First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

cyber risk

How much cyber risk should an organization take?

I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.

 

, , , , , , , ,

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

 

, , , , , , , ,