20 Questions Businesses Should Ask About Privacy

Privacy has become a significant business risk to organizations that collect, use, retain and disclose personally identifiable information about customers and employees. As a result, business owners, board members and executive management need to assess whether their handling of personally identifiable information complies with numerous privacy laws and regulations. To provide guidance, the AICPA issued a Business Brief on April 10, 2012 called 20 Questions Businesses Should Ask About Privacy. It was prepared by Nancy Cohen, CPA.CITP, CIPP, CGMA, Senior Technical Manager, AICPA Member Specialization & Credentialing.

The questions contained in that Brief were adapted from the guidance booklet, 20 Questions BusinessesShould Ask About Privacy previously published by the Canadian Institute of Chartered Accountants (CICA). They are key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.

Does your Annual Report tell your whole value creation story?

According to recent KPMG guidance: “There is growing recognition that the range of issues and opportunities affecting long term business value is much broader than can be reflected in a set of current year financial measures. Annual Reports need to reflect this if they are to support investors’ capital allocation decisions effectively.”

The guidance also notes that: “Integrated Reporting provides a basis to address this by refocusing reporting around an organisation’s business model and operational priorities. The aim is to reflect the critical opportunities and challenges that affect the business - the same issues that management are dealing with on a daily basis within the organisation. Although designed to support the preparation of dedicated Integrated Reports, this approach can be applied by any company preparing an Annual Report - and indeed to other elements of corporate reporting.”

It concludes that: “For executives frustrated by apparent investor short-termism, this is an opportunity to provide a more complete picture of value, how it’s shaped by current and future events, and explain what management is doing to create and preserve it.” To learn more, read the KPMG’s guidance, Does your Annual Report tell your whole value creation story?

Top Technology Initiatives for 2012

Advances in information technology have empowered everyone to access and manage information anywhere at anytime. Although there are significant benefits that technology makes possible, such as greater flexibility, efficiency and productivity, there are also concerns with increased risks to information security. This was evident from the 2012 Top Technology Initiatives Survey of the American Institute of Certified Public Accountants (AICPA).


The survey found that securing the IT environment is this year’s top business technology priority. It also measured the confidence level in achieving technology priorities. For example, a large number of the survey respondents said they were confident that their organizations (or their clients’ organizations) have taken the actions necessary to secure the IT environment. However, respondents were the least confident with the following two aspects of IT Security: (1) Protecting all mobile devices (laptops, tablets, mobile phones, etc.) to prevent a data breach; and (2) Ensuring that data will be safe in the event of a cyber-attack or mobile device loss.

For more information, read the AICPA 2012 Top Technology Initiatives Survey Results. Also refer to the Top Technology Initiatives Archive.