Archive for November, 2007

PwC releases Internal Audit 2012

PwC released this study a few months ago titled “Internal Audit 2012* – A study examining the future of internal auditing and the potential decline of a controls-centric approach”

Five key trends were identified as:
1. Globalisation
2. Changing internal audit roles
3. Changes in risk management
4. Talent and organisational issues
5. Technological advancement

Also, ten (10) imperatives were suggested to provide the foundation for a high-performance Internal Audit function in the years to come, they are:
1. Achieve sufficient strategic stature for internal audit within the organisation.
2. Develop and regularly update a formal strategic plan aligned with key enterprise-wide objectives and stakeholder expectations.
3. Communicate frequently with key stakeholders on their needs, expectations, and satisfaction with internal audit.
4. Align HR strategies with enterprise and stakeholder needs.
5. Adopt a risk-centric value proposition that focuses continually on enterprise risks.
6. Take an integrated approach to IT audit, one designed to strengthen IT capabilities.
7. Leverage technology to optimise audit operations.
8. Strategically leverage internal audit knowledge and expertise.
9. Commit to continuous quality assurance and improvement.
10. Link performance measures to strategic goals.

The study can be downloaded here

PwC releases – The global state of information security 2007

PwC has released a publication titled “The global state of information security 2007”, which can be downloaded here and in particular the Financial Services industry specific results can be downloaded here

Key findings for the Financial Services sector results are:

-As the global regulatory environment becomes more complex, gains in protecting data privacy have slowed.
-The “insider threat” may actually be growing.
-Dedicating more resources to protecting data is becoming an increasingly strategic priority.
-Measurement and monitoring: Rules are only effective if they’re followed.
-Outsourcing processes to third parties doesn’t transfer risk — it often increases it.