Recent Stories

The Risk Of Ineffective Risk Management

The Risk Of Ineffective Risk Management

Very few risk practitioners perform any kind of risk assessment regarding the possibility that the risk program at their organization might fail to deliver. Yet we continue to read reports from…
leadership

Leading The 21st-Century Organization

I have been a fan of Tom Peters (author of In Search of Excellence and many more books) for more than 20 years. While CAE at Tosco Corporation, I attended…
Management For The Next 50 Years

Management For The Next 50 Years

An article in McKinsey’s Quarterly Journal that I strongly recommend is on the topic of Management intuition for the next 50 years. My only quibble is that title implies…
Auditing Risk Appetite

Auditing Risk Appetite

Regulators around the world are calling for organizations to establish a risk appetite framework. This is primarily for financial services organizations and especially their financial-related risks. But some are extending…
What Should Auditors Audit?

What Should Auditors Audit?

In the past, auditors were famous for finding problems. They audited a process, business unit, or location and found “weaknesses” in internal control. These were then prioritized based on the
Leaders Of Internal Audit Should Never Be Satisfied

Leaders Of Internal Audit Should Never Be Satisfied

If you think you are world-class, it is time for you to consider change. Our organizations and the risks they face are changing constantly and the pace of change is increasing. Jack…
auditing forward

Auditing Forward

One of the new Core Principles for the Professional Practice of Internal Auditing proposed by the IIA’s Exposure Draft (if you haven’t seen it, read it, and responded please do so) is: insightful, proactive, and future-focused. The…
compliance

An Effective Compliance Program

Deloitte has published a short piece as part of their CFO Insights, Compliance programs: What separates “good enough” from “great”? (They are talking about a combined ethics and…
audit management

Dynamic, Iterative, And Responsive To Change

One of the principles for effective risk management in the ISO 31000:2009 global risk management standard is that risk management should be “dynamic, iterative, and responsive to change”. I really like that. It captures a number of key ingredients for…
SEC And SOX Plus COSO 2013 News

SEC And SOX Plus COSO 2013 News

I want to share two situations/reports. The first relates to SOX, the second to COSO 2013. SEC charges SOX 302 violation On July 30th, the SEC published a press release “SEC…