Assessing Controls Over Operational Risks

Posted on Oct 26, 2012

“Operational Risks” and “Operational Objectives” have been defined in a number of ways. For example, the COSO Enterprise Risk Management–Integrated Framework talks about Operational Objectives as relating to the “effective and efficient use of its resources.” The latest draft of the COSO Internal Control–Integrated Framework (ICF) has somewhat longer language: “Operational Objectives… pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.” 

continue reading...

Assessing Internal Controls Over Compliance Risks

Posted on Oct 23, 2012

The major focus of discussions around internal control for the last several years has been on internal control over financial reporting (ICFR), especially for SOX compliance purposes. 

continue reading...

How to Assess the System of Internal Control

Posted on Oct 18, 2012

I am in the process of reviewing and commenting on the latest set of draft guidance from COSO. (You may have seen my post on their SOX guidance; I am still waiting for someone to tell me that I am wrong in my assessment). 

continue reading...

COSO Does Not Provide Quality Guidance for SOX

Posted on Oct 15, 2012

As part of a new set of draft guidance, including an update to the Internal Controls Framework that I will review later, COSO has published (also in draft, for comment) Internal Control over External Financial Reporting: A Compendium of Approaches and Examples

continue reading...

Benchmarking the Hotline

Posted on Oct 9, 2012

A study and report by The Network, 2012 Corporate Governance and Compliance Hotline Benchmarking Report, should be essential reading for everybody responsible for or assessing the performance of their organization’s hotline capability. 

continue reading...

The Transformation of Internal Audit

Posted on Oct 4, 2012

Two individuals I respect collaborated on an article with this title in the August issue of the CPA Journal (see page 32). Gaurav Kapoor is the CEO of GRC software vendor MetricStream and Michael Brozzetti is the CEO of Boundless LLC, an internal audit and risk advisory firm. 

continue reading...

Internal Auditors Negligent in Use of Technology

Posted on Oct 1, 2012

For many years, Jim Kaplan’s AuditNet has been a wonderful source of audit programs and more. In fact, Jim was presented with the Bradford Cadmus Memorial Award in 2007 for his contribution to the profession. 

continue reading...