? What is considered “personal information” under PIPEDA? And, how does Canada’s definition of personal information in PIPEDA differ from the European Union’s definition?
CONTENT AREA: Questions & Answers
TOPICS: Cross Border & Non-US Issues, Canada, Security, Investigations/Forensics, Security Management Practices, Laws & Regulations, Privacy

October 3, 2011
Corporate Directors Share Their Insights on M&A Success
Many companies with balance sheets flush with cash are now seeking to accelerate corporate growth through mergers and acquisitions (M&A). Today’s environment is creating tremendous opportunity for corporate directors to optimize the value of an M&A. Peer exchange, particularly at the corporate director level, is one of the most effective and highly-valued methods of learning what works best and delivers the most value; but, which directors are leading the changes in how boards engage in the M&A process? More important, which directors are getting great results from their innovative methodologies? Would these successful directors be willing to share their leading practices with their board peers? To answer these questions, the authors held one-on-one interviews with some of the most seasoned corporate directors in the United States.
CONTENT AREA: Articles
TOPICS: Audit Committee & Board, Change Management, Initial Public Offering, Performance Management/Measurement

October 3, 2011
Federal Deposit Insurance Corporation Approves Two “Living Will” Rules
On September 13, 2011, the Federal Deposit Insurance Corporation (FDIC) approved a final rule implementing Section 165(d) of the Dodd-Frank Act which requires large and systematically important financial institutions to develop and maintain resolution plans, often referred to as “living wills.” As approved, the rule requires bank holding companies with assets of $50 billion or more and nonbank financial services companies designated as “Systemically Important Financial Institutions” to develop and maintain plans for their orderly resolution in the event they suffer financial distress or face failure. This Flash Report outlines the provisions of the rule and the implementation timetable.
CONTENT AREA: Regulatory Updates
TOPICS: Financial Services Industry, Compliance, Dodd-Frank Act, Performance Management/Measurement