Publications

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Featured

Goods gone bad: Addressing money-laundering risk in the trade finance system
The rise of trade-based money laundering presents direct financial, reputational, and compliance risk to the financial services companies, banks, and global trade organizations that provide and utilize trade finance. Financial firms can address these increased AML challenges by leveraging analytics and statistical transaction monitoring techniques to identify information, trends, connections, and anomalies indicative of trade-based money laundering schemes.
Metrics by Design Metrics by Design
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.
Managing the Shadow Cloud Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.
EU Data Protection Reforms EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.
State of Compliance Survey, 2014 State of Compliance Survey, 2014
Today’s Chief Compliance Officers (CCOs) face more responsibility than ever, but also an opportunity to play a more strategic role in their organizations and become vital members of the C-suite, according to the findings from PwC's 4th Annual State of Compliance Survey.
Oracle Advanced Controls (GRC) Study Oracle Advanced Controls (GRC) Study
Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.
An enhanced GRC program protects and enables business performance. Is your investment in GRC performing for you? An enhanced GRC program protects and enables business performance. Is your investment in GRC performing for you?
The complexity of today’s business environment demands that GRC assumes a new role, upping its value protection and compliance game and also becoming a direct enabler of business performance. We call this kind of integrated, strategic approach Performance GRC.
Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.
2014 State of the Internal Audit Profession Study 2014 State of the Internal Audit Profession Study
Our annual State of the Internal Audit Profession, which includes responses from more than 1,900 chief audit executives (CAEs), internal audit managers, members of senior management, and board members, representing 24 industries and 37 countries, provided substantial insight into how internal audit is performing and the steps individual functions are taking to increase their contribution to their respective organizations.
Click here to download one or more of our sector specific survey reports to learn how executives in your industry responded.
Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own? Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own?
Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.
10Minutes on Data Privacy 10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.
10Minutes on service provider transparency 10Minutes on service provider transparency
This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.
The Internal Audit Analytics Conundrum—Finding your path through data The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.
Avoiding the drift: Optimizing and maintaining AML surveillance programs Avoiding the drift: Optimizing and maintaining AML surveillance programs
This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.
Three quick wins for an analytics driven compliance testing function Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term sustainable strategy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Top publications by service

Metrics by Design Metrics by Design
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

2014 State of the Internal Audit Profession Study 2014 State of the Internal Audit Profession Study
Our annual State of the Internal Audit Profession, which includes responses from more than 1,900 chief audit executives (CAEs), internal audit managers, members of senior management, and board members, representing 24 industries and 37 countries, provided substantial insight into how internal audit is performing and the steps individual functions are taking to increase their contribution to their respective organizations.
Click here to download one or more of our sector specific survey reports to learn how executives in your industry responded.

The data conundrum: Finding your path with data analytics The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

What is Internal Audit's role in transformational change? What is Internal Audit's role in transformational change?
Internal Audit has a role in transformational change programs. This includes collaboration with other assurance providers within the organization to ensure positive outcomes. This whitepaper highlights six suggestions for Internal Audit involvement that are designed to help them plan their role.

Fortifying your defenses - The role of internal audit in assuring data security and privacy Fortifying your defenses - The role of internal audit in assuring data security and privacy
Companies should construct three lines of defense, with internal audit playing a critical role in providing assurance around data security and privacy controls and practices.

IA and the cloud IA and the cloud
Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.


Managing the Shadow Cloud Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

EU Data Protection Reforms EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

10Minutes on data privacy 10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.

10Minutes on service provider transparency 10Minutes on service provider transparency
This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.

2013 Data Privacy Survey
PwC's 2013 survey of privacy professionals across the United States includes 370 respondents at the board of directors level responsible for oversight of privacy programs, as well as practitioners involved in day-to-day privacy operations.

Getting the right fit on service organization/provider controls reporting
Getting the right fit on service organization/provider controls reporting highlights the opportunity that organizations have to reconsider the controls related reporting that they issue (or receive) and whether it fully meets their emerging business, operations, technology, and regulatory responsibilities. The paper demystifies the SOC 1, 2, and 3 designations, and focuses on the fact that the SAS 70 / SSAE 16 report is not a "one-size-fits all" controls report, and that other options might prove to be a better fit.

Out with the old SAS 70 and in with the new SSAE 16
Out with the old SAS 70 and in with the new SSAE 16 focuses on the key differences for management in moving from the SAS 70 standard to SSAE 16, and the impact associated with these differences. The paper diffuses speculation that this will be a major change, and focuses management on the fact that much of what "looks different" already exists today.

Trust but verify
This slogan was used during the Cold War to describe the basis for transparency in political relationships. Today, the term can be used to describe a strategy for narrowing the "trust gap" not between nations, but between companies and stakeholders.
 

ID Theft Red Flag Rules ID Theft Red Flag Rules
Companies should be proactively evaluating whether they are in compliance with the updated Red Flag Rules pertaining to identify theft. In light of the new rules and a shift in regulatory authority, SEC and CFTC regulated companies that previously may have not focused on Red Flag Rules should now consider re-evaluating whether they should develop and implement an identity theft program.

Taking control of FATCA Taking control of FATCA
Most organizations implementing FATCA are currently focused on addressing core requirements around due diligence, withholding and reporting. However, leading organizations are simultaneously working to address governance, compliance and controls frameworks.

Protecting your brand in the cloud: Transparency and trust through enhanced reporting Protecting your brand in the cloud: Transparency and trust through enhanced reporting
Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns.


10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.
Streamlining and Aligning Your Control Processes For Stronger Growth and Lower Costs
Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. Data is expanding exponentially in both volume and diversity. Organizations that move into developing markets face additional challenges. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, realtime management of internal controls.

Goods gone bad: Addressing money-laundering risk in the trade finance system
Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study Oracle Advanced Controls (GRC) Study
GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework
The NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology (NIST), yields no surprises for critical infrastructure executives who have followed its development. The Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting to proactive risk-management standards. While the Framework is voluntary, organizations across industries may gain significant benefits by adopting the guidelines. This paper outlines the primary components of the NIST Cybersecurity Framework as well as the pros and cons for early adopters.

Virtual currencies: Out of the deep web, into the light Virtual currencies: Out of the deep web, into the light
Bitcoin and other virtual currencies have reached the point of broad influence, with the potential to tip over into full mainstream acceptance. But the potential for money laundering, large-scale theft, terrorist financing, and other illicit uses has regulators concerned. Financial services firms can play a critical role in the integration of virtual currencies through the implementation of anti-money laundering procedures and controls, including transaction monitoring and know-your-customer protocols.

Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

Avoiding the drift: Optimizing and maintaining AML surveillance programs Avoiding the drift: Optimizing and maintaining AML surveillance programs
This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.

Three quick wins for an analytics driven compliance testing function Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term, sustainable strategy.

The data conundrum: Finding your path with data analytics The data conundrum: Finding your path with data analytics
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

Global risk in the transformation age Global risk in the transformation age
Companies are reconsidering their risk thinking and approaches, but they’re also transforming to align with changing market imperatives—and in the process, exposing themselves to multi-directional risks.

SAP implementation and controls study SAP implementation and controls study
To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent.

2014 Global information Security Survey 2014 Global Information Security Survey
The Global State of Information Security® Survey, an annual, worldwide study by PwC, CIO magazine, and CSO magazine, aims to inform and stimulate the debate on how businesses are facing today’s security challenges. This year’s survey was conducted online from February 1, 2013, to April 1, 2013. The results are based on the responses of more than 9,600 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from across 115 countries.

Make information work to your advantage Make information work to your advantage
Whether you are exploring the benefits of a data governance program or have already embraced data governance and are looking to refine your efforts, the concepts and methodology described in this document will prove helpful.
State of Compliance Survey, 2014 State of Compliance Survey, 2014
Today’s Chief Compliance Officers (CCOs) face more responsibility than ever, but also an opportunity to play a more strategic role in their organizations and become vital members of the C-suite, according to the findings from PwC's 4th Annual State of Compliance Survey.

Business continuity beyond company walls An enhanced GRC program protects and enables business performance:
Is your investment in GRC performing for you?

The complexity of today’s business environment demands that GRC assumes a new role, upping its value protection and compliance game and also becoming a direct enabler of business performance. We call this kind of integrated, strategic approach Performance GRC.

Business continuity beyond company walls Business continuity beyond company walls:
When a crisis hits, will your vendors’ resiliency match your own?

Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.

Risk in Review 2014: Re-evaluating how your company addresses risk Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

10Minutes on why the COSO Update deserves your attention 10Minutes on why the COSO Update deserves your attention
COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

10Minutes on conflict minerals 10Minutes on conflict minerals
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.

ISO 22301, Societal Security ISO 22301, Societal Security
ISO 22301 is the first international business continuity management (BCM) standard and will likely become the de facto standard for the global business community. This article provides an overview of the standard, its affect on the supply chain and what steps businesses need to take to become compliant.

Business Continuity Management 2012 Business Continuity Management 2022
In this article, we take a look at the current state of business continuity management to see if our predictions came true. Then, we look into our crystal ball and share our predictions for the next 10 years.