I strongly recommend viewing Denny Beran's video. Denny is a good man, who has been involved in internal auditing and our profession for decades — yet has managed to remain energetic and vibrant in his love for his chosen line of work. It is remarkable that someone who could be accused of being an 'old timer' is actually very much a forward thinker. This is very evident in his message.

Corporate Governance Matters: A Closer Look at Organizational Choices and Their Consequences is a book by David Larcker and Brian Tayan. I found this excerpt interesting and worthy of discussion.

Whether you believe the Murdochs, Rupert and James, knew about the alleged bribes and hacking or not, it seems clear that News Corporation would have benefited from a strong, independent internal audit function that assessed and reported on the corporate culture to the board.

In a recent discussion in a network group, an experienced practitioner advocated focusing on a value-add approach to internal audit rather than one that is risk-based. I can understand the desire to demonstrate value through internal audit activities.

When I first read the Accenture 2011 Global Risk Management Study I was shocked. It seemed to say what nobody else, nor my personal experiences talking to hundreds of companies around the world, was indicating: that there had been a tectonic, positive shift in risk management practices and philosophy.

As CAE, I have frequently helped the audit committee with their assessment of the external auditor’s performance. While some boards treat this as a perfunctory task, reappointing the auditors without much analysis or discussion, I don’t concur with that approach. Why not? I have seen external audit teams that were poor performers.

COBIT has been, without doubt, the dominant resource for IT audit professionals and others when it comes to IT controls and security. In addition, the guidance on IT governance from the IT Governance Institute (an arm of ISACA) has been excellent, as has been the RiskIT framework from ISACA.