The Soapbox No Description Blogo Thu, 24 Apr 2014 18:40:53 GMT en-us Zoceehouttilidp viagra buy viagra viagra viagra online viagra cialis online cialis professional cheap cialis cialis cialis]]> Thu, 24 Apr 2014 00:08:57 GMT Thomas Tue, 07 May 2013 06:29:18 GMT Keith Johnson, CPA, CIA Little Things Add Up

Hello, I have been a proud member of the IIA and the Northeast Florida Chapter since 2004. My chapter, as with almost all chapters, is very much into chapter development and CAP. We want to not only to keep pace with the IIA, but to also develop our members as well. 

We noticed a big way to get CAP is have a large chapter and highly attended meetings. While having a large and engaged chapter is nice, some rural areas are unable to grow large chapters easily. However, their chapter leadership may have no less a desire to attain gold or platinum status than one in a large city.

So, how does a smaller-sized chapter get points? You may find yourselves leaving a lot of points on the table and you not even know it. For instance, giving lectures and writing articles on Internal Audit-related topics can be sent to your chapter to get CAP. That helps a lot.

In the Fall, encourage your members to apply to join one of the many IIA Committees or Boards. Although it is competitive, and you may not be selected, you get CAP for just submitting the application. If some of your members like to write like I do, have them submit a Research Proposal through the Research Foundation. Be ready to do the research if selected, however, even if your research proposal is not selected, its eligible for CAP.

And here's the best part....while you're doing that, you're increasing your knowledge and value to your chapter, your employer, and your profession. Even though these activiites are not big and sexy, they add up and can make the difference between a Silver or Gold status.

So just because, you may be a member of a small chapter, look for the little things to earn CAP. It may turn out to be bigger than you think.  


]]> Thu, 31 Jan 2013 21:11:15 GMT
Wincelle Mon, 17 Dec 2012 10:00:53 GMT Naresh Sun, 09 Sep 2012 10:24:50 GMT Javier Sun, 02 Sep 2012 22:27:48 GMT Jenny Mon, 23 Jul 2012 08:39:19 GMT Ahmd Sun, 22 Jul 2012 16:47:00 GMT Sham Wed, 28 Mar 2012 09:00:23 GMT Khalid Ezzaldin Mon, 05 Mar 2012 10:09:57 GMT John Paul Lorenz Auditors need to be independant first and foremost.  That's why the audit committee hired us, as when we start "consulting" on projects we can put our "indendance" at risk.  I mean, when do you stop?  And do you audit the area you have consulted on?  What happens if you have findings??  Who's fault is that then? (You didn't consult too well then did you?)  And heaven forbid if the externals come in and blow it up after I/A's "consulting".  (Lost a bit of credibility with everyone then huh?)  I asking if the added risks are worth the "seat at the table" as you define it.  And are most IA teams versed in consulting? That too is a skill....

Experience is important. You would never hire a CEO/CFO/CAE without the appropriate business experience, so why would you put newbie auditors w/o experience into a situation that they will fail in? You always put the right talent/experience into the right audits-as a CAE that is your job.  The audit committee expects that as well as management.  Don't short-shift experience and talent!

Finally, let's remember Authur Anderson and Enron when we discuss "Consulting".  They were a "Big 4" and they got that consulting thing wrong and died, what makes you think that joe auditor will get it right for your firm?


]]> Wed, 29 Feb 2012 17:39:08 GMT
Edward Sun, 19 Feb 2012 05:33:21 GMT Charles As the old saying goes, "timing is everything". Good article, appreciated that this relevant topic has been giving some attention.


Kind regards



]]> Mon, 13 Feb 2012 09:25:00 GMT
Michael Corcoran Dan, I like the simplicity and logical sequence of your approach as it actually reflects how a BOD and C Suite think about and run a business. Trying to force an internal control framework upon us (only accepted regulatory framework) that is rooted in post World War II thinking is dangerous. The focus has to be on value creation and preservation through good governance, prudent value and risk management and on how to execute and perform.  ISO 31000 did their enterprise risk framework in 25+ pages.  So this level of complexity is perplexing. The simpler, the better, the wider acceptance.

]]> Fri, 13 Jan 2012 20:21:11 GMT
Tim Leech There was a typo in my first post.  Defiicent "RISK TREATMENTS" on my post. The second last sentence in the second paragraph should read:

" I encourage all IIA members to take the time and review the COSO 1991 exposure draft, the 1995 Canadian CoCo framework and the OCEG GRC Maturity Framework and form a knowledgeable view if COSO 2012 represents any forward progress. My view is that it does NOT. I encourage all of you to take the time to really understand the options available and have a view."

]]> Fri, 13 Jan 2012 15:42:10 GMT
Tim Leech Dan:

I like you was disappointed when COSO announced before commencing the exercise that the core definition of internal control and the five core categories that comprise the framework were not on the table for discussion or update.  That decision condemned the exercise to incrementalism in its worst form.  In 2004 I believe COSO made a mistake building COSO ERM on the same flawed five categories of control. Making the same decision 20 years after the COSO 92 was launched is even more problematic.  

It is amazing to me that COSO would actually take a big step forward if it was to adopt the original definition of control and the nine control categories proposed in the 1991 exposure draft. I have drafted a white paper that will form part of my response to the COSO 2012 exposure draft.  (  I encourage all IIA members to take the time and review the COSO 1991 exposure draft, the 1995 Canadian CoCo framework and the OCEG GRC Maturity Framework and form a knowledgeable view if COSO 2012 represents any forward progress.  My view is that it does.  I encourage all of you to take the time to really understand the options available and have a view.

For those of you that read my white paper you will see that my view is that the IIA is conflicted by its membership in COSO and should lobby the other four COSO membera and propose fundamental changes to COSO governance.  When was the last time COSO underwent an internal audit that was reported to all members of its member organizations?  The answer is never.   

]]> Fri, 13 Jan 2012 15:38:41 GMT
Cassie Sat, 24 Dec 2011 12:22:22 GMT Chemo Mutani Sure, Internal Auditors are the "rock" that can accommodate such moderation with management, stepping in at a point where they are needed the most, even if management may not thing so. To build a professional relationship with management by influencing them to become pro-Internal Auditors. Relationships are not built overnight, so it surely will require patience on the part of the auditor. But what is important is for the auditor to continously be in the influencing side, and not the one to be dissolved in the meanders of management; or , as it is to most of the auditors in our country Tanzania, complain about everybody else except themselves. Auditors have to set the standards; gold standard of conducting affairs of any firm. Auditors should LEARN to be proactive. To be the solutions to problems that the firm may face in far beyond foreseeable future.

]]> Mon, 26 Sep 2011 09:53:45 GMT
Jayde Wed, 07 Sep 2011 00:17:16 GMT Jerry  This is a big challenge. A great deal of this originates from the <a href="">IT strategic plan</a> which should have input from the ITSC. But the plan likely has goals for the ITSC as part of improving governance and support for the plan. 

]]> Wed, 31 Aug 2011 01:01:58 GMT