KnowledgeLeader Blog

Top Ten KnowledgeLeader Publications: Q3 2017

Posted by Protiviti KnowledgeLeader on Fri, Nov 03, 2017 @ 10:20 AM

In case you missed them, these were the ten most popular publications on KnowledgeLeader last quarter:


1. The Updated COSO Internal Control Framework: Frequently Asked Questions

Companies should familiarize themselves with the New Framework, determine their transition plan, and communicate to stakeholders the release of the New Framework and its implications to the organization. In this booklet, we address various questions regarding the New Framework from COSO, including the reasons why it was updated, what has changed, the process for transitioning to its use, and steps companies should take now.





2. Updated COSO ERM Framework: What's New?

This issue of The Bulletin discusses why the COSO ERM Framework needed to be updated and how the focus is now on what is really important in making enterprise risk management work within an organization.









3. Internal Auditing Around the World: Volume 13

Since 2005, Protiviti has been reporting on trends in the internal audit profession in our annual Internal Auditing Around the World®series. The internal audit leaders we’ve interviewed over the years have spoken candidly about the challenges that they and their teams have faced. The focus for Volume XIII is on a challenge that places these leaders in often unfamiliar and somewhat uncomfortable territory: auditing risk culture.








HI Cyber Attacks Can Be Costly—Is Cyber Insurance the Answer-page-001.jpg

4. Cyber Attacks Can Be Costly—Is Cyber Insurance the Answer?

The WannaCry malware attack in mid-May focused the attention of corporations around the world on escalating cyber threats. The grave consequences of weak cybersecurity—from business disruptions to the expense of repairs and lawsuit payouts—may lead some to believe organizations are scrambling to make cyber liability insurance part and parcel of their IT security protocols. Yet, according to recent surveys, roughly half of U.S. firms don’t have cyber risk insurance due to cost and complexity. 

This article outlines three pivotal issues management teams and their insurance brokers should discuss before committing to a policy.





 5. Improving Your Company’s Risk Assessment Process

An enterprise risk assessment (ERA) is a systematic and forward-looking analysis of the impact and likelihood of potential future events and scenarios on the achievement of an organization’s business objectives within a stated time horizon. In many organizations, the process begins with an articulation of the governing business objectives and a common risk language to provide a context for understanding risk and the predetermined criteria needed to assess risk. Often, the assessment results are displayed on a grid or map for review by decision-makers.

This issue of Board Perspectivessummarizes 10 practices that will help management and directors maximize the value derived from the risk assessment process.





 6. 2017 Procurement Survey

 The key takeaway from the results of Protiviti’s 2017 Procurement Survey is clear: Procurement functions need to focus on how they drive value and how they quantify and communicate their performance. In what is arguably the most notable finding in the survey, close to half of finance leaders say 20 percent or less of procurement savings drop to the bottom line. Just one in five finance leaders say their procurement functions effectively manage both direct and indirect costs. Overall, only a small percentage of bottom lines actually realize the savings that procurement functions have achieved. These and other issues identified in the study need to change. 



AA Six Months to New Revenue Standard Deadline-page-001.jpg

 7. Six Months to New Revenue Standard Deadline

ASC 606 becomes mandatory for all public companies at the end of 2017. A small number of S&P 500 companies reported their intent to adopt the new standard early; a bold move, considering that ASC 606 is by no means an easy standard to adopt. Only a handful of companies adopted the standard in Q1 2017. The table enclosed presents those S&P 500 companies that have already adopted the standard, along with the adoption method and the impact of the adoption on retained earnings.

In this article, Audit Analytics mostly focuses on the disclosure available in the revenue recognition and new accounting standard footnote of the annual and quarterly reports. The complex ASC 606 standard, however, will likely necessitate additional internal controls considerations.

HI Four Ways to Make Internal Audit More Lean and Agile-1.jpg


8. Four Ways to Make Internal Audit More Lean and Agile

Everyone wants to produce more with less. If you have heard the expressions “lean” and “agile,” you may think they refer to weight loss and flexibility or associate them with software development—and you may wonder how they apply to internal audit. The Agile Manifesto’s core values drive a mindset that focuses on creating results that address stakeholder and user needs. Being "lean" means targeting areas of waste, i.e., unnecessary, non-value-added activities, and eliminating them. 

This article describes agile techniques in audit and identifies unproductive activities that can slow down an audit. It also outlines four things you can do to be lean, agile and IPPF-compliant, even if you don’t want to—or culturally cannot—adopt the entire Agile Manifesto.




9. 2017 Sarbanes-Oxley Compliance Survey

Chief audit executives, chief financial officers, and other finance and internal audit leaders eagerly seek benchmarking data on costs, hours, control counts, and much more as they determine how and where to streamline compliance activities while addressing numerous regulatory and market changes. 

These data points, and much more, can be found in the results of Protiviti’s latest Sarbanes-Oxley Survey. All results presented in this report are from publicly held organizations.



 Board-Perspectives-Risk-Oversight-Board s-Oversight-Supply-Chain-Risk-Issue93-Protiviti-page-001-2.jpg

 10. The Board’s Oversight of Supply Chain Risk

Operational risk is the risk that one or more future events will impair the effectiveness or viability of the business model in achieving expected financial results and creating sustainable value for customers and stakeholders. One important source of operational risk relates to the organizations, people, processes and resources that make up the supply chain. In many sectors, companies increasingly depend on the external elements of the supply chain as organizations seek to cut costs while increasing capabilities and global reach.

Every business, whether it handles financial contracts, natural resources, raw materials or components, is dependent upon a well-functioning, cost-effective supply chain. The board, therefore, should consider its oversight of supply chain risks.

Topics: KL Top Ten, KnowledgeLeader Publications

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Start 30-day Free Trial

Recent Posts

Posts by Topic

see all