Publications

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Featured

Risk in review Risk in review
Decoding uncertainty, delivering value

PwC’s annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey? Visit the website to learn more: view the executive summary, create your risk profile using our custom benchmark tool, hear first-hand from our leaders and download the full report.
Enabling performance through advanced monitoring and testing activities Enabling performance through advanced monitoring and testing activities
Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company’s controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC’s report.
2015 State of the Internal Audit Profession Study 2015 State of the Internal Audit Profession Study
As today’s companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year’s study of more than 1300 chief audit executives (CAEs), internal audit managers, members of senior management and board members, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be. Finding True North requires innovation, self-reflection and the ability to ask “what should we do?” not “what can we do?”
Chasing a vision: Pursuing a single customer view for financial institutions
The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.
Goods gone bad: Addressing money-laundering risk in the trade finance system
The rise of trade-based money laundering presents direct financial, reputational, and compliance risk to the financial services companies, banks, and global trade organizations that provide and utilize trade finance. Financial firms can address these increased AML challenges by leveraging analytics and statistical transaction monitoring techniques to identify information, trends, connections, and anomalies indicative of trade-based money laundering schemes.
Present and functioning: Fine-tuning your ICFR using the COSO update Present and functioning: Fine-tuning your ICFR using the COSO update
This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.
Fortified for success
Building your company’s risk, controls and compliance ecosystem, for the IPO and beyond

Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.
A practical approach to measuring internal audit Metrics by design
A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.
Managing the Shadow Cloud Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.
EU Data Protection Reforms EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.
1 2 3 4 5 6 7 8 9 10

Top publications by service

Risk in review Risk in review
Decoding uncertainty, delivering value

PwC’s annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey? Visit the website to learn more: view the executive summary, create your risk profile using our custom benchmark tool, hear first-hand from our leaders and download the full report.

2015 State of the Internal Audit Profession Study 2015 State of the Internal Audit Profession Study
As today’s companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year’s study of more than 1300 chief audit executives (CAEs), internal audit managers, members of senior management and board members, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be. Finding True North requires innovation, self-reflection and the ability to ask “what should we do?” not “what can we do?”

Present and functioning: Fine-tuning your ICFR using the COSO update Present and functioning: Fine-tuning your ICFR using the COSO update
This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.

Fortified for success Fortified for success
Building your company’s risk, controls and compliance ecosystem, for the IPO and beyond

Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.

A Guide to Cloud Audits: Internal Audit’s role in balancing risk and reward in the cloud
Who safeguards company data in the cloud and manages the associated risks? Who is responsible for monitoring changes in the risk profile of a company’s cloud position? The movement to cloud presents a new host of concerns ranging from privacy and reliability, to resiliency. As organizations transform and dive deeper into the cloud environment, Internal Audit will be pivotal in guiding through the change.

A practical approach to measuring internal audit Metrics by design
A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

The data conundrum: Finding your path with data analytics The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

What is Internal Audit's role in transformational change? What is Internal Audit's role in transformational change?
Internal Audit has a role in transformational change programs. This includes collaboration with other assurance providers within the organization to ensure positive outcomes. This whitepaper highlights six suggestions for Internal Audit involvement that are designed to help them plan their role.


SOC 2 and 3: Building customer trust through controls reporting SOC 2 and 3: Building customer trust through controls reporting
Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors’ operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust
The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. The result is increased pressure on service providers to provide greater transparency over their controls, so that their customers’ have assurance over their vendor’s operations. PwC’s Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

A Guide to Cloud Audits: Internal Audit’s role in balancing risk and reward in the cloud A Guide to Cloud Audits: Internal Audit’s role in balancing risk and reward in the cloud
Who safeguards company data in the cloud and manages the associated risks? Who is responsible for monitoring changes in the risk profile of a company’s cloud position? The movement to cloud presents a new host of concerns ranging from privacy and reliability, to resiliency. As organizations transform and dive deeper into the cloud environment, Internal Audit will be pivotal in guiding through the change.

Rethinking media auditing and benchmarking pools Rethinking media auditing and benchmarking pools
Knowing how your advertising spend compares to that of your competitors is an important benchmark that allows you to save money; and using media auditing and benchmarking pools is the definitive way to do this. Or is it? It’s time to question the value of these pools.

Managing the Shadow Cloud Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

EU Data Protection Reforms EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

10Minutes on data privacy 10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.

10Minutes on service provider transparency 10Minutes on service provider transparency
This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.

2013 Data Privacy Survey
PwC's 2013 survey of privacy professionals across the United States includes 370 respondents at the board of directors level responsible for oversight of privacy programs, as well as practitioners involved in day-to-day privacy operations.

Trust but verify
This slogan was used during the Cold War to describe the basis for transparency in political relationships. Today, the term can be used to describe a strategy for narrowing the "trust gap" not between nations, but between companies and stakeholders.
 

Taking control of FATCA Taking control of FATCA
Most organizations implementing FATCA are currently focused on addressing core requirements around due diligence, withholding and reporting. However, leading organizations are simultaneously working to address governance, compliance and controls frameworks.

Protecting your brand in the cloud: Transparency and trust through enhanced reporting Protecting your brand in the cloud: Transparency and trust through enhanced reporting
Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns.


Present and functioning: Fine-tuning your ICFR using the COSO update
This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.
Chasing a vision: Pursuing a single customer view for financial institutions Chasing a vision: Pursuing a single customer view for financial institutions
The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

The CMO’s role in privacy: Are your marketing programs affecting your brand? The CMO’s role in privacy: Are your marketing programs affecting your brand?
Organizations often use customer information collected online to understand and effectively target consumers. This process requires not only the attention of the chief privacy officer, but also the chief marketing officer. Almost daily, news headlines underscore the importance of this with data breaches becoming commonplace. For consumers to provide complete and accurate information, they must know they can trust your organization.

Streamlining and Aligning Your Control Processes For Stronger Growth and Lower Costs
Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. Data is expanding exponentially in both volume and diversity. Organizations that move into developing markets face additional challenges. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, realtime management of internal controls.

Goods gone bad: Addressing money-laundering risk in the trade finance system
Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study Oracle Advanced Controls (GRC) Study
GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework
The NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology (NIST), yields no surprises for critical infrastructure executives who have followed its development. The Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting to proactive risk-management standards. While the Framework is voluntary, organizations across industries may gain significant benefits by adopting the guidelines. This paper outlines the primary components of the NIST Cybersecurity Framework as well as the pros and cons for early adopters.

2015 Global information Security Survey 2015 Global Information Security Survey
The Global State of Information Security® Survey, an annual, worldwide study by PwC, CIO magazine, and CSO magazine, aims to inform and stimulate the debate on how businesses are facing today’s security challenges.

Virtual currencies: Out of the deep web, into the light Virtual currencies: Out of the deep web, into the light
Bitcoin and other virtual currencies have reached the point of broad influence, with the potential to tip over into full mainstream acceptance. But the potential for money laundering, large-scale theft, terrorist financing, and other illicit uses has regulators concerned. Financial services firms can play a critical role in the integration of virtual currencies through the implementation of anti-money laundering procedures and controls, including transaction monitoring and know-your-customer protocols.

Avoiding the drift: Optimizing and maintaining AML surveillance programs Avoiding the drift: Optimizing and maintaining AML surveillance programs
This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.

Three quick wins for an analytics driven compliance testing function Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term, sustainable strategy.

The data conundrum: Finding your path with data analytics The data conundrum: Finding your path with data analytics
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

SAP implementation and controls study SAP implementation and controls study
To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent.

Enabling performance through advanced monitoring and testing activities Enabling performance through advanced monitoring and testing activities
Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company’s controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC’s report.

Improving enterprise resiliency with GRC technology Improving enterprise resiliency with GRC technology
The days of inefficiently managing enterprise resilience and recovery planning by using a vast collection of documents maintained throughout shared directories are quickly coming to an end. The necessity for documentation maintenance and interconnectivity with other risk management efforts makes business continuity program administration both time-consuming and prone to errors. Implementing the business continuity application module within your GRC framework can provide significant transparency to where resiliency risks exist and how they can be managed and can engage the organization in efficiently integrating resiliency and recoverability into critical processes.

Risk in review Risk in review
Decoding uncertainty, delivering value

PwC’s annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey? Visit the website to learn more: view the executive summary, create your risk profile using our custom benchmark tool, hear first-hand from our leaders and download the full report.

Empower loss prevention with strategic data analytics How to achieve excellent enterprise risk management
If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our new series. In addition, the series will also focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Empower loss prevention with strategic data analytics Empower loss prevention with strategic data analytics
Retailers are realizing that the strategic management of risk and the reduction of shrink can have substantial impact on both profitability and customer satisfaction. Savvy retailers are using data analytics to add value to their loss prevention and risk management programs. This paper outlines key ways retailers are building successful enterprise-wide loss prevention programs that apply data and analytics.

State of Compliance Survey, 2014 State of Compliance Survey, 2014
Today’s Chief Compliance Officers (CCOs) face more responsibility than ever, but also an opportunity to play a more strategic role in their organizations and become vital members of the C-suite, according to the findings from PwC's 4th Annual State of Compliance Survey.

Business continuity beyond company walls An enhanced GRC program protects and enables business performance:
Is your investment in GRC performing for you?

The complexity of today’s business environment demands that GRC assumes a new role, upping its value protection and compliance game and also becoming a direct enabler of business performance. We call this kind of integrated, strategic approach Performance GRC.

Business continuity beyond company walls Business continuity beyond company walls:
When a crisis hits, will your vendors’ resiliency match your own?

Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

10Minutes on conflict minerals 10Minutes on conflict minerals
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.

ISO 22301, Societal Security ISO 22301, Societal Security
ISO 22301 is the first international business continuity management (BCM) standard and will likely become the de facto standard for the global business community. This article provides an overview of the standard, its affect on the supply chain and what steps businesses need to take to become compliant.

Business Continuity Management 2022 Business Continuity Management 2022
In this article, we take a look at the current state of business continuity management to see if our predictions came true. Then, we look into our crystal ball and share our predictions for the next 10 years.

Beyond the first 48 hours: Can your business continuity plan go the distance? Beyond the first 48 hours: Can your business continuity plan go the distance?
While many companies have good crisis management plans that will get them through the initial impacts of a major event, companies should implement a comprehensive business continuity management program to take them beyond the first 48 hours of a crisis or disaster.