Over the years, thanks to the input of thousands of executives from a number of sectors and territories, we have gained significant insight into how organizations are addressing the evolving risk landscape. The findings are published in both PwC's State of the Internal Audit Profession Study and our Risk in Review Study.
Organizations often use customer information collected online to understand and effectively target consumers. This process requires not only the attention of the chief privacy officer, but also the chief marketing officer. Almost daily, news headlines underscore the importance of this with data breaches becoming commonplace. For consumers to provide complete and accurate information, they must know they can trust your organization.
Knowing how your advertising spend compares to that of your competitors is an important benchmark that allows you to save money; and using media auditing and benchmarking pools is the definitive way to do this. Or is it? It’s time to question the value of these pools.
With the COSO’s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time for companies to use the updated framework to evaluate the effectiveness of their systems of internal control over financial reporting. This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.
Going public is a transformational event that pushes a company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.
The Global State of Information Security® Survey 2015 is a worldwide study by PwC, CIO, and CSO. Security breaches are on the rise, and it is no surprise to find that as the number of information security incidents continues to mount, so do financial losses. Survey respondents in 2014 report that the number of detected incidents soared to a total of 42.8 million, a 48% leap over 2013. This increase comes at great cost: Total financial losses attributed to security compromises increased 34% over 2013.
Successful investors continually look around the corner to anticipate the next challenge and the next opportunity, both today and tomorrow. And investors expect the companies they invest in to be similarly forward thinking. So what’s important to investors, and what do they expect of corporate directors? Our second annual survey takes a look.
The proposed General Data Protection Regulation, which is currently proceeding through the European legislature, would introduce widespread data protection changes and greatly increase financial sanctions for noncompliance. These changes are likely to raise significant challenges in regard to data protection compliance for all businesses (regardless of the location of their establishments) that operate or provide goods and services within the European Union (EU). During the webcast, Jay, Stewart and James will discuss the changes the new law would introduce, its current status and how US companies can prepare.
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.
The rise of trade-based money laundering presents direct financial, reputational, and compliance risk to the financial services companies, banks, and global trade organizations that provide and utilize trade finance. Financial firms can address these increased AML challenges by leveraging analytics and statistical transaction monitoring techniques to identify information, trends, connections, and anomalies indicative of trade-based money laundering schemes.
At the present time, no two developments in the insurance sector seem more entwined than risk and regulation, and nowhere is this interaction more evident than in developing regulatory expectations for insurers’ boards of directors. While regulators still seem far apart in their search for a single global capital regime, they are much closer to a consensus on terms of governance.
Being aware of risks is one thing; taking specific action to address them head on is another. Many companies have tended to look at risk management as something they should react to, rather than something that they should build into the company culture.
Organizational Conflicts of Interest pose reputational, legal, regulatory and financial risks - and they are very difficult to detect. Without resorting to overly intrusive procedures, how can organizations manage the risks posed by Conflicts? This white paper discusses some of those risk-mitigation techniques, and how they might apply in your organization.
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.
Retail and consumer goods companies are experiencing greater levels of economic crime. Nearly half of respondents say their company has experienced this type of event in the last two years. By far the most commonly reported type of economic crime for the sector is asset misappropriation, while other common types of fraud included bribery and corruption, accounting fraud and cybercrime.
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.
GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.
In the new norm, leak survey is no longer viewed simply as a compliance activity—it is integrated with risk assessment, work identification, and investment planning to transform integrity management and enhance pipeline safety.
PwC's SAP practice invites you to attend the ‘Data at Risk! Protecting your intellectual property within SAP' webcast to find about leading practices to classify, identify and protect sensitive data within SAP systems.
Data protection and privacy is an urgent issue for both consumers and businesses. As customers increasingly worry whether their personal information is secure and used appropriately, companies are also concerned about protecting data and their brand. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses lead on data privacy by building customer trust and enhancing their brand.
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.
Businesses depend on service providers to handle confidential data, run essential business processes, and manage critical technology. This can leave businesses vulnerable to service provider breakdowns. The result can be the providers’ clients violating regulations and even losing customer trust. Yet many businesses may know less than they realize about their service providers’ controls. This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.
While organizations have made significant security improvements, they have not kept pace with today’s determined adversaries. As a result, many rely on yesterday’s security practices to combat today’s threats. The results of this survey show that executives are heeding the need to fund enhanced security activities and have substantially improved technology safeguards, processes, and strategies.
For strategic transactions, managing the risks typically associated with Corporate Treasury can be paramount to a deal’s success. This article explores how to navigate those risks and seize the inherent opportunities that effectively position Corporate Treasury and strategically transform the new organization.
What are the technical and reporting issues impacting retail and consumer products companies? PwC's Retail & Consumer KnowledgeBrief provides insights and summaries on restructuring comment letter trends and disclosure reminders, data protection, conflict minerals, the Patient Protection and Affordable Care Act, and more.
What most concerns investors? What do investors expect of corporate directors? How do investors view the current quality of corporate disclosures? We asked investors about these issues, and the message received is clear: Investors want to know more about the risks that companies have identified, and how they are managing them. And investors are looking for more information.
Whistleblower reform is having significant impact. The SEC’s Office of the Whistleblower has one full year of operation under its belt, and with it 3,001 tips and two awards to date. Leading companies are looking closely at the Office’s first-year report and drawing lessons for building stronger ethics and compliance programs. They’re also considering what it takes to create a highly ethical culture. This 10Minutes highlights the importance of having an ethical culture at the workplace.
On May 14, 2013, COSO published an updated Internal Control-Integrated Framework and related illustrative documents. This Dataline highlights noteworthy updates to the Framework, summarizes the purpose of the illustrative documents, and highlights key considerations for clients.
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.
The acquisition of a business can have a significant impact on both the risk exposures and risk management strategies of the combined entity. In many cases, an acquirer’s financial risk exposure will increase as a result of the acquisition. However, there may be situations in which the acquiree’s operations reduce the acquirer’s current risk exposure. In any event, identifying potential changes in enterprise risks, creating an action plan to address them, and managing changes to risk management strategies post-acquisition are critical to developing short- and long-term solutions for integrating financial risk management considerations in an acquisition.