PCAOB Issues New Guidance on Sarbanes-Oxley

Posted on Oct 29, 2013

The headlines may have caught the fact that the PCAOB, in an October 24th Staff Practice Alert: Considerations for Audits of Internal Control over Financial Reporting (ICFR) (PDF), reported a significant number of deficiencies in the work performed by the external auditors. (One of the better reviews is by AccountingWeb.) Although the reference to the number (15%) of engagements with key deficiencies is from a December 2012 report, the implication is that the issue remains today so the PCAOB has issued additional guidance to the firms. 

continue reading...

Why Internal Audit Must Assess and Provide Assurance Over the Management of Risk

Posted on Oct 17, 2013

It is heartening to see more and more organizations requiring their internal audit departments to assess and provide an opinion on the effectiveness of risk management — or, using my preferred language, the management of risk by the organization. 

continue reading...

Accenture Reports Good News for Risk Management but Misses a Key Point

Posted on Oct 13, 2013

Accenture’s 2013 Global Risk Management Study (PDF) starts with a great subtitle: “Risk management for an era of greater uncertainty.” I love this play on words: we live in uncertain times, and risk management is all about addressing the uncertainty between us and our objectives (as the esteemed Felix Kloman says, risk management helps us “pierce the fog of uncertainty”). As ISO 31000 tells us, risk is the effect of uncertainty on objectives. 

continue reading...

Audit Committees Should Discipline the Auditors More Often

Posted on Oct 7, 2013

The audit committee of the board has oversight responsibilities for the external auditor: their appointment and compensation. With this comes the responsibility to ensure they perform a quality audit, and to fire them if they don’t. 

continue reading...

How Not to Get Fined $200 million by the SEC for SOX the Way JPMorgan Chase Was

Posted on Sep 30, 2013

You need to read the SEC order (PDF) that details the facts, admitted by JP Morgan Chase, behind its US $200 million fine. 

continue reading...

A Metaphor for the Role of Internal Audit

Posted on Sep 23, 2013

Let’s put the existing (1999) definition of internal audit aside for a moment. A lot of thought went into the choice of language and there is a lot of meaning in every phrase. But, sometimes, it is easy to focus on that language and lose sight of the bigger picture. 

continue reading...

Is Your Company Too Risk Averse About Big Data?

Posted on Sep 17, 2013

It is easy for governance, risk, and audit practitioners to worry about privacy and other risks to the extent that they become a negative influence on their company. Their fear can inhibit an organization from seizing the opportunities presented by what is called “Big Data.” 

continue reading...

New Guidance From Protiviti on the COSO 2013 Update

Posted on Sep 12, 2013

Protiviti has updated their The Updated COSO Internal Control Framework: Frequently Asked Questions. I congratulate their continuing efforts to explain topics like this; the format of Frequently Asked Questions (FAQ) is excellent.

continue reading...

Deloitte Talks About Risk-adjusted Forecasting and Planning

Posted on Sep 9, 2013

A recent Risk Angles issue from Deloitte, Five Questions on Risk-adjusted Forecasting and Planning, caught my eye as I have been a strong advocate of such methods for many years.  

continue reading...

Ten Ways to Improve Internal Audit

Posted on Sep 4, 2013

A highly respected (including by me) internal audit leader is Richard J. Anderson. He retired a few years ago after leading PwC’s internal audit practice, and is now with DePaul University as a Clinical Professor. Dick recently wrote an interesting piece in the Journal of Accountancy that listed 10 ways for the audit committee to “facilitate proper oversight and direction of internal audit.”

continue reading...