First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Budgeting and Auditing

Rethinking internal auditing

In 1998, the magazine of the American Institute of Certified Public Accountants (AICPA), the Journal of Accountancy, approached the IIA. They said they wanted to write an article about progressive internal auditing leaders and (I thank them) the IIA pointed them to me.

 

, , , ,

Time to wake up to risk reality

For 11 years, the ERM Initiative at North Carolina University has surveyed executives (this year they were again all financial executives) about what they call “the current state of risk oversight processes in organizations of all types and sizes to obtain an understanding of the relative maturity of underlying activities executives and boards use to monitor the rapidly changing risk landscape”.

 

, , , , ,

Fiscal year ends, business continuity, and COVID-19

At the best of times, fiscal year ends are challenging. Organizations with upcoming or recent fiscal year ends will undoubtedly find them particularly challenging. Organizations with robust policies and procedures will likely fare better than those without. Consequently, it will be helpful to start your year end planning as early as you can.

 

, , , , , , , , , , , , , , , , , , , ,

Risk-based cyber risk reporting

I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.

 

, , ,

Whistleblower hotlines decrease the cost & duration of corporate fraud schemes

fraud

The Association of Certified Fraud Examiner’s (ACFE) biennial Report to the Nations consistently provides a detailed, and visually engaging, representation of the impact organizational fraud has on our organizations. Its tenth edition, released this year, is no different. In the report, we get a broad understanding of fraud ranging from the methods in which it is committed, to the characteristics of victimized organizations, to the impact of various types of schemes.

 

, , , ,

Boasting about internal audit value

Richard Chambers, President and CEO of the global Institute of Internal Auditors, is a friend whose leadership at the IIA and of internal audit practices I value and respect. Recently, he wrote a blog, One Mistake Internal Audit Cannot Afford to Make in 2020.

 

, , , ,

A new code sets back the status and practice of internal auditing

he Chartered Institute of Internal Auditors (the UK affiliate of the global Institute of Internal Auditors) is usually a thought leader, promoting and explaining best and leading internal auditing practices. For example, they have done excellent work on [enterprise] risk-based auditing.

 

, , ,

Entering the era of operational resilience

Operational resilience is the ability of a business to tolerate shocks and maintain normal operations. Those shocks can be all sorts of things — IT failures, natural disasters, terrorism, cyberattacks — but they’re typically sudden shocks, happening within hours or even minutes, that threaten your company’s ability to provide whatever it is you provide to customers.

 

, , , ,

Risk and consequences

I like to think that effective risk management helps the managers of an organization, at all levels, make the informed and intelligent decisions necessary for success – reliably achieving enterprise objectives considering all the things that might happen, both positive and negative.

 

, , , ,

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Managing risk when the board is over-confident

When we talk about confidence in managing risks, we’re really talking about confidence in the effectiveness of your risk management program — and apparently, we have a systemic disconnect between the board and management about that issue.

 

, , , , , ,

Why does internal audit need to be agile?

You don’t have to go very far to hear an internal audit leader talk about agile. Richard Chambers, President and CEO of the IIA, shared this:

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2019

This year on the Inside Internal Controls blog, we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit and business management, among others. The top 10 most-read Inside Internal Controls posts for 2019 include

 

How effective is risk management today?

If you want to know how effective risk management is, you should ask the customer and not the provider.

 

, , , ,

Previous Posts