Recent Stories

What Should Auditors Audit?

What Should Auditors Audit?

In the past, auditors were famous for finding problems. They audited a process, business unit, or location and found “weaknesses” in internal control. These were then prioritized based on the
Leaders Of Internal Audit Should Never Be Satisfied

Leaders Of Internal Audit Should Never Be Satisfied

If you think you are world-class, it is time for you to consider change. Our organizations and the risks they face are changing constantly and the pace of change is increasing. Jack…
auditing forward

Auditing Forward

One of the new Core Principles for the Professional Practice of Internal Auditing proposed by the IIA’s Exposure Draft (if you haven’t seen it, read it, and responded please do so) is: insightful, proactive, and future-focused. The…

An Effective Compliance Program

Deloitte has published a short piece as part of their CFO Insights, Compliance programs: What separates “good enough” from “great”? (They are talking about a combined ethics and…
audit management

Dynamic, Iterative, And Responsive To Change

One of the principles for effective risk management in the ISO 31000:2009 global risk management standard is that risk management should be “dynamic, iterative, and responsive to change”. I really like that. It captures a number of key ingredients for…
SEC And SOX Plus COSO 2013 News

SEC And SOX Plus COSO 2013 News

I want to share two situations/reports. The first relates to SOX, the second to COSO 2013. SEC charges SOX 302 violation On July 30th, the SEC published a press release “SEC…
internal audit

Advancing The Practice Of Internal Audit

As I mentioned earlier, I was honored to be a member of the Re-Look Task Force that has proposed changes to the IIA’s standards framework (IPPF). One of the changes is to introduce Core Principles for the Professional Practice…
iia logo

Updating The IIA Standards

The IIA is asking for its members’ opinion on a set of proposed changes to the framework for its Standards (the IPPF). The detailed standards are not changing,…
financial compliance

Risk Management Is Not About Defense

From time to time, I get into trouble with the IIA. Here’s another opportunity. The IIA has embraced the Three Lines of Defense Model and in 2013 issued a position paper (identified as…
financial compliance

More Poor Guidance On COSO 2013

I continue to be concerned that accounting firms are providing poor guidance to their clients and other organizations. Let’s look at new guidance from PwC’s Canadian firm, “What does…