KnowledgeLeader Blog

Given the dynamic environment, the audit committee should take a close look at the company’s risk profile at least annually. Ideally, this review should be supported by an updated risk assessment by management. As the committee evaluates disclosure issues, an understanding of the key risks can provide valuable insights.

Topics: Enterprise Risk Management, Risk Assessment, Audit Committee & Board, Strategic Risk

The strength of the partnership between IT audit and the IT organization is a significant differentiator in the overall success of IT projects and IT audit effectiveness, our research shows.

Topics: IT Governance, IT Strategy, IT Risk, IT Controls

Segregation of duties (SODs) is an important concept to internal control frameworks, financial reporting and regulatory compliance, including the Sarbanes-Oxley Act (SOX). It is a component of an effective control environment. The overall effectiveness of management’s internal controls depends on SoDs to a large extent. For effective internal controls, there needs to be an adequate division of responsibilities.

Topics: COSO, Internal Controls, IT Controls, Process-Level Control, Segregation of Duties

Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational oversight, increased regulatory scrutiny and the need for an adequate control framework to guarantee proper risk management.

Topics: Enterprise Risk Management, Laws & Regulations, Fraud, Foreign Corrupt Practices Act, Compliance, Financial Services Industry

The point of the article, of course, was that people must focus their attention in the correct places when considering what would most influence their quality of life. That same exact issue exists within organizations where the board and management must ensure that they build and sustain the long-term health of the company.

Topics: Enterprise Risk Management, Internal Audit, Audit Committee & Board, IT Infrastructure

In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005. 

Topics: IT Audit, Governance, Risk & Compliance, IT Governance, IT Infrastructure

The chief audit executive (CAE) and internal audit can play one or more of the following roles in conjunction with the implementation of enterprise risk management (ERM) in an organization.

Topics: Enterprise Risk Management, Internal Audit, Risk Assessment, Audit Planning, Strategic Risk

WHAT DOES COSO STAND FOR?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a COSO Framework for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. 

Topics: Enterprise Risk Management, Corporate Governance, COSO, Audit Committee & Board

Written by Ann Butera, president of The Whole Person Project, Inc.

 

By definition, “influence” is the ability to get others to act on your suggestions without pulling rank. Influential people can garner support for their ideas and they understand that being persuasive requires more than technical expertise and simply having facts to support a perspective. They can communicate their message in as many ways as necessary to appeal to the diversity of their audience. Persuasive people leverage their relationships with others and the information they possess to get others to act on corrective action plans and implement suggestions for increased efficiency. 

Topics: Human Resources, Training & Development, Internal Audit, Change Management