Recent Stories

audit management

Dynamic, Iterative, And Responsive To Change

One of the principles for effective risk management in the ISO 31000:2009 global risk management standard is that risk management should be “dynamic, iterative, and responsive to change”. I really like that. It captures a number of key ingredients for…
SEC And SOX Plus COSO 2013 News

SEC And SOX Plus COSO 2013 News

I want to share two situations/reports. The first relates to SOX, the second to COSO 2013. SEC charges SOX 302 violation On July 30th, the SEC published a press release “SEC…
internal audit

Advancing The Practice Of Internal Audit

As I mentioned earlier, I was honored to be a member of the Re-Look Task Force that has proposed changes to the IIA’s standards framework (IPPF). One of the changes is to introduce Core Principles for the Professional Practice…
iia logo

Updating The IIA Standards

The IIA is asking for its members’ opinion on a set of proposed changes to the framework for its Standards (the IPPF). The detailed standards are not changing,…
financial compliance

Risk Management Is Not About Defense

From time to time, I get into trouble with the IIA. Here’s another opportunity. The IIA has embraced the Three Lines of Defense Model and in 2013 issued a position paper (identified as…
financial compliance

More Poor Guidance On COSO 2013

I continue to be concerned that accounting firms are providing poor guidance to their clients and other organizations. Let’s look at new guidance from PwC’s Canadian firm, “What does…
internal auditor

A Call For Internal Audit Change

The IIA has released a new report calling for change. Enhancing value Through collaboration: A call to action has a lot of value, drawing on the results of…
governance

Understanding Governance Risks

How many boards, let alone risk officers, think about the risks to their organization if the governance by the board and top management is ineffective? Certainly, people talk about the potential for…
director

Guidance For Directors On Disruptive Change

Every organization needs to be able to not only anticipate and address the inevitability of change that might disrupt its business, but be prepared to take advantage of the opportunities that will…
Cyber space

Board Oversight Of Cyber-Risks

Over the last few years, “cyber” has moved from science fiction to business reality. I am not sure why we changed from talking about information security to cyber, but I am told (yet not convinced) that there is a…