Recent Stories

Lessons Learned From The Transition To COSO 2013

Lessons Learned From The Transition To COSO 2013

Protiviti has shared with us a useful Top 10 Lessons Learned from Implementing COSO 2013. I especially like this section: It is presumed that everyone understands that a top-down, risk-based approach remains applicable to Section 404 compliance, and the transition…
The Most Important Sentence In COSO

The Most Important Sentence In COSO

In my opinion, one sentence stands out, whether you are looking at the COSO Internal Control – Integrated Framework (2013 version) or the…
A Study In Enterprise Risk Management

A Study In Enterprise Risk Management

A new article in Singapore’s Business Times explains that when Singapore achieved its independence in 1965 (through separation from Malaysia), its attention to enterprise risk management helped…
privacy security

Privacy Risk Management And Compliance

I have been a big fan of the Open Compliance and Ethics Group for many years (since well before it honored me as a Fellow). OCEG is a not-for-profit organization that focuses on “principled performance,” which it defines…
Understanding And Managing Cyber Risk

Understanding And Managing Cyber Risk

Last week, I participated in an NACD Master Class. I was a panelist in discussions of technology and cyber risk with 40-50 board members very actively involved –…
cyber security

New Information And Perspectives On Cyber Security

The world continues to buzz about cyber security (or, perhaps we should say, insecurity). Now we have the Chinese government apparently admitting that they have a cyberwarfare capability:…
Drive Business Results By Harnessing Uncertainty

Drive Business Results By Harnessing Uncertainty

I am very pleased to see new guidance on risk management from Ernst & Young (EY) that recognizes that risk management is not a defensive activity designed only…
What Should The Audit Committee Focus On In 2015?

What Should The Audit Committee Focus On In 2015?

Every year, the audit firms provide audit committees with their ideas of what the agenda should include in the coming year. Their ideas are usually good, although typically (and…
Hire People Who Can Think

Hire People Who Can Think

I am often encouraged by surveys of the attributes executives look for when they hire. An increasing number recognize that education, certifications, and even experience are insufficient. The so-called…
Why Internal Audit Fails At Many Organizations

Why Internal Audit Fails At Many Organizations

When recent studies by KPMG and PwC indicate that about half of internal audit’s key stakeholders (board members and top executives) do not believe that internal audit is neither delivering…