20 Questions Businesses Should Ask About Privacy

Privacy has become a significant business risk to organizations that collect, use, retain and disclose personally identifiable information about customers and employees. As a result, business owners, board members and executive management need to assess whether their handling of personally identifiable information complies with numerous privacy laws and regulations. To provide guidance, the AICPA issued a Business Brief on April 10, 2012 called 20 Questions Businesses Should Ask About Privacy. It was prepared by Nancy Cohen, CPA.CITP, CIPP, CGMA, Senior Technical Manager, AICPA Member Specialization & Credentialing.

The questions contained in that Brief were adapted from the guidance booklet, 20 Questions BusinessesShould Ask About Privacy previously published by the Canadian Institute of Chartered Accountants (CICA). They are key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.

Does your Annual Report tell your whole value creation story?

According to recent KPMG guidance: “There is growing recognition that the range of issues and opportunities affecting long term business value is much broader than can be reflected in a set of current year financial measures. Annual Reports need to reflect this if they are to support investors’ capital allocation decisions effectively.”

The guidance also notes that: “Integrated Reporting provides a basis to address this by refocusing reporting around an organisation’s business model and operational priorities. The aim is to reflect the critical opportunities and challenges that affect the business - the same issues that management are dealing with on a daily basis within the organisation. Although designed to support the preparation of dedicated Integrated Reports, this approach can be applied by any company preparing an Annual Report - and indeed to other elements of corporate reporting.”

It concludes that: “For executives frustrated by apparent investor short-termism, this is an opportunity to provide a more complete picture of value, how it’s shaped by current and future events, and explain what management is doing to create and preserve it.” To learn more, read the KPMG’s guidance, Does your Annual Report tell your whole value creation story?

Top Technology Initiatives for 2012

Advances in information technology have empowered everyone to access and manage information anywhere at anytime. Although there are significant benefits that technology makes possible, such as greater flexibility, efficiency and productivity, there are also concerns with increased risks to information security. This was evident from the 2012 Top Technology Initiatives Survey of the American Institute of Certified Public Accountants (AICPA).


The survey found that securing the IT environment is this year’s top business technology priority. It also measured the confidence level in achieving technology priorities. For example, a large number of the survey respondents said they were confident that their organizations (or their clients’ organizations) have taken the actions necessary to secure the IT environment. However, respondents were the least confident with the following two aspects of IT Security: (1) Protecting all mobile devices (laptops, tablets, mobile phones, etc.) to prevent a data breach; and (2) Ensuring that data will be safe in the event of a cyber-attack or mobile device loss.

For more information, read the AICPA 2012 Top Technology Initiatives Survey Results. Also refer to the Top Technology Initiatives Archive.

Cutting Clutter from Annual Reports

Recently, there has been a drive to cut clutter from annual reports to help users find the information they need and to avoid wasted time for preparers. One impetus comes from the UK Financial Reporting Council (FRC) and the Accounting Standards Board (ASB) report, Cutting clutter: Combating clutter in annual reports, published in 2011. The report defines clutter as “immaterial disclosures that inhibit the ability to identify and understand relevant information,” and “explanatory information that remains unchanged from year to year.”

As the report explains, “Clutter makes it more difficult for users to assess a company’s progress by obscuring relevant information. Due to the time and effort involved in preparing such disclosures, clutter is also a big issue for preparers.” To encourage change, the report includes two short behavioural aids for use by teams preparing and reviewing annual reports. These highlight key questions to consider at the planning phase and during subsequent review. The FRC and the ASB have also developed three disclosure aids – covering governance, accounting policies and share-based payments – to demonstrate what these key areas of the annual report could look like without the clutter.

Integrated Reporting practices of 100 JSE-listed companies

Deloitte has released its second quarterly report on the state of Integrated Reporting in South Africa. The report is called Integrated Reporting – Navigating your way to a truly Integrated Report. It reveals that Integrated Reporting standards have been adopted by more than half of South Africa’s listed companies. Although it is now necessary for these JSE-listed companies to include a statement of compliance with the principles set out in the King Code on Governance Principles (King III) in their annual reports, many companies are still scoring surprisingly low on corporate governance matters.

The publication (which applies to all members of the C-Suite) was prepared by the Deloitte Integrated Reporting and Sustainability team. It contains the key findings of the empirical research conducted on 100 companies listed on the Johannesburg Stock Exchange. The analysis covered 7 subjects, 58 principles and 160 questions seeking to assess actual performance against good practice. The publication includes practical observations on certain topical subjects which appear to be a challenge for companies.