Does It Matter if a Control is Preventive or Detective?

Posted on Nov 29, 2012

The traditional answer is an emphatic "Yes!" But times, they are a-changing.

continue reading...

The Challenge of Integrating Risk into Performance

Posted on Nov 26, 2012

If you did a search on this topic, you will find a variety of research reports. 

continue reading...

Risk Management is NOT Just About the Downside

Posted on Nov 20, 2012

My good friend, Michael Rasmussen, and I have had a number of interesting conversations and debates over the last few years. Many have focused on what the term GRC means, with both of us ascribing to the OCEG definition as a capability that enables optimized performance through the management of risk while acting with integrity (my phrasing). Recently, Michael concluded a ‘rant’ (his word) about how the analysts view the so-called GRC market. I recommend it to you at

continue reading...

Important Guidance From the US Department of Justice and SEC About the Foreign Corrupt Practices Act

Posted on Nov 15, 2012

The Department of Justice and the Securities and Exchange Commission have just released A Resource Guide to the U.S. Foreign Corrupt Practices Act (the link is to the Department of Justice’s web site, which summarizes the guidance and has a link to download a PDF of the Resource Guide). 

continue reading...

A Wake-up Call for Audit Committees

Posted on Nov 14, 2012

An article in Compliance WeekPwC Takes Hit in Latest Inspection, Asks PCAOB to Act, should be mandatory reading for every audit committee, whether they have PwC as their auditor or not.

continue reading...

Comments on the Updated COSO Internal Controls Draft

Posted on Nov 9, 2012

I have just submitted my comments. The detailed letter can be downloaded from here.

continue reading...

In Praise of the COSO 1992 Internal Controls Framework

Posted on Nov 6, 2012

I have been a fan of the COSO Internal Control–Integrated Framework since it first appeared in draft. It's not perfect, but there is a great deal for which we should commend the authors (a team from PricewaterhouseCoopers). 

continue reading...