Most, if not all, business transactions executed today touch the information technology (IT) environment at some point in their lifecycle. As organizations plan for the next calendar year, it’s logical to regard the IT risk assessment as a critical component that should be reviewed through the internal audit function.
What is Financial Instrument Risk?
Buyers and sellers may enter into sub-optimal financial or commodity instrument structures that have been standardized for efficient electronic trading. Conversely, buyers and sellers may enter into transactions where some trade terms were not anticipated due to shortcomings in the electronic communication means portraying the transaction.
Sarbanes-Oxley compliance once was thought to be a relatively static, predictable process that organizations could rely on to be routine and, for the most part, static. Yet market and regulatory changes continue to make this a more dynamic process, with costs and hours continuing to rise for many organizations. The good news is that more organizations are recognizing the benefits of their compliance efforts through improved internal control structure and business processes.
Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational oversight, increased regulatory scrutiny, and the need for an adequate control framework to guarantee proper risk management.
In November 2012, the criminal division of the U.S. Department of Justice (DOJ) and the enforcement division of the U.S. Securities and Exchange Commission (SEC) jointly released A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”). While the 130-page guide is packed with useful information and written in an approachable style free from legalese, it provides perhaps its best and most useful information beginning on page 57 in the section titled, “Hallmarks of an Effective Compliance Program.” In the in introduction to this section, the authors note that there is no such thing as a one-size-fits-all compliance program, and that it is expected that small to midsize companies’ compliance programs will very likely differ from those in place at much larger organizations. They also point out that companies may consider a variety of factors in tailoring a compliance program to their specific organizations.
In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Integrated Internal Control Framework (Framework) went into effect (http://www.ic.coso.org). If you’re wondering what this model is, you probably work for a privately held corporation or a non-profit, or are very new to internal audit.
Add a Comment: