Excellence in Risk Management Is More Dream Than Reality

Posted on May 11, 2014

Marsh is one of the leading insurance brokers and risk management consulting organizations. In partnership with the Risk Management Society (RIMS), they have published a Special Report: Excellence in Risk Management XI – Risk Management and Organizational Alignment: A Strategic Focus (registration required). 

continue reading...

The CIO as Builder of the Business

Posted on May 3, 2014

I am encouraged to see that leading CIOs, according to a recent report from Deloitte University Press, now “describe their roles in terms such as ‘imagination,’ ‘chief innovation officer,’ and ‘revenue-generator CIO.’”

continue reading...

Do You Know Who Has Broken Into Your System?

Posted on May 3, 2014

Traditional information security (or cyber security) is focused on preventing unauthorized access to your network, systems, applications, infrastructure, and data. But, as we all know only too well, the people trying to get in are exposing and exploiting vulnerabilities faster than we can plug the holes. 

continue reading...

A New Perspective on SOX and the COSO Principles

Posted on Apr 25, 2014

As I prepare for my next SOX Master Class, I have been thinking about the 17 COSO principles and the template (or checklist) that some seem to feel is necessary.  How can I explain why it is wrong to map last year’s key controls to each of the new COSO Principles without first assessing whether a failure to achieve a principle would result in a financial reporting risk, potentially a source of material misstatement? 

continue reading...

The State of the Internal Audit Profession

Posted on Apr 21, 2014

PwC has published the 2014 edition of their State of the Internal Audit Profession. The stated theme is bland: “alignment of stakeholder expectations, and matching skills and capabilities to those expectations, helps internal audit enhance the value delivered to the organization.” But there is a clear message to internal audit leaders, as well as to audit committee members and others with oversight responsibility for internal audit.

continue reading...

Lessons Learned on the Audit Trail. A Review

Posted on Apr 18, 2014

Richard Chambers, President and CEO of The IIA and a gentleman I consider a friend, has written an interesting book that describes “life-based lessons on strategies for success for internal auditors and CAEs.” I decided to purchase a copy and see what he has to say. Neither he nor anybody else asked me to review it, and they don’t have any clue what I am going to say! Well, I think this is a good read and recommend it to every striving internal auditor.

continue reading...

How to Address the COSO Principles for Sarbanes-Oxley

Posted on Apr 14, 2014

I continue to see and hear questions about how organizations should address the 17 principles in the updated COSO Internal Control–Integrated Framework.

continue reading...

Evaluating New Technology

Posted on Apr 6, 2014

According to all the surveys, CEOs place technology as the number one driver of change in their business. New technologies like predictive analytics and the Internet of Things, or significant advances on existing technologies, like robotics and artificial intelligence, provide opportunities to not only enhance existing process but deliver new products and services.

continue reading...

PCAOB Board Member Clears the Air About SOX and the External Auditors

Posted on Mar 29, 2014

Board Member Jeanette Franzel spoke on the 26th at the IIA’s GAM conference on the topic of “Effective Audits of Internal Control in the Current “Perfect Storm.” The full text of her speech has been posted by the PCAOB. 

continue reading...

An Internal Auditor Recommended Taking More Risk

Posted on Mar 22, 2014

Something like 20 years ago, during my first years as the CAE of a major oil refining company, one of my staff (I only hired audit managers at that time and she was the most senior of the three) was working on an audit of Treasury. The Treasurer was a senior member of the Finance team, highly respected by company leadership. So it was important that we make a good impression in this first audit of his area.

continue reading...