Many lessons were learned from the financial crisis. For example, if a chief executive ignores the warning signs posed by the risk management function, resists contrarian information suggesting the corporate strategy is either not working or losing relevance, or fails to consider critical risks when evaluating whether to enter a new market or consummate a complex acquisition, the shareholders and other constituents can end up paying a high price.
Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes is an unacceptable practice.
Chief audit executives and audit teams may be comfortable with the fact that their approach to audit committee reporting has followed the same unwavering path for the past decade. But are they shortchanging themselves by not communicating results as clearly and engagingly as possible?
Three Protiviti executives – David Brand, managing director, Chicago; Jason Maslan, director, Chicago internal audit practice; and Ari Sagett, director, Chicago internal audit practice – addressed the all-too-frequent issue of stale audit committee reporting by offering some eye-opening leading practice examples in a recent webcast.
Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, and cost of operations tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes, and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing, business intelligence and the like. Lastly, and especially important to this audience, IT can contribute greatly to a company’s system of internal control.
The "Holy Grail" for IT has always been to be closely aligned with business efforts. For years, business has encouraged IT to focus on delivering business priorities. At the same time, IT has tried to be an integral part of business planning and align IT efforts and investments with business priorities. Ultimately, effective IT alignment really does require the ongoing and engaged involvement of all key participants.
In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Integrated Internal Control Framework (Framework) went into effect (http://www.ic.coso.org). If you’re wondering what this model is, you probably work for a privately held corporation or a non-profit, or are very new to internal audit.
In a recent KnowledgeLeader article, Paul Pettit, Director for Protiviti's Capital Projects and Contracts practice in Houston, Texas, explained how auditors can use data analytics to avoid the massive waste spending that often goes hand-in-hand with hiring outside vendors and contractors.
While strategy-setting defines an enterprise’s overall strategic direction, differentiating capabilities and required infrastructure, a business plan lays out how an organization intends to execute a strategy during an annual period or, if longer, the operating cycle.
Topics: Enterprise Risk Management
Add a Comment: