The Latest Thought Leadership & White Papers

This e-Book on FCPA Compliance is produced by Compliance Week in cooperation with Kroll Advisory Solutions. The e-Book offers various articles from Compliance Week on FCPA investigations, violations and Global Anti-Corruption Programs. There is also the Kroll Advisory Solutions white paper Top-Level Commitment Necessary for Anti-Bribery Compliance.

The position of Chief Compliance Officer (CCO) has changed dramatically over the last decade. An ongoing plethora of regulations are being enacted that make compliance more important, and more challenging, than ever. Yet many corporate leaders still question the need to invest more people, time, and money in compliance than they see as absolutely necessary - until and unless something big breaks.

This survey builds on Grant Thornton's prior CAE survey from 2011 and confirms that internal audit is receptive to assimilating newer and broader responsibilities for evaluating emerging risks, ensuring appropriate corporate governance and incorporating technology into internal audit processes. It is the journey from recognition to reinvention that is likely to present the biggest challenges and potentially the biggest rewards.

This white paper uses the EMC eDiscovery Benefits Calculator1 as a basis for evaluating and comparing eDiscovery costs.

The costs and risks associated with electronic discovery are forcing organizations to grapple with a critical challenge: effectively managing the explosion of electronic information. The next-generation information governance solutions from EMC can help you save the day. Read the attached e-Discovery for Dummies booklet to understand what you should be looking for in an e-Discovery solution, EMC e-Discovery Kazeon has what you need.

PCI-DSS compliance has long been one of the most challenging standards for an organization to achieve. Between understanding what needs to change in order to become PCI compliant, and the complexity of the standard itself, achieving PCI-DSS compliance can have a significant impact on an IT budget.

Deloitte's new whitepaper, Risk Intelligent Governance in the Age of Cyber Threats, provides a way out of the catch-22. It describes how a company's approach to four specific "leading practices" in cybersecurity can give both executives and the board of directors valuable insights on its cyber risk management strengths and weaknesses - even at companies that are still ramping up its capabilities in the area.

The Insecurity of Privileged Users, a global benchmark study independently conducted by the Ponemon Institute and sponsored by HP Enterprise Security, examines the inherent risk caused by a lack of control and oversight of privileged users in the workplace and what should be done to minimize this risk. The study surveyed privileged users who are defined as having broad access rights to IT networks, enterprise systems, applications and information assets and provides valuable insights and critical success factors for governing, managing and controlling privileged user access across the enterprise.

This Compliance Week e-Book, a special publication sponsored by Axentis, Kaplan EduNeering, and Qumas, offers various articles on how healthcare and pharmaceutical companies can manage their compliance. Articles include, "Companies Prep for Health Reform 'Sunshine Rules,'" "False Claims Fines Continue to Amass for Pharma," and more. Also included are three exclusive white papers on mitigating third-party risk, managing global anti-bribery programs, and managing collaboration & outsourcing compliance across life sciences.

This Compliance Week e-Book, a special publication sponsored by SAI Global, offers various articles on how companies can manage their third-party risk management. Articles include, "Rethinking Supply Chain Risk Management Strategies," "Third-Party Corruption Risk: What You Should Know" and more. Also included are three exclusive SAI white papers on regulators, third parties, and risk management.

A rapidly growing number of forward-leaning companies are reporting that the combination of technology advancements and a continued focus on process improvements can significantly reduce the cost and difficulty of complying with the SEC's XBRL mandate, while concurrently reducing the overall time and cost of the broader SEC reporting process.

This executive summary outlines leading practices organizations can use to factor legislative inputs into all facets of their business planning process ahead of final rules.

Banks and financial services institutions face unprecedented risk and compliance challenges - and in an economic environment that's putting increasing pressure on these businesses to cut costs and boost the bottom line. This white paper, produced jointly by Compliance Week and Wipro Technologies, offers insights into how leading financial-industry players are tackling these challenges, in particular from the IT perspective.

This Compliance Week e-Book, a special publication sponsored by HP Enterprise Security, offers various articles on how companies can manage their data security. Articles include, "High-Profile Data Breaches Raise Security Alerts," "Mobile Apps: A Godsend or Compliance Headache?" and more. Also included are the results of the Data Breach Survey, published by SC Magazine.

This white paper discusses key compliance issues for companies and their executives in 2012. It details some of the areas that may draw the attention of regulators and ways in which compliance professionals and general counsel may be prepared to handle increased enforcement of regulations. These include conducting risk assessments to identify areas of concern, evaluating existing compliance programs, and in some cases, taking proactive steps in order to reduce risk.

As companies move to deploy cloud-based compliance, eDiscovery and archiving solutions, the cost advantages are significant, and the ability to respond to fast-moving business demands is vastly increased.

This Compliance Week e-Book, a special publication sponsored by Autonomy, KPMG, and Symantec offers various articles on how companies can manage their social media. Articles include, "Fitting Social Media Into Your e-Discovery Regime," "Monitoring Employees' Use of Social Media," and more. Also included are whitepapers from Autonomy, KPMG, and Symantec.

Business relationships with vendors, outsourced providers and business associates are essential but can create significant risk for regulated entities. Managing risk from these third parties is vitally important in the current regulatory environment.

Many organizations today are experiencing difficulty with attaining maturity in risk management. Organizations typically conduct enterprise risk management through simple, periodic risk assessments of historical data rolled up into ineffective management reports. This report‐focused approach is ineffective and inefficient, and fails to unlock the true value of Enterprise Risk Management.

This white paper discusses not only the security concerns that accompany virtualization but also an effective approach for protecting critical data and services while still enjoying the benefits of virtualization. The key to balancing benefit while minimizing risk comes in the form of effective IT change management.

This Compliance Week e-Book, a special publication sponsored by Altova and IBM, offers various articles on how companies can integrate XBRL. Articles include, "XBRL Enters the Final Phase," "Extension Tags Threatening XBRL's Usefulness," and more. Also included are whitepapers from Altova and IBM, sharing their expertise and latest thoughts on XBRL Integration.

In this article, Jerry Behar, co-founder and managing director of WebFilings, discusses the risks of extending your reporting gap, key findings from 2010 submissions from Fortune 100 companies, and how many of those companies are closing the gap by utilizing fully integrated SEC reporting solutions.

Companies are engaging customers and prospects on Facebook, Twitter, LinkedIn, and through blogs and posts on internal or external websites. But are they compliant with legal requirements related to social media, not to mention privacy? Answering questions on every compliance officer's mind, "Social Media and the Shifting Information Compliance Landscape," sets the stage by tracing regulators' steps to incorporating social network interactions into mainstream legal requirements.

Heretofore there has been relatively little "nuts and bolts" guidance provided to organizations demonstrating how a corruption risk assessment should be performed. Based on experience gained from numerous internal corporate investigations of corruption allegations, anti-corruption compliance assessments, and acquisition-related corruption due diligence, as well as regular interaction with regulators and relevant pronouncements, we have prepared just such a guide.

You can outsource everything except your liability. As a result supply chains have become a critical risk factor for any organization. All aspects of risk need to be assessed and managed; from financial risk to quality, scalability, security, privacy, through regulatory risk. This white paper covers the scope of a world class vendor risk management program and the steps you can take to minimize risk, reduce costs and ensure your organization complies with all relevant compliance mandates.

This Compliance Week e-Book, a special publication sponsored by Cura, McAfee and Protiviti, offers various articles on how companies can expand their compliance and risk management efforts into successful, enterprise-wide programs. Articles include, "Using the New COSO Risk Management Guidance," "Improving Risk Assessments and Audit Operations," "Companies Turning to Data Breach Insurance," and more. Also included are several whitepapers from Cura, McAfee and Protiviti, sharing their expertise and latest thoughts on ERM programs.

How can financial services companies transform themselves to drive improved business performance, while at the same time ensuring the right level of risk management? This paper discusses how financial services companies can successfully transform their business models by focusing on driving performance improvement with a lens on effective risk mitigation. The ultimate goal is achieving sustainable competitive advantage. Re-envisioning operating models is a balance of aspiration and practicality, requiring a view of the target state as well as the actionable steps to arrive there. KPMG's four-phase Target Operating Model (TOM) Methodology lies at this intersection - the junction of strategic development and tactical enablement.

As organizations invest in a variety of risk processes and functions, many companies find that they often lack a unifying vision and/or clear objectives, limiting the realization of benefits. GRC convergence replaces a fragmented approach with a single view of risk that is articulated across the entire organization, providing a common language, approach, and methodology for risk management. KPMG's GRC Holistic Model is designed to bring people, process, and data together for effective convergence.

Companies are being compelled to reassess their risk management and oversight processes in light of increasing exposure and new accountability requirements. In this changing business landscape, we also see that risks are proliferating and key stakeholders (Boards, shareholders) are demanding enhanced GRC programs/strategies. This issue brief emphasizes KPMG's guiding principles to help deliver a successful and sustainable risk management program/structure to drive business performance.

Today, many finance teams are constrained by outdated technology and forced to use manual processes to complete the 'last mile' of financial and statutory reporting.

Learn more about compliance function budget, staffing and resources at your peers and competitors. Join over 100 leading companies in taking the State of Compliance: 2011 survey and you'll receive a full benchmarking report that compares your company's specific survey responses with respective peer group data at no cost.

Compliance is tricky when it comes to information management. Over the last couple of decades, companies have amassed vast quantities of business information, generated by a broad array of content creation tools that incorporate a constantly expanding range of forms and formats.

The WikiLeaks security fiasco has shed a lot of light on document security and its inherent irony: namely that the more confidential a document is, the more it's likely to be shared. However, in today's highly collaborative environment, companies can't operate without sharing sensitive information with externals.

This Compliance Week e-Book, a special publication sponsored by SAI Global, explores the cooperation between compliance and internal audit departments and how that interaction can be expanded and improved. Articles include, "Compliance and Audit Getting It Together," and "Internal Audit Pulled in Two Directions at Once." Also included are the IIA Research Foundation's global internal audit survey, "Internal Audit Needs to Expand Its Horizons," as well as the thought leadership piece "A Close Collaboration Between Audit and Compliance Key for Effective Risk Management," written by Colin Campbell, SAI global head of GRC product management, and Michael Rasmussen, OCEG fellow.

According to the World Bank, GDP growth (5.3 percent) in sub-Saharan Africa will outpace that of developing countries such as Brazil and Russia in 2011. Combined with economies rich in resources and new, pro-democratic governments, renewed economic development could pave the way for investment by multinational corporations in the region.

As with SAS 70, service organizations continue to be responsible for defining control objectives, identifying controls, and for the description of the system. However, under SSAE 16/SOC 1,management now needs to provide an assertion that, among other things, states that the description fairly presents the system and that control objectives were designed and implemented to achieve the control objectives and (in a Type 2 Report) that controls were operating effectively during the examination period. This shifts a lot of the responsibility to management and puts them more "on the line" than SAS 70 did.

Facilitation or "grease" payments (small payments to facilitate routine government action) have historically been illegal under prior legislation and common law in the U.K., although there has been only limited enforcement. The U.K. Bribery Act, which is now in force, specifically prohibits the issue of facilitation payments, a stance not taken by the US Foreign Corrupt Practices Act.

Where do the greatest enterprise risks and game-changing opportunities reside in a pharmaceutical company today? When it comes to the rapidly shifting landscape in this tumultuous industry, a new Deloitte whitepaper makes the case that operations is the area that may face many risk-related challenges and present significant opportunities for breakthrough developments.

EisnerAmper's second annual Board of Directors Survey was designed to gain insight into the risks being discussed in American boardrooms. The results, published as Concerns About Risks Confronting Boards, is now available. The Report reveals that a company's reputation is paramount and all risks threaten this fragile asset.

Regulatory scrutiny and transparency requirements continually expose the risks of poor governance practices, driving organizations to prioritize next generation archiving for lifecycle and risk management across all content types and source targets.

In today's highly regulated business environment, organizations must comply with multiple global regulatory mandates, including privacy, industry, and process regulations. Regardless of the scope of an organization's compliance environment, regulation similarities create overlapping management, documentation, control, and audit demands, which can overwhelm efforts to identify and manage compliance risk effectively and completely.

A New Report on Internal Controls Recent changes in compliance reporting present new opportunities for organizations to build trust among customers, suppliers, business partners, and other stakeholders.

This article covers ideas for managing the deluge of social media, and outlines some of the unique challenges such as determining how to manage data with the conversational, less formal tone of today's social dialogues.

Russia is open for investment. In addition to an economy that is projected to grow 4.2% this year, the country is rich in natural resources, has a skilled and well-educated workforce, and encourages foreign investment for continued growth.

Oracle Fusion Governance, Risk, and Compliance is a modular suite of applications designed to work as a complete enterprise governance, risk, and compliance solution or as modular extensions to your existing risk management and compliance applications portfolio.

Oracle Fusion GRC Applications improve bottom-line performance by continuously monitoring transactions and applying advanced forensic analysis and embedded application controls across business processes - so you can detect more incidents and respond faster, preventing problems before they escalate or even occur.

Implementing XBRL to comply with the SEC mandate is nothing short of a completely new industry; like any new industry, it is rapidly changing. Adopt a strategy that allows you to maintain your flexibility while the industry matures over the next few years. Spend your resources today on building your team's knowledge of XBRL,

This video, "Building Your Anti-Corruption Program", features Matt Kelly, Editor-in-Chief, Compliance Week and Howard Sklar, Senior Compliance Counsel, Recommind.

The recent XBRL compliance mandate provides CFOs with a logical and investor-justifiable opportunity to more freely implement various reporting changes intended to better align company financial reports with the SEC's objectives of comparability, transparency, and GAAP compliance.

Extensible Business Reporting Language (XBRL) is an XML-based markup language for electronic transmission of business and financial data.With a new mandate from the United States Securities and Exchange Commission (SEC), and official support from European Parliament as well as the governments of Japan and China, XBRL aims to reduce costs through the elimination of time consuming and errorprone human interaction.