“Operational Risks” and “Operational Objectives” have been defined in a number of ways. For example, the COSO Enterprise Risk Management–Integrated Framework talks about Operational Objectives as relating to the “effective and efficient use of its resources.” The latest draft of the COSO Internal Control–Integrated Framework (ICF) has somewhat longer language: “Operational Objectives… pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.” 

The major focus of discussions around internal control for the last several years has been on internal control over financial reporting (ICFR), especially for SOX compliance purposes. 

I am in the process of reviewing and commenting on the latest set of draft guidance from COSO. (You may have seen my post on their SOX guidance; I am still waiting for someone to tell me that I am wrong in my assessment). 

As part of a new set of draft guidance, including an update to the Internal Controls Framework that I will review later, COSO has published (also in draft, for comment) Internal Control over External Financial Reporting: A Compendium of Approaches and Examples. 

A study and report by The Network, 2012 Corporate Governance and Compliance Hotline Benchmarking Report, should be essential reading for everybody responsible for or assessing the performance of their organization’s hotline capability. 

Two individuals I respect collaborated on an article with this title in the August issue of the CPA Journal (see page 32). Gaurav Kapoor is the CEO of GRC software vendor MetricStream and Michael Brozzetti is the CEO of Boundless LLC, an internal audit and risk advisory firm. 

For many years, Jim Kaplan’s AuditNet has been a wonderful source of audit programs and more. In fact, Jim was presented with the Bradford Cadmus Memorial Award in 2007 for his contribution to the profession.