Publications

October 26, 2009
SEC Defers Section 404 Attestation Requirement for Smaller Public Companies for the Last Time (证交会最后一次推迟小型上市公司提交404条款鉴证报告的合规日期)
今天，美国证券交易委员会(简称“证交会”)宣布，最小规模的上市公司(即市值低于7500万美元)必须在未来九个月之内开始遵守《萨班斯-奥克斯利法案》404(b)条款的鉴证要求。根据404(b)条款，外部审计师须就公司的财务报告内部控制的有效性出具审计意见。这是证交会第四次推迟小型上市公司遵守404(b)条款的日期。随附快报就上述内容进行了更详细的阐述，包括关于此次最后一次延期的原因。
CONTENT AREA: Regulatory Updates
TOPICS: Audit Committee & Board, Sarbanes-Oxley Act, PCAOB, Section 404 - Internal Control Reporting, Internal Controls, China

October 26, 2009
Testing Role-based Authorization Controls in Websites
This paper describes a practical approach on how to test websites for flaws in role-based authorization controls. The first two sections discuss the importance of testing these controls and how testing is tied to the business that the Website supports. The rest of the paper outlines the general approach and some specific tools and techniques that can be used.
CONTENT AREA: Articles
TOPICS: Technology, IT Controls, Software, Network & Internet Security

October 19, 2009
Achieving High Performance in Internal Audit
Protiviti and the Institute of Internal Auditors – Australia, conducted research with chief audit executives from over 150 organizations exploring how organizations enable their internal audit function to advance good corporate governance. The research found a significant number of internal audit functions lack the appropriate framework to operate independently and objectively; an excessive level of influence is exercised by executive management over audit committee activities and the oversight and management of the internal audit function; and the majority of internal audit functions are unable to demonstrate compliance with the International Standards for the Professional Practice of Internal Auditing.
CONTENT AREA: Survey Reports
TOPICS: Corporate Governance, Australia, Internal Audit, Audit Committee & Board, Quality Assessment Review, Risk Management & Assessment, Benchmarking, GRC

October 19, 2009
Continental Airlines: “Work Hard. Fly Right.”
Based in Houston, Texas, Continental Airlines is the fourth-largest airline in the United States, with major hubs in Houston, Newark and Cleveland. In this profile, Steve Goepfert, staff vice president of internal audit at Continental, discusses the three most significant company changes and how each impacted internal audit. According to Goepfert, “In times of change, your focus has to be on your people, who can help the company navigate through challenges and are able to keep their eyes on the strategic goals of the company.”
CONTENT AREA: Performer Profiles
TOPICS: Airline Industry, Internal Audit, Audit Committee & Board, Risk Management & Assessment, Change Management, Performance Management/Measurement, GRC

October 19, 2009
Integrating Fraud Considerations Into the Assessment
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions concerning integrating fraud considerations into the Section 404 assessment. Some topics covered are: What is the scope of an anti-fraud program and controls? How are fraud risks assessed? And, how should management get started with integrating fraud considerations into the Section 404 assessment?
CONTENT AREA: Questions & Answers
TOPICS: Sarbanes-Oxley Act, Risk Management & Assessment, Section 404 - Internal Control Reporting, Ethics, Fraud, Internal Controls, GRC

October 19, 2009
Public Company Readiness: Getting Ready for Prime Time – Before the Market Does (为上市做好准备：厚积薄发，抢占先机)
随着美国IPO（首次公开招股）市场近期已有回暖迹象，公司在着重开发新产品、提高收入及降低成本的同时，务必密切关注相关的业务及信息技术流程、政策及内部控制。这种经营方式近似于一家管理完善的上市公司。本文将重点讨论IPO就绪准备计划，包括开展就绪工作评估的必要性和管理层必须关注的具体领域，例如，常见的财务报告问题、关账流程、《萨班斯－奥克斯利法案》合规，以及信息技术基础设施等。
CONTENT AREA: Newsletters
TOPICS: Close the Books, Financial Reporting, IT Infrastructure, Internal Audit, Audit Committee & Board, Internal Audit Administration, Self-Assessment, Sarbanes-Oxley Act, Internal Controls, China

October 19, 2009
The New ISACA Risk IT Framework and Best Practice: Filling a Gap, Making Risk Management Easier and More Effective
ISACA’s Risk IT Framework, based on the COBIT® framework and best practice guidance, was recently released after 18 months of work by an international task force with members from five countries. Risk IT extends and unifies the risk management content in COBIT® and Val ITTM.
CONTENT AREA: Articles
TOPICS: Technology, IT Audit, IT Infrastructure, Enterprise Risk Management, Best Practices, GRC

October 12, 2009
7 Things You Need to Know About Development Project Estimations
There are various aspects that affect project estimates, such as team skills and experience levels, available technology, use of full-time or part-time resources, project quality management, risks, iteration, development environment, requirements, and most of all, the level of commitment of all project members. Moreover, project estimations should not be too complicated. Here is a list of seven tools, methodologies, and best practices that can help project management teams, from sponsors to project managers, agree on estimates and push development efforts forward.
CONTENT AREA: Articles
TOPICS: Budgeting, Software, Project Management, Training & Development

October 12, 2009
Improving Internal Audit Through Technology
A number of studies show that internal audit functions are looking more seriously at technology as a way to improve productivity and the organization’s risk management process. The reality is that internal audit cannot successfully meet all looming expectations and perform at a new level without doing things differently and technology – or, more accurately, the very efficient and effective use of technology – is essential for internal audit to succeed in its evolving mandate. This article discusses how to start integrating technology into the audit process, sell its value proposition to executive management, and overcome the related challenges.
CONTENT AREA: Articles
TOPICS: Technology, IT Controls, Internal Audit, Continuous Auditing, IT Audit, Risk Management & Assessment, GRC

October 12, 2009
SEC Defers Section 404 Attestation Requirement for Smaller Public Companies for the Last Time
Today, the SEC announced that the smallest public companies (those companies with a public float below $75 million) will begin complying in nine months with the attestation requirements of Section 404(b) of the Sarbanes-Oxley legislation. Under Section 404(b), the companies’ auditors are required to issue an opinion about the effectiveness of the audit client’s internal control over financial reporting (ICFR). This is the fourth extension of Section 404(b) for smaller public companies. This Flash Report adds more specifics to the above discussion, including how we know that this is the last extension.
CONTENT AREA: Regulatory Updates
TOPICS: Audit Committee & Board, Sarbanes-Oxley Act, PCAOB, Section 404 - Internal Control Reporting, Internal Controls