The New COSO Framework – Read Our Updated FAQs, Listen to Our Webinar

Update (10/6/2013) — A quick follow-up to this post: Anyone interested in more information can catch me on a live FEI webcast on October 17, during which I’ll discuss the COSO control environment – here’s a link for details:

Following up on my June 26 post about the 2013 COSO Internal Control – Integrated Framework, Protiviti has published a second edition of our guide, The Updated COSO Internal Control Framework: Frequently Asked Questions. Our new edition includes more than a dozen new questions as well as updates to existing answers.

This guide addresses various questions about the New Framework, including the reasons why it was updated; what has changed; the process for transitioning to its use; and steps companies should take now.
Additional commentary in the second edition includes, but isn’t limited to, the following:
– The SEC’s position on transitioning to the New Framework
– When to apply the New Framework for purposes of complying with Section 302 of
– If the 2013 New Framework will affect the way companies evaluate their controls over technology
– The level of effort required to map the 17 principles to the existing controls
– What to communicate to the audit committee Continue reading

Using the WEF 12 Pillars to Evaluate Global and Country Risk

Wearing my hat as a global management consultant specializing in corporate governance and risk management, I look forward to two reports in particular from the World Economic Forum (WEF). One of those reports is the WEF‘s Annual Global Competitiveness Index (GCI). This massive tome, weighing in at more than 500 pages, ranks 148 countries, benchmarking the world’s economy using 100 factors.

Over the years, I’ve come to see this report as a kind of global risk and opportunity yearbook presenting pictures of economies in all stages of development, from the awkward adolescence of emerging economies like Chad and Burundi to the sophisticated elegance of Switzerland – the country dubbed “most competitive” for five consecutive years. The contrasting of various countries has always been fascinating to me as I have done business in 30 countries and been blessed to visit many others for pleasure. Continue reading

Assessing the Business and Market Risks of a Potential U.S. Attack on Syria

As the warm hope of an Arab spring has given way to the cold chill of a Syrian fall, global executives are weighing the business implications of Syrian President Bashar Assad’s chemical arsenal and punitive actions that are being considered, including, despite recent overtures for a diplomatic solution, the very real possibility of a U.S. attack to degrade Assad’s capability to make war.

Risk assessments fluctuate daily as sabers rattle, diplomats negotiate and countries posture. Setting aside politics and diplomacy, I want to look at the situation from a purely business perspective, through the eyes of business executives from around the globe.

Syria has, for some time, ranked as a bad business bet. Even before the current standoff, Coface, a French global credit insurer that rates the business climate in 158 countries, gave the country its lowest rating. Among the problems: poor company transparency, red tape, nepotism, corruption, a shortage of skilled labor and the absence of a consistent framework for direct foreign investment. Continue reading

Addressing our Nation’s Cybersecurity – NIST Releases Proposed Framework

Protiviti just published an interesting Flash Report about cybersecurity measures for critical infrastructure in the United States. Our report stems from a preliminary cybersecurity draft framework that the National Institute of Standards and Technology (NIST) released last month for comment. NIST developed this framework in response to an Executive Order from President Obama calling for increased cybersecurity of our nation’s infrastructure , followed up by numerous workshop discussions and other stakeholder engagement activities conducted by NIST to solicit feedback and recommendations.

As detailed in our Flash Report, NIST’s preliminary cybersecurity draft framework includes three Continue reading