Reflections on the Economist Intelligence Unit's Report on Risk Management

Posted on Nov 29, 2010

Fall Guys: Risk Management in the front line, is an interesting read. Here are a few highlights and observations (the bolded highlights are mine):

continue reading...

Is There Value in the Term "GRC"?

Posted on Nov 22, 2010

I have blogged frequently about the concept of GRC, the definition I use (from OCEG), and why I believe there is value. For example, there was a lot of discussion here.

continue reading...

Assessing the Risk Management Program

Posted on Nov 22, 2010

The IIA Standards require that internal audit functions assess the adequacy of risk management programs (see here for a related post). But how do you do that?

continue reading...

Do All Your Audit Activities Add Value?

Posted on Nov 16, 2010

Following on the post about a strategic plan for internal audit, I believe that the CAE and her management team should periodically perform a self-examination to ensure every activity is value add.

continue reading...

A Strategic Plan for Internal Audit

Posted on Nov 10, 2010

Over the years, I have built internal audit departments from scratch. I have also re-engineered existing functions in response to requests from the board and executive level to “take internal audit to the next level.”

continue reading...

Is Internal Audit Meeting the Challenge? Perhaps Not!

Posted on Nov 2, 2010

EY has just released an important study on Internal Audit’s Evolving Role. I strongly recommend a careful read, then separate discussions with your top executives and audit committee members.

continue reading...