Publications

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Featured

An enhanced GRC program protects and enables business performance. Is your investment in GRC performing for you? An enhanced GRC program protects and enables business performance. Is your investment in GRC performing for you?
The complexity of today’s business environment demands that GRC assumes a new role, upping its value protection and compliance game and also becoming a direct enabler of business performance. We call this kind of integrated, strategic approach Performance GRC.
Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.
2014 State of the Internal Audit Profession Study 2014 State of the Internal Audit Profession Study
Our annual State of the Internal Audit Profession, which includes responses from more than 1,900 chief audit executives (CAEs), internal audit managers, members of senior management, and board members, representing 24 industries and 37 countries, provided substantial insight into how internal audit is performing and the steps individual functions are taking to increase their contribution to their respective organizations.
Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own? Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own?
Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.
10Minutes on Data Privacy 10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.
10Minutes on service provider transparency 10Minutes on service provider transparency
This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.
The Internal Audit Analytics Conundrum—Finding your path through data The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.
Avoiding the drift: Optimizing and maintaining AML surveillance programs Avoiding the drift: Optimizing and maintaining AML surveillance programs
This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.
Three quick wins for an analytics driven compliance testing function Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term sustainable strategy.
10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.
1 2 3 4 5 6 7 8 9 10

Top publications by service

2014 State of the Internal Audit Profession Study 2014 State of the Internal Audit Profession Study
Our annual State of the Internal Audit Profession, which includes responses from more than 1,900 chief audit executives (CAEs), internal audit managers, members of senior management, and board members, representing 24 industries and 37 countries, provided substantial insight into how internal audit is performing and the steps individual functions are taking to increase their contribution to their respective organizations.

The data conundrum: Finding your path with data analytics The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

What is Internal Audit's role in transformational change? What is Internal Audit's role in transformational change?
Internal Audit has a role in transformational change programs. This includes collaboration with other assurance providers within the organization to ensure positive outcomes. This whitepaper highlights six suggestions for Internal Audit involvement that are designed to help them plan their role.

Fortifying your defenses - The role of internal audit in assuring data security and privacy Fortifying your defenses - The role of internal audit in assuring data security and privacy
Companies should construct three lines of defense, with internal audit playing a critical role in providing assurance around data security and privacy controls and practices.

IA and the cloud IA and the cloud
Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.

Getting strong: Leading Practices for value-enhancing internal audit Getting strong: Leading Practices for value-enhancing internal audit
Today's demanding business and regulatory environment requires an evolution in the way internal audit does its work and interacts with its stakeholders. It's an opportunity for internal audit to up its game and relevance — and get stronger with a top-down approach and a finely tuned internal audit function.

10Minutes on data privacy 10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.

10Minutes on service provider transparency 10Minutes on service provider transparency
This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.

2013 Data Privacy Survey
PwC's 2013 survey of privacy professionals across the United States includes 370 respondents at the board of directors level responsible for oversight of privacy programs, as well as practitioners involved in day-to-day privacy operations.

Getting the right fit on service organization/provider controls reporting
Getting the right fit on service organization/provider controls reporting highlights the opportunity that organizations have to reconsider the controls related reporting that they issue (or receive) and whether it fully meets their emerging business, operations, technology, and regulatory responsibilities. The paper demystifies the SOC 1, 2, and 3 designations, and focuses on the fact that the SAS 70 / SSAE 16 report is not a "one-size-fits all" controls report, and that other options might prove to be a better fit.

Out with the old SAS 70 and in with the new SSAE 16
Out with the old SAS 70 and in with the new SSAE 16 focuses on the key differences for management in moving from the SAS 70 standard to SSAE 16, and the impact associated with these differences. The paper diffuses speculation that this will be a major change, and focuses management on the fact that much of what "looks different" already exists today.

Trust but verify
This slogan was used during the Cold War to describe the basis for transparency in political relationships. Today, the term can be used to describe a strategy for narrowing the "trust gap" not between nations, but between companies and stakeholders.
 

ID Theft Red Flag Rules ID Theft Red Flag Rules
Companies should be proactively evaluating whether they are in compliance with the updated Red Flag Rules pertaining to identify theft. In light of the new rules and a shift in regulatory authority, SEC and CFTC regulated companies that previously may have not focused on Red Flag Rules should now consider re-evaluating whether they should develop and implement an identity theft program.

Taking control of FATCA Taking control of FATCA
Most organizations implementing FATCA are currently focused on addressing core requirements around due diligence, withholding and reporting. However, leading organizations are simultaneously working to address governance, compliance and controls frameworks.

Protecting your brand in the cloud: Transparency and trust through enhanced reporting Protecting your brand in the cloud: Transparency and trust through enhanced reporting
Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns.


10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.
Virtual currencies: Out of the deep web, into the light Virtual currencies: Out of the deep web, into the light
Bitcoin and other virtual currencies have reached the point of broad influence, with the potential to tip over into full mainstream acceptance. But the potential for money laundering, large-scale theft, terrorist financing, and other illicit uses has regulators concerned. Financial services firms can play a critical role in the integration of virtual currencies through the implementation of anti-money laundering procedures and controls, including transaction monitoring and know-your-customer protocols.

Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

Avoiding the drift: Optimizing and maintaining AML surveillance programs Avoiding the drift: Optimizing and maintaining AML surveillance programs
This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.

Three quick wins for an analytics driven compliance testing function Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term, sustainable strategy.

The data conundrum: Finding your path with data analytics The data conundrum: Finding your path with data analytics
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

Global risk in the transformation age Global risk in the transformation age
Companies are reconsidering their risk thinking and approaches, but they’re also transforming to align with changing market imperatives—and in the process, exposing themselves to multi-directional risks.

SAP implementation and controls study SAP implementation and controls study
To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent.

2014 Global information Security Survey 2014 Global Information Security Survey
The Global State of Information Security® Survey, an annual, worldwide study by PwC, CIO magazine, and CSO magazine, aims to inform and stimulate the debate on how businesses are facing today’s security challenges. This year’s survey was conducted online from February 1, 2013, to April 1, 2013. The results are based on the responses of more than 9,600 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from across 115 countries.

Make information work to your advantage Make information work to your advantage
Whether you are exploring the benefits of a data governance program or have already embraced data governance and are looking to refine your efforts, the concepts and methodology described in this document will prove helpful.
Business continuity beyond company walls An enhanced GRC program protects and enables business performance:
Is your investment in GRC performing for you?

The complexity of today’s business environment demands that GRC assumes a new role, upping its value protection and compliance game and also becoming a direct enabler of business performance. We call this kind of integrated, strategic approach Performance GRC.

Business continuity beyond company walls Business continuity beyond company walls:
When a crisis hits, will your vendors’ resiliency match your own?

Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.

Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

State of Compliance 2013 State of Compliance 2013
PwC is pleased to share the results from the 3rd annual State of Compliance 2013 survey. The survey was designed to give corporate compliance officers the benchmarking data they need to understand common industry practices today, and to plan for more effective and more efficient compliance operations in the future.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

10Minutes on conflict minerals 10Minutes on conflict minerals
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.

ISO 22301, Societal Security ISO 22301, Societal Security
ISO 22301 is the first international business continuity management (BCM) standard and will likely become the de facto standard for the global business community. This article provides an overview of the standard, its affect on the supply chain and what steps businesses need to take to become compliant.

Business Continuity Management 2012 Business Continuity Management 2022
In this article, we take a look at the current state of business continuity management to see if our predictions came true. Then, we look into our crystal ball and share our predictions for the next 10 years.

Beyond the first 48 hours Beyond the first 48 hours: Can your business continuity plan go the distance?
While many companies have good crisis management plans that will get them through the initial impacts of a major event, companies should implement a comprehensive business continuity management program to take them beyond the first 48 hours of a crisis or disaster.

Risk in review 2012 Coping with the unknown
This second paper in our Risk in Review series explores the risk-related issues executives are facing today, what they can expect for tomorrow, and highlights some of the ways executives are confronting these risk challenges.

Risk in review 2012 Risk in review 2012: Rethinking risk management for new market realities
In 2011, it became increasingly clear that forces unleashed during the global financial and economic crisis of 2008–2009 had irreversibly altered the terrain of the global marketplace. Even for those executives who had held out hope, it became undeniable that the global economy was not going to bounce back as it had done during other recessions.

Dealing with the SEC Whistleblower Rules - 5 steps your company can take now Dealing with the SEC Whistleblower Rules - 5 steps your company can take now
The new SEC Whistleblower rules enable employees to report possible securities violations directly to the SEC, potentially bypassing companies’ internal reporting policies. By taking steps to improve their incident reporting programs, companies can help ensure that employees feel comfortable reporting issues internally.

Seizing Opportunity - Linking Risk and Performance Seizing Opportunity - Linking Risk and Performance
PwC's analysis shows how to achieve resiliency by creating accountability and incentives for integrating risk and performance management.

Exploring Emerging Risks Exploring Emerging Risks
This whitepaper explores why companies must adopt a systematic approach to emerging risk identification, assessment and management as part of their overall approach to Enterprise Risk Management (ERM).

10Minutes on Business Continuity Management 10Minutes on Business Continuity Management
The best disaster survival manual may be obsolete if it doesn’t anticipate major disruptions to the supply chain or at outsourced operations. As a result, business continuity management (BCM) programs are being designed to continually assess—as well as counter—risks stemming from the interdependencies integral to running a business.