Advisory Services

  • Share

Insights on governance, risk and compliance

Insights on governance, risk and compliance is an ongoing series of thought leadership reports focused on IT and business risk and its many related challenges and opportunities. These timely and topical publications are designed to help you understand the issues and provide you with valuable insights about our perspective.

Advisory library

Title Topic Date
Path to cyber resilience: Sense, resist, react Our 19th Global Information Security Survey shows increased focus and investment in the corporate shield. But organizations need more to be resilient to cyber attacks. 20150301December 2016
EY managed software security services With an enterprise-scale, bespoke service that drives business value and supports accelerated software development methodologies our managed software security services aims to reduce the total cost of development and generate a positive return on investment by helping eliminate vulnerabilities early in the development process. 20150301November 2016
Incident response: Preparing for and responding to a cyber attack It’s not a crime to be attacked; you can’t stop being a target. It’s not a crime even to be breached; threats come from many directions and are highly sophisticated. The real problem is not realizing you’ve been breached, and failing to react in a planned and coordinated manner. 20150301November 2016
How can strategy be better embedded in strategic transactions? Internal Audit should be involved in every strategic transaction. See how IA can provide valuable business insights during mergers, acquisitions, divestments, joint ventures and alliances. 20150301July 2016
When is privacy not something to keep quiet about? New European Union privacy rules are on the way. The EU's General Data Protection Regulation (GDPR) puts the onus of privacy protection where it should be — in thehands of the entities collecting, storing, analyzing and managing personally identifiable information. 20150301June 2016
A closer look at cyber threat intelligence In the present cybersecurity landscape, it’s not possible to prevent all attacks or breaches. How do you find the criminals before they commit the cybercrime? 20150301March 2016
Privacy trends 2016: Can privacy really be protected anymore? Organizations need to take decisive action to develop and enhance privacy management. Look beyond ad hoc policies and toward fully-accountable, certified and trusted privacy programs. 20150301February 2016
Enhancing your security operations with Active Defense Cyber attackers are targeting your most critical assets. Learn how an Active Defense can identify and help eradicate hidden threats. 20150301January 2016
Global Information Security Survey 2015 Our annual survey finds that organizations still have a long journey toward cybersecurity protection. Learn how we help them create trust in the digital world. 20150301November 2015
Using cyber analytics to help you get on top of cybercrime: Third-generation Security Operations Centers In an increasingly online world, securing an organization's digital assets is a key business concern. Can using cyber analytics help you stay ahead of cybercrime? 20150301November 2015
There's no risk without reward: GRC survey 2015 Our global governance, risk and compliance survey shows organizations need to think about, manage and respond to risk differently. Learn how to become more risk-aware. 20150301August 2015
Predicting project risks improves success CIOs claim that only 35% of projects are successful. Learn how predictive analytics provides the insight to unlock the value of your program investments. 20150301July 2015
Building confidence in executing IT programs Growth in IT investments is expected to continue. Learn how proactive program risk management provides confidence in achieving program success. 20150301July 2015
Portfolio management transformation Today's economy is increasingly competitive. Learn how to effectively screen and align your program portfolio with strategic objectives. 20150301July 2015
Unlocking the value of your program investments Successfully executing innovative projects will drive competitive advantage. Predictive program risk management (PRM) throughout the entire program life cycle is required to achieve a successful outcome. 20150301March 2015
Internal Audit: assessing performance measurement with metrics Organizations that regularly evaluate metrics are much more likely to implement the right ones. How can the insights of Internal Audit help? 20150301March 2015
Achieving resilience in the cyber ecosystem Is your organization cyber resilient? How can you achieve sustainable, resilient operations for the future? 20141028December 2014
Internal Audit: harnessing the power of analytics Internal Audit must integrate analytics and big data into its process to keep pace not only with the business, but also with the organization's competitors. 20141110November 2014
Global Information Security Survey 2014 - Get ahead of cybercrime Our annual survey finds organizations are still unprepared for inevitable cyber attacks. Learn how to get ahead of cybercrime. 20141028October 2014
Security Operations Centers — helping you get ahead of cybercrime A well-functioning Security Operations Center (SOC) can form the heart of effective cyber attack detection. We present 10 considerations for success. 20131310October 2014
Cyber program management: identifying ways to get ahead of cybercrime We help board members and C-level decision-makers understand the relationship between your responsibility, the scale of cyber threat, and a suggested approach that's sharply focused on your business structure, culture and risks. 20131310October 2014
Improve business performance: transform your GRC program Governance, risk and compliance programs must continually reassess how to meet strategic objectives. Is your organization's GRC function still struggling to provide the expected value? 20140811August 2014
Step up to the challenge: Helping IA keep pace with a volatile risk landscape Internal Audit needs to identify and focus on the risks that matter most. We discuss seven areas that are top of mind for stakeholders. 20140811August 2014
Strong risk management practices and Internal Audit capabilities as drivers for growth The right controls and processes are essential for sustainable growth. IA and other risk management functions can help organizations design their controls appropriately, cover risks and drive value. 20140811August 2014
Maximizing the value of a data protection program Any organization can be victimized by data loss events. Is your program aligned to protect the data that matters most? 20140704July 2014
Building trust in the cloud Rapid escalation of cloud services creates risk. Use our Cloud Trust Model to balance those risks with the value the cloud provides to your organization. 20140630June 2014
Expecting more from risk management Do you need better alignment between risk and key business processes? See how to enhance value by embedding risk into the "rhythm of the business." 20140616June 2014
Big data: changing the way businesses operate Do you have the capability to analyze vast amounts of information? We explore the benefits and risks of using big data to enhance business operations. 20140515April 2014
What's the future of Risk, Control and Compliance? Centralized operating models represent an opportunity to manage risk more effectively and drive down cost. Have you kept pace with the rest of your business? 20131310February 2014
Privacy trends 2014: privacy protection in the age of technology Technology innovation continues to accelerate, and today's privacy regulations are falling behind. We help guide you through the innovation needed for privacy issues in 2014. 20131310January 2014
Maximizing value from your lines of defense Many companies have a renewed focus on effective risk management. We present a pragmatic approach to establishing and optimizing your lines of defense (LOD) model. 20131310December 2013
Under cyber attack: Global Information Security Survey 2013 As the pace of technology evolution accelerates, so do cyber risks. Find out how organizations are addressing current threats – and those on the horizon. 20131310October 2013
Bring your own device: security and risk in mobile device programs Employers need to control the use of personal mobile devices for conducting work. BYOD policies help improve productivity, enable new business and satisfy employees' needs. 20131310September 2013
Matching Internal Audit talent to business needs: key findings from the Global Internal Audit Survey 2013 Corporate leaders are demanding that IA improve visibility and deliver lasting value. Our Global Internal Audit Survey finds that most IA functions currently lack the specialist skills and competencies to provide strategic business insights and anticipate traditional and emerging risks. 20131307July 2013
Identity and access management: beyond compliance Compliance is still crucial for identity and access management initiatives, but IAM is evolving into a risk-based program. Learn about this foundation of information security. 20130506June 2013
Internal audit's role in strategic transactions During M&A and divestitures, internal audit provides a critical perspective – assessing and monitoring program management, reviewing controls and providing insights while maintaining independence and objectivity. 20130506May 2013
Lessons from change: Key findings from EY's 2012 Financial Services Supplier Risk Survey EY's third annual supplier risk management survey offers the latest insights into SRM programs 20130406April 2013
Unlocking the power of SAP's governance, risk and compliance technology A robust GRC technology solution can act as assurance for the entire organization. Learn about the solutions of SAP. 20130301March 2013
Smart Control: reducing cost, enabling growth and keeping the business safe Balancing value, cost and risk in processes and controls helps create a competitive advantage. Becoming streamlined helps you anticipate and respond to changes.20120131January 2013
Privacy Trends 2013: the uphill climb continues Digital technology is transforming businesses, creating not only opportunities but also privacy risk and responsibilities. Are organizations and regulators doing enough to safeguard sensitive information?20120131January 2013
Integrated governance: effective business continuity management Integration between business and IT is critical to business continuity and disaster recovery success. Is your organization able to effectively respond to and manage risks?20120131November 2012
2012 Global Information Security Survey: fighting to close the gap As the speed and complexity of change accelerates, the gap in your information security program grows. Is your organization doing enough to close the gap?20120131November 2012
Strategy deployment through portfolio management A risk-based portfolio management approach forces organizations to focus on projects that matter and helps manage the risk of their transformation in an integrated way.20120131September 2012
Ready for takeoff: Preparing for your journey into the cloud Organizations are looking at cloud computing to increase effectiveness of IT initiatives, reduce costs, increase operational flexibility and generate a competitive advantage. Are you prepared? 20131310April 2012
Bringing IT into the fold: enhancing industrial control system security A coordinated, strategic response that addresses the dynamic nature of cybersecurity and the rapidly changing operational technology environment demonstrates responsible risk management.20120131January 2012
Mobile device security: Understanding vulnerabilities and managing risks We explore methods to assess and mitigate the risks related to today's most popular mobile device platforms and technologies. 20131310January 2012
Privacy trends 2012 To achieve greater accountability, many organizations will have to rethink their approach to privacy.20120113January 2012
Attacking the smart gridLearn about the changing landscape in control system architecture and how to perform a penetration test safely and effectively to benefit your organization.20111231December 2011
A path to making privacy countOrganizations are struggling to manage the security and privacy collected information. Privacy protection now needs to be a fundamental component of any IT transformation.20111231October 2011
Data loss prevention: keeping sensitive data out of the public domain The blurry line between work and personal use of data can result in leaks – unintentional or malicious. Learn to identify and address these leaks. 20131310October 2011
Building confidence in IT programs Key issues to blame for IT program failures are often not being properly identified until after they have occurred, and there has never been a better or more important time for organizations to review how they plan, execute and realize benefits from strategic IT programs. 20131310September 2011
The evolving IT risk landscapeFaced with complex and ever-changing layers of risk in a 'world without borders', IT risk programs must expand and adapt to meet new challenges.20110630June 2011
Building control efficiency: rationalization, optimization, redesignIncreased government reporting requirements have forced those responsible for internal controls to do more. Optimize your controls to move past compliance toward improved performance and competitive advantage.20110630April 2011
Countering cyber attacksTraditional information security solutions are not enough to protect against advanced persistent threat attacks. What measures should organizations consider to detect and react to successful cyber attacks?20110630March 2011
Top privacy trends for 2011From cloud computing, social networking and hand-held devices to international regulations and internal governance, this list outlines the top privacy-related concerns for the C-suite.20110630January 2011
Effective software asset managementIn the global push for improved performance, effective software asset management can help reduce license-related expenses, better manage compliance-related risk, and improve overall operating efficiencies.20110630December 2010
A risk-based approach to segregation of duties Read clear guidance on a sound risk-based methodology that integrates IT and financial controls, resulting in an approach that is both manageable and cost effective. 20131310May 2010
Top privacy issues for 2010Every organization faces a number of obligations related to privacy and the protection of personal information. Do you have the right risk management in place?20110630February 2010

Back to the top

Connect with us

Stay connected with us through social media, email alerts or webcasts. Or download our EY Insights app for mobile devices.