Given the dynamic environment, the audit committee should take a close look at the company’s risk profile at least annually. Ideally, this review should be supported by an updated risk assessment by management. As the committee evaluates disclosure issues, an understanding of the key risks can provide valuable insights.
Topics: Enterprise Risk Management, Risk Assessment, Audit Committee & Board, Strategic Risk
The strength of the partnership between IT audit and the IT organization is a significant differentiator in the overall success of IT projects and IT audit effectiveness, our research shows.
Topics: IT Governance, IT Strategy, IT Risk, IT Controls
Segregation of duties (SODs) is an important concept to internal control frameworks, financial reporting and regulatory compliance, including the Sarbanes-Oxley Act (SOX). It is a component of an effective control environment. The overall effectiveness of management’s internal controls depends on SoDs to a large extent. For effective internal controls, there needs to be an adequate division of responsibilities.
Topics: COSO, Internal Controls, IT Controls, Process-Level Control, Segregation of Duties
Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational oversight, increased regulatory scrutiny and the need for an adequate control framework to guarantee proper risk management.
Topics: Enterprise Risk Management, Laws & Regulations, Fraud, Foreign Corrupt Practices Act, Compliance, Financial Services Industry
The point of the article, of course, was that people must focus their attention in the correct places when considering what would most influence their quality of life. That same exact issue exists within organizations where the board and management must ensure that they build and sustain the long-term health of the company.
Topics: Enterprise Risk Management, Internal Audit, Audit Committee & Board, IT Infrastructure
In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005.
Topics: IT Audit, Governance, Risk & Compliance, IT Governance, IT Infrastructure
The chief audit executive (CAE) and internal audit can play one or more of the following roles in conjunction with the implementation of enterprise risk management (ERM) in an organization.
Topics: Enterprise Risk Management, Internal Audit, Risk Assessment, Audit Planning, Strategic Risk
WHAT DOES COSO STAND FOR?
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a COSO Framework for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control.
Topics: Enterprise Risk Management, Corporate Governance, COSO, Audit Committee & Board
Topics: Human Resources, Training & Development, Internal Audit, Change Management
Chief audit executives and audit teams may be comfortable with the fact that their approach to audit committee reporting has followed the same unwavering path for the past decade. But are they shortchanging themselves by not communicating results as clearly and engagingly as possible?
Topics: Internal Audit, Risk Assessment, Audit Committee & Board, Quality Assessment Review, Audit Reporting
KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.
With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.
For more information:
