Internal Audit and SOX. Lessons From the 2011 Protiviti SOX Compliance Survey

Posted on Jun 27, 2011

My thanks to Bob Hirth for sharing a copy of this survey. I remember his smile when he said that he knew I didn’t always agree with Protiviti’s views, and maybe he anticipated that my comments (in this blog) would not be entirely favorable. He would have been right.

continue reading...

Risk and Control Issues Commonly Overlooked by Internal Audit 6: The Audit Committee

Posted on Jun 21, 2011

Last year, I started a series of posts on "risk and control issues commonly overlooked by management."

continue reading...

Explaining GRC Through Pictures and Sound

Posted on Jun 17, 2011

The only GRC "strategy" I can relate to is one that recognizes that we are not talking about new processes, or a new organization called GRC. We are talking about getting the various parts of an organization to work together.

continue reading...

A Response to a Prior Guest Blog on GRC

Posted on Jun 13, 2011

Last October, I hosted a guest blog by two risk practitioners on GRC. They made a large number of comments about what is wrong with GRC and have asked for my response.

continue reading...

What Is the Relationship Between Governance, ERM, and Internal Controls?

Posted on Jun 12, 2011

This question comes up quite a lot in discussions. Are they separate, or are they somehow inter-related with fuzzy borders?

continue reading...

Maybe We Should Redefine the Purpose of Internal Auditing

Posted on Jun 10, 2011

This morning, I was replying to a comment in LinkedIn's Chief Audit Executive's group (those interested in internal auditing should be members of the IIA group, and those in IA management should be in the CAE group) when it struck me that a redefinition of internal auditing might be useful.

continue reading...

Internal Auditors Should Understand the UK Bribery Act Even If They Are Not in the UK

Posted on Jun 6, 2011

Auditors should understand that companies are subject to the provisions of the UK Bribery Act if they have operations in the UK or their employees or agents have significant ties to the UK.

continue reading...

Do Internal Auditors Deserve a Seat at the Table?

Posted on Jun 6, 2011

The 1999 definition of internal auditing says it is about providing assurance (and consulting services) on the organization's governance, risk management, and related internal controls. If we don't provide that assurance, what are we doing?

continue reading...

SEC Whistleblower Rules and Internal Auditors

Posted on Jun 2, 2011

Now that the SEC has approved the rules, with a few surprises, it is important for every internal auditor to understand them. They can impact not only the way in which people can report potential wrongdoing, but also the mindsets of management and employees.

continue reading...