Click the 'X' in the top right corner to close this window.
Publications
Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.Featured
 |
10Minutes on why the COSO Update deserves your attention COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment. |
 |
10Minutes on conflict minerals 10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare. |
 |
Global risk in the transformation age Companies are reconsidering their risk thinking and approaches, but they’re also transforming to align with changing market imperatives—and in the process, exposing themselves to multi-directional risks. |
 |
2013 State of the Internal Audit PwC’s ninth annual State of the Internal Audit Profession Study takes an in-depth look at how internal auditors are responding to the changing needs and expectations of their businesses. The 2013 study investigates the rapidly expanding risk landscape, the continually evolving tools and approaches internal auditors are deploying to help them fulfill their mission, and the impact of internal audit through the lens of various stakeholders. |
 |
SAP implementation and controls study To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent. |
 |
Fortifying your defenses - The role of internal audit in assuring data security and privacy Companies should construct three lines of defense, with internal audit playing a critical role in providing assurance around data security and privacy controls and practices. |
 |
XBRL reporting risk and the role of internal audit This paper reviews the risks when implementing XBRL and suggests how internal audit functions can help their organizations address reporting risks and improve supporting processes. |
 |
Dealing with the SEC Whistleblower Rules - 5 steps your company can take now The new SEC Whistleblower rules enable employees to report possible securities violations directly to the SEC, potentially bypassing companies’ internal reporting policies. By taking steps to improve their incident reporting programs, companies can help ensure that employees feel comfortable reporting issues internally. |
 |
State of Compliance 2012 PwC and Compliance Week teamed up to survey over 120 senior-level compliance executives at leading U.S. companies. The resulting report summarizes the findings of the study and provides selected benchmarking data in four key areas: Compliance organization scope and support; effectiveness; technology and resources and reporting. |
 |
Protecting your brand in the cloud: Transparency and trust through enhanced reporting Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns. |
Top publications by service
- Internal
Audit - Third Party
Assurance - Process
Assurance - IT & Project
Assurance - Governance, Risk
& Compliance
 |
10Minutes on why the COSO Update deserves your attention COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment. |
|
|
|
|
2013 State of the Internal Audit Profession Study PwC’s ninth annual State of the Internal Audit Profession Study takes an in-depth look at how internal auditors are responding to the changing needs and expectations of their businesses. The 2013 study investigates the rapidly expanding risk landscape, the continually evolving tools and approaches internal auditors are deploying to help them fulfill their mission, and the impact of internal audit through the lens of various stakeholders. |
|
|
|
 |
Enhanced Internal Audit Standards On January 23, 2013, the Board of Governors of the Federal Reserve System issued the Supplemental Policy Statement on the Internal Audit Function and its Outsourcing to the Officers in Charge of Supervision at each Federal Reserve Bank. This FS Regulatory Brief briefly summarizes the Supplemental Guidance, highlights areas that warrant particular attention due to their importance to regulators, and suggests steps that institutions should begin taking now if they have not already begun improving their internal audit functions to meet regulatory expectations. |
|
|
|
 |
Internal Audit’s Role in Transformational Change Internal Audit has a role in transformational change programs. This includes collaboration with other assurance providers within the organization to ensure positive outcomes. This whitepaper highlights six suggestions for Internal Audit involvement that are designed to help them plan their role. |
|
|
|
|
Fortifying your defenses - The role of internal audit in assuring data security and privacy Companies should construct three lines of defense, with internal audit playing a critical role in providing assurance around data security and privacy controls and practices. |
|
|
|
|
XBRL reporting risk and the role of internal audit This paper reviews the risks when implementing XBRL and suggests how internal audit functions can help their organizations address reporting risks and improve supporting processes. |
|
|
|
 |
IA and Sustainability Internal Audit 2.0: Sustainability was developed to help our clients better understand the environmental, safety and social risks associated with the changing business models and the new sustainability regulations and trends likely to impact businesses in 2011 and 2012. |
|
|
|
 |
IA and the cloud Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems. |
|
|
|
 |
Getting strong: Leading Practices for value-enhancing internal audit Today's demanding business and regulatory environment requires an evolution in the way internal audit does its work and interacts with its stakeholders. It's an opportunity for internal audit to up its game and relevance — and get stronger with a top-down approach and a finely tuned internal audit function. |
|
Protecting your brand in the cloud: Transparency and trust through enhanced reporting Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns. |
|
|
|
 |
Getting the right fit on service organization/provider controls reporting Getting the right fit on service organization/provider controls reporting highlights the opportunity that organizations have to reconsider the controls related reporting that they issue (or receive) and whether it fully meets their emerging business, operations, technology, and regulatory responsibilities. The paper demystifies the SOC 1, 2, and 3 designations, and focuses on the fact that the SAS 70 / SSAE 16 report is not a "one-size-fits all" controls report, and that other options might prove to be a better fit. |
|
|
|
 |
Out with the old SAS 70 and in with the new SSAE 16 Out with the old SAS 70 and in with the new SSAE 16 focuses on the key differences for management in moving from the SAS 70 standard to SSAE 16, and the impact associated with these differences. The paper diffuses speculation that this will be a major change, and focuses management on the fact that much of what "looks different" already exists today. |
|
|
|
 |
Trust but verify This slogan was used during the Cold War to describe the basis for transparency in political relationships. Today, the term can be used to describe a strategy for narrowing the "trust gap" not between nations, but between companies and stakeholders. |
|
10Minutes on why the COSO Update deserves your attention COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment. |
|
|
|
 |
Taking control of FATCA: Building effective internal controls and certifying compliance FATCA compliance is complex: its issues are complicated and solutions in some cases are not clear. This new whitepaper from PwC's Global Information Reporting and Risk Assurance practices explores the controls and certification challenges for impacted entities. |
|
Global risk in the transformation age Companies are reconsidering their risk thinking and approaches, but they’re also transforming to align with changing market imperatives—and in the process, exposing themselves to multi-directional risks. |
|
|
|
|
2013 State of the Internal Audit Profession Study PwC’s ninth annual State of the Internal Audit Profession Study takes an in-depth look at how internal auditors are responding to the changing needs and expectations of their businesses. The 2013 study investigates the rapidly expanding risk landscape, the continually evolving tools and approaches internal auditors are deploying to help them fulfill their mission, and the impact of internal audit through the lens of various stakeholders. |
|
|
|
|
SAP implementation and controls study To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent. |
|
|
|
 |
2013 Global Information Security Survey The Global State of Information Security® Survey 2013 is a worldwide study by PwC, CIO magazine, and CSO magazine. It was conducted online from February 1, 2012, to April 15, 2012. Readers of CIO and CSO magazines and clients of PwC from around the globe were invited via e-mail to take the survey. The results discussed in this report are based on the responses of more than 9,300 CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 128 countries. |
|
|
|
 |
Make information work to your advantage Whether you are exploring the benefits of a data governance program or have already embraced data governance and are looking to refine your efforts, the concepts and methodology described in this document will prove helpful. |
|
10Minutes on why the COSO Update deserves your attention COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment. |
|
|
|
 |
10Minutes on conflict minerals 10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare. |
|
|
|
 |
ISO 22301, Societal Security ISO 22301 is the first international business continuity management (BCM) standard and will likely become the de facto standard for the global business community. This article provides an overview of the standard, its affect on the supply chain and what steps businesses need to take to become compliant. |
|
|
|
 |
Business Continuity Management 2022 In this article, we take a look at the current state of business continuity management to see if our predictions came true. Then, we look into our crystal ball and share our predictions for the next 10 years. |
|
|
|
 |
Beyond the first 48 hours: Can your business continuity plan go the distance? While many companies have good crisis management plans that will get them through the initial impacts of a major event, companies should implement a comprehensive business continuity management program to take them beyond the first 48 hours of a crisis or disaster. |
|
|
|
 |
Coping with the unknown This second paper in our Risk in Review series explores the risk-related issues executives are facing today, what they can expect for tomorrow, and highlights some of the ways executives are confronting these risk challenges. |
|
|
|
 |
Risk in review 2012: Rethinking risk management for new market realities In 2011, it became increasingly clear that forces unleashed during the global financial and economic crisis of 2008–2009 had irreversibly altered the terrain of the global marketplace. Even for those executives who had held out hope, it became undeniable that the global economy was not going to bounce back as it had done during other recessions. |
|
|
|
|
Dealing with the SEC Whistleblower Rules - 5 steps your company can take now The new SEC Whistleblower rules enable employees to report possible securities violations directly to the SEC, potentially bypassing companies’ internal reporting policies. By taking steps to improve their incident reporting programs, companies can help ensure that employees feel comfortable reporting issues internally. |
|
|
|
|
State of Compliance 2012 PwC and Compliance Week teamed up to survey over 120 senior-level compliance executives at leading U.S. companies. The resulting report summarizes the findings of the study and provides selected benchmarking data in four key areas: Compliance organization scope and support; effectiveness; technology and resources and reporting. |
|
|
|
 |
Seizing Opportunity - Linking Risk and Performance PwC's analysis shows how to achieve resiliency by creating accountability and incentives for integrating risk and performance management. |
|
|
|
 |
Exploring Emerging Risks This whitepaper explores why companies must adopt a systematic approach to emerging risk identification, assessment and management as part of their overall approach to Enterprise Risk Management (ERM). |
|
|
|
 |
10Minutes on Business Continuity Management The best disaster survival manual may be obsolete if it doesn’t anticipate major disruptions to the supply chain or at outsourced operations. As a result, business continuity management (BCM) programs are being designed to continually assess—as well as counter—risks stemming from the interdependencies integral to running a business. |
