Recent Stories

Leveraging The COSO Internal Control Update For Advantage

Leveraging The COSO Internal Control Update For Advantage

PwC, who led the project for COSO that updated the Internal Control – Integrated Framework, have shared 10 minutes on why the COSO Update deserves your attention. PwC has…
New E-Book On Segregation Of Duties: A Review

New E-Book On Segregation Of Duties: A Review

I congratulate Larry Carter for his new e-book, published by Compliance Week, on the topic Segregation of Duties and Sensitive Access: Leveraging System-Enforced Controls. This is…
The Effective Audit Engagement

The Effective Audit Engagement

 So far, I have discussed What Should Auditors Audit? and The Risks to Include in the Audit Plan. Now I want to talk about…
Technology, Strategy, Cyber, And Risk

Technology, Strategy, Cyber, And Risk

How do you assess the risk of missing the opportunity to leverage disruptive technology? Does being on the “bleeding edge” still scare you? Are you…
Considering Reputation Risk

Considering Reputation Risk

An organization’s reputation is critical to their success (in almost every case). A smart CEO and her board pay attention to the organization’s reputation and take care to nurture, protect, and
The Risks To Include In The Audit Plan

The Risks To Include In The Audit Plan

In my last post, I discussed What Should Auditors Audit? My answer was that internal audit should address the risks that matter to the organization, its board, and…
Information Security And Risk

Information Security And Risk

Should information security (or cyber, if we follow the latest fad) be based on risk? What is that risk, is it risk to the information or other IT resources,…
Disruption And Risk

Disruption And Risk

I like a very recent publication, Deloitte on Disruption. They use a definition of strategic risk that I have not seen before (I don’t know whether they created the definition):
The Risk Of Ineffective Risk Management

The Risk Of Ineffective Risk Management

Very few risk practitioners perform any kind of risk assessment regarding the possibility that the risk program at their organization might fail to deliver. Yet we continue to read reports from…
leadership

Leading The 21st-Century Organization

I have been a fan of Tom Peters (author of In Search of Excellence and many more books) for more than 20 years. While CAE at Tosco Corporation, I attended…