The talk around the updated Internal Control–Integrated Framework has been around how it will impact management teams. For example, have a look at a blurb on the AICPA’s Insights page: 3 Ways the New COSO Framework May Affect Your Business.  

I just listened to an excellent video presentation from NACD featuring Reatha Clark King talking about risk oversight by the board. I recommend this to boards, especially board chairs, governance committee members, as well as members of the audit and risk committees. It is also useful for executives, general counsel, and practitioners.

The updated COSO Internal Control–Integrated Framework can be used as a reminder that the root cause of most corporate problems comes either from issues relating to integrity or competence. In other words, the root cause is usually people.

There is a very clear relationship between internal control and risk management. Basically, internal controls provide reasonable assurance that risks to the achievement of organizational objectives are at acceptable levels. (The organizational objective when it comes to financial reporting is to provide financial satements that are free of material omission or error.) 

The National Association of Corporate Directors (NACD) has established an advisory council on risk oversight and published a report on its second meeting that contains notable comments. It is available athttp://www.nacdonline.org/Resources/Article.cfm?ItemNumber=6762. 

Deloitte’s Risk Intelligence White Papers are a set of thought leadership that I have strongly recommended in the past — and continue to do so today. 

Gartner’s 2013 Global CIO Study points to issues I have previously aired: namely a failure to obtain full advantage from new and disruptive technology. This should be of concern to board, all executives, leaders of IT, and risk and assurance professionals.

Survey after survey talk about the top 10 risks or such. For example, look at the 2013 Global Risk Management Survey by Aon. It raises some good points, including a refreshing observation that companies are paying more attention to risk management these days.

 I have been reading an October 2012 publication by McKinsey, Evaluating technology on the boardroom  agenda (registration required – and well worth it). The title of this post is drawn from the piece. The full and important quote is:

Businesses are becoming increasingly digital and it’s not just a matter of process automation or resource-planning systems. Technology trends such as big data, cloud computing, mobility, and social media are giving rise to new marketing and operational capabilities. Indeed, technology has become too embedded in the fabric of the business—and too critical for competitive performance—to be left to the IT function alone.”

My good friend, Michael Rasmussen, is perhaps the father of the term GRC and styles himself as the GRC Pundit. He has an excellent web site that I wholeheartedly recommend and one of his latest posts is on the subject of 2013 GRC Drivers and Trends.