Recent Stories

internal audit

Advancing The Practice Of Internal Audit

Podcast: Play in new window | Download As I mentioned earlier, I was honored to be a member of the Re-Look Task Force that has proposed changes to the IIA’s standards framework (IPPF). One of the changes is to introduce Core Principles for the Professional Practice…
iia logo

Updating The IIA Standards

Podcast: Play in new window | Download The IIA is asking for its members’ opinion on a set of proposed changes to the framework for its Standards (the IPPF). The detailed standards are not changing,…
financial compliance

Risk Management Is Not About Defense

Podcast: Play in new window | Download From time to time, I get into trouble with the IIA. Here’s another opportunity. The IIA has embraced the Three Lines of Defense Model and in 2013 issued a position paper (identified as…
financial compliance

More Poor Guidance On COSO 2013

I continue to be concerned that accounting firms are providing poor guidance to their clients and other organizations. Let’s look at new guidance from PwC’s Canadian firm, “What does…
internal auditor

A Call For Internal Audit Change

The IIA has released a new report calling for change. Enhancing value Through collaboration: A call to action has a lot of value, drawing on the results of…
governance

Understanding Governance Risks

How many boards, let alone risk officers, think about the risks to their organization if the governance by the board and top management is ineffective? Certainly, people talk about the potential for…
director

Guidance For Directors On Disruptive Change

Every organization needs to be able to not only anticipate and address the inevitability of change that might disrupt its business, but be prepared to take advantage of the opportunities that will…
Cyber space

Board Oversight Of Cyber-Risks

Over the last few years, “cyber” has moved from science fiction to business reality. I am not sure why we changed from talking about information security to cyber, but I am told (yet not convinced) that there is a…
Risk Management Challenge – The Answer

Risk Management Challenge – The Answer

In a recent blog, I said I had asked one of the leaders of a CPA firms’ ERM consulting practice this question: “Maybe you can help me understand how you
Monitoring Risk And Control Deficiencies – Who’s Responsible?

Monitoring Risk And Control Deficiencies – Who’s Responsible?

Who’s responsible for ensuring that corrective actions to remedy issues identified by internal audit are completed? Management is responsible for the system of internal control as well as for…