Skip to Content

These are the posts on my personal blog that obtained the most views. The #1 post, on risk appetite, garnered nearly 3,000 views.

I will later share the top posts on the IIA blog.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

 

 

Just what is risk appetite and   how does it differ from risk tolerance?

 

 

2

 

 

10 reasons not to like the   COSO ERM framework – a discussion with Grant Purdy

 

 

3

 

 

The difference between   continuous controls monitoring and the continuous inspection of transactions

 

 

4

 

 

The essential ingredient to   effective risk management: the culture

 

 

5

 

 

How do you evaluate your risk   management program?

 

 

6

 

 

A metaphor that explains GRC

 

 

7

 

 

PwC has sound advice on   Continuous Auditing

 

 

8

 

 

What is the relationship   between Governance, ERM, and Internal Control?

 

 

9

 

 

New guidance on risk appetite   and tolerance. I like some parts, disagree with others

 

 

10

 

 

Explaining the value of risk   management

 

 

11

 

 

Risk management is not a   quarterly exercise. It should be a way of life

 

 

12

 

 

A good argument by EY for   improved ERM, but a poor one for GRC

 

 

13

 

 

Risks to watch in 2011

 

 

14

 

 

Excellent resources for risk   (and GRC) professionals

 

 

15

 

 

Is Internal Audit lacking in   leadership skills?

 

 

16

 

 

The future of the internal   audit profession

 

 

17

 

 

RIMS’ report on ERM standards   and guidelines: a recommended read

 

 

18

 

 

Disappointed by the PwC State   of the Internal Audit Profession 2011

 

 

19

 

 

Survey results: how people   define GRC

 

 

20

 

 

Where should internal audit   report? Should it be to the audit committee?

 

 

21

 

 

Risk-based Continuous   Monitoring/Auditing – Developments

 

 

22

 

 

The solutions I would buy for   GRC

 

 

23

 

 

Deloitte releases Global Risk   Management Survey, on financial services institutions

 

 

24

 

 

What are the top issues for IT   governance?

 

 

25

 

 

Continuous auditing that   should NOT be performed by internal audit

 

 

26

 

 

KPMG reports major problems in   how risk management is understood and practiced

 

 

27

 

 

Should internal audit ‘do   SOX’?

 

 

28

 

 

Study reports on the Benefits   of Continuous Monitoring

 

 

29

 

 

Questions to ask executives   about risk management

 

 

30

 

 

People are the root cause of   most risk and control issues

 

 

31

 

 

How many risks should be   managed and often should you do so?

 

 

32

 

 

Enabling risk management   across the organization

 

 

33

 

 

PwC explains why leading   finance functions are 60% more efficient than the average

 

 

34

 

 

What is the state of internal   auditing? My opinion

 

 

35

 

 

Advice from McKinsey on board dynamics   and practices

 

 

36

 

 

Economist Intelligence Unit   report on the maturity of risk and compliance

 

 

37

 

 

A true story of fraud and   corporate culture that has implications for us all

 

 

38

 

 

PwC Global Information   Security Study

 

 

39

 

 

Goldman Sachs’ 10 Principles   of Effective Risk Oversight

 

 

40

 

 

Should the head of the   internal audit function also direct the risk management program?

 

 

41

 

 

An effective risk tolerance,   appetite, criteria, etc. statement

 

 

42

 

 

PwC reports changes are   brewing in the boardroom. Are they enough?

 

 

43

 

 

Response to a guest blog on   “What’s wrong with GRC?”

 

 

44

 

 

Does risk management really   include the upside of potential events?

 

 

45

 

 

Just what is GRC? Please share   your definition

 

 

46

 

 

Aberdeen’s report on risk   management includes some interesting materials

 

 

47

 

 

Advice on board oversight of   risk management

 

 

48

 

 

We need your comments to   upgrade the draft COSO internal control framework

 

 

49

 

 

McKinsey survey shows board   practices need improvement

 

 

50

 

 

Deloitte discusses effective   board composition

 

 

51

 

 

Which came first, strategy or   risk: which is the chicken and which is the egg?

 

 

52

 

 

A new study on “Effective GRC   Management: Positioning your company for growth”

 

 

53

 

 

Facts, risks, and   opportunities: The explosion of data about us and our companies

 

 

54

 

 

Shining the spotlight on   mobile risks and opportunities

 

 

55

 

 

Can directors rely on external   auditor to detect material errors in financial statements?

 

 

56

 

 

A discussion of Risk Appetite   by thought leaders

 

 

57

 

 

Protiviti study on IT auditing   raises more questions than it answers

 

 

58

 

 

Study assesses the cost of a   data breach

 

 

59

 

 

There’s a ton of interesting   content in Deloitte’s “Tech Trends 2011”

 

 

60

 

 

Chasing user access and SOD   problems

 

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Former Member Post author
    I have received some critical comments on this post and, unless you tell me the summary is valuable, will not do the same next year.

    I welcome your views.

    (0) 
    1. Tammy Powlas
      For me, feel free to post what you like. 

      My only request: I would like to see you fill out the description part of the blog, so it shows up on the RSS feeds, and makes it easier to see and consume.

      Thanks.

      (0) 
    2. Gregory Misiorek
      Hi Norman,

      you are tackling topics which are ‘uninteresting’ to most of the audience here. i personally think they are far more important than most readers here want to admit, but they want to be wowed as the attention span is really really short and your content is competing with other bloggers and the internet at large like twitter, etc.
      for what they are worth, my blogs don’t attract many comments, so i have decided to restrict the technical topics which are of interest to me to the wiki space as i think their value will increase over time without unnecessary ‘noise’.
      don’t get discouraged but expect tough love from the crowd as it’s whimsical and you never know if your content gets to the rest of us or not. IMHO, i don’t consider the number of comments as a value of anything more than entertainment, your content is much more valuable than that.

      Best regards,

      gm

      (0) 
      1. Former Member Post author
        Yes, I am not a techie (any more) but a more generalized business person. So I can understand that the most appeal only a few hundred. I actually only share here a few of the posts overall, and hope that people who are interested in governance, risk management, and business in general will find me.
        (0) 

Leave a Reply