Transforming Internal Audit Through Critical Thinking

Posted on Mar 15, 2014

Congratulations to KPMG for taking on this topic in a new publication (PDF)! I have been a big believer in the need for internal auditors to become better at using their native assets, writing about using their eyes, ears, and the space in between.

continue reading...

What Are the Characteristics of a World-class Risk Management Function?

Posted on Mar 8, 2014

In a short video, Watson Wyatt’s ERM Services Leader asserts that these are the characteristics of a world-class risk management function. 

continue reading...

Deloitte and the Risk-Intelligent Chief Audit Executive

Posted on Mar 1, 2014

The latest addition to the excellent Risk Intelligent series from Deloitte talks about how the head of the internal audit function (chief audit executive or CAE) can be a driver of risk excellence within an organization. 

continue reading...

Deloitte Suggests Finance Needs to Consider Risk in Planning, Forecasting, and More

Posted on Feb 22, 2014

A new piece from Deloitte, FP&A: What’s risk got to do with it?, addresses a topic I have been pushing for quite as well — although not as well as I should have.

continue reading...

A Review of Recent PwC Reports on Boards, Audit Committees, and Governance

Posted on Feb 15, 2014

PwC has published the results of their Annual Corporate Directors Survey (PDF). I recommend a read of the report and have selected a few important points for comment.

continue reading...

Congratulations to PCAOB for New SOX Guidance

Posted on Feb 10, 2014

In my SOX Master Classes and elsewhere I hear that the external audit firms are saying the PCAOB has issued new and more demanding Sarbanes-Oxley guidance. They are telling companies that both management and auditors have to do more work and fees have to rise accordingly.

continue reading...

Misunderstanding Risk and Controls

Posted on Feb 1, 2014

Time and again I hear that risk management is seen as something that is required by the regulators, perhaps by the board or top management, but is not seen as something that helps individual managers succeed. 

continue reading...

The Academy for Creative Auditing

Posted on Jan 25, 2014

Some years ago, while I was CAE at Tosco, I started an "Academy for Creative Auditing." It never got off the ground because the company was acquired and I left for new pastures. But the idea still holds true: that if we, as leaders or users of internal audit services, are to get the best out of internal audit managers and staff we need them to use their imagination and creativity, not just their technical skills.

 
continue reading...

A Danger to Every SOX Program

Posted on Jan 18, 2014

I am starting to hear that people are adding a fair number of key controls to the existing scope of their Sarbanes-Oxley program. This should sound the alarm, as most of us had spent a fair amount of time over the last few years streamlining the program.

continue reading...

Verizon Report Shares Insights After Analyzing 47,000 Data Breaches

Posted on Dec 14, 2013

Verizon’s 2013 Data Breach Investigations Report analyzes thousands of 2012 incidents, using data supplied from a variety of partners (including police and other agencies in Holland, Malaysia, Australia, Denmark, Spain, Ireland, and the United States). They were limited to data breaches reported to third parties. The 47,000 incidents led to 621 actual data breaches. 

continue reading...