Risk and Control Issues Commonly Overlooked by Internal Auditing 2: The adequacy of risk management

Posted on May 31, 2010

This is the second in my series on topics that are generally significant to the business, but are too often not addressed in the internal audit plan.

continue reading...

Risk and Control Issues Commonly Overlooked by Internal Auditing 1: Information required to run the business

Posted on May 26, 2010

Today I am starting a series where I discuss risk and control issues of potential significance that are often overlooked by internal audit. These are issues that, for whatever reason, are not considered and therefore not included in the audit plan.

continue reading...

Washington Mutual Dissected - Deficient Risk Management, Controls, and More

Posted on May 18, 2010

A May 18th article in Compliance Week by Rick Steinberg (former PwC partner who was the lead partner on the development of the COSO internal controls framework) doesn’t mince any words when it comes to practices at Washington Mutual (WaMu). He believes, and his points are cogent, that WaMu “created such a toxic environment for itself, one so bad that you have to wonder how anyone within the organization could survive, and whether any amount of help—oxygen, liquidity, or otherwise—could have saved the company.”

continue reading...

Are You Thinking About the Impact of Social Media on Risks at Your Company?

Posted on May 17, 2010

Watch and listen to this, then answer these questions:

continue reading...

A Useful Framework for Assessing Your Risk Management Program

Posted on May 15, 2010

I have been reviewing a 2009 document from the UK Treasury department: Risk Management assessment framework: a tool for departments. While it is designed for government agencies, I like a number of things about it.

continue reading...

When the CAE Is the Bearer of Bad News - and Gets Shot in the Process

Posted on May 12, 2010

Too many of my CAE-level (and other senior internal audit leaders) have shared with me stories of how they identified inappropriate activities, reported them to the audit committee, and found themselves out of a job within a year to 18 months.

continue reading...

Reflections on IIA and ISACA: The Lost Opportunities

Posted on May 10, 2010

ISACA has issued for comment an excellent draft on "Controls Monitoring and IT." Information on how to download it, and my comments on the document, are here.

continue reading...

Does Internal Auditing Spend Too Much Time Auditing for Fraud?

Posted on May 3, 2010

Fraud is a major area of focus for some internal audit departments. They use data analytics for fraud prevention, and sometimes that is all they use data analytics for. When the potential for fraud is identified quickly put a team together to investigate.

continue reading...