We all know that change is inevitable, but what can an organization do to keep its strategies and risk management capabilities on the same course as the ever-changing business environment?
In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005.
Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational oversight, increased regulatory scrutiny, and the need for an adequate control framework to guarantee proper risk management.
Many lessons were learned from the financial crisis. For example, if a chief executive ignores the warning signs posed by the risk management function, resists contrarian information suggesting the corporate strategy is either not working or losing relevance, or fails to consider critical risks when evaluating whether to enter a new market or consummate a complex acquisition, the shareholders and other constituents can end up paying a high price.
Country risk comprises the various risks of investing in a foreign country that can lead to either investment impairments or reductions in returns on investment (ROI). Investment impairments may arise from confiscatory actions by a sovereign (e.g., nationalization of the business or expropriation of assets). ROI reductions may arise from discriminatory actions by a sovereign directed to the company, a targeted industry (say, energy or banking) or companies from certain countries (e.g., additional taxation, price or production controls, exchange controls, currency manipulation, expansion controls, performance requirements and other regulations). Both may arise from destructive or disruptive acts by others (e.g., violence, terrorism, war, strikes, infrastructure deficiencies, kidnappings or physical phenomena). The primary objective of managing country risk is to protect company investments in foreign markets and sustain acceptable investment returns.
In November 2012, the criminal division of the U.S. Department of Justice (DOJ) and the enforcement division of the U.S. Securities and Exchange Commission (SEC) jointly released A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”). While the 130-page guide is packed with useful information and written in an approachable style free from legalese, it provides perhaps its best and most useful information beginning on page 57 in the section titled, “Hallmarks of an Effective Compliance Program.” In the in introduction to this section, the authors note that there is no such thing as a one-size-fits-all compliance program, and that it is expected that small to midsize companies’ compliance programs will very likely differ from those in place at much larger organizations. They also point out that companies may consider a variety of factors in tailoring a compliance program to their specific organizations.
Chief audit executives and audit teams may be comfortable with the fact that their approach to audit committee reporting has followed the same unwavering path for the past decade. But are they shortchanging themselves by not communicating results as clearly and engagingly as possible?
Three Protiviti executives – David Brand, managing director, Chicago; Jason Maslan, director, Chicago internal audit practice; and Ari Sagett, director, Chicago internal audit practice – addressed the all-too-frequent issue of stale audit committee reporting by offering some eye-opening leading practice examples in a recent webcast.
In more than 20 years of experience as an auditor, I have had the good fortune to go on audit assignments and client meetings throughout the U.S. and in many countries of the world. Some trips were spectacular, landing me in the midst of great cities like New York, New Orleans and San Francisco. Others, however, put me in danger zones amidst civil war and natural disaster. If you’re a well-heeled auditor like me, you’ll appreciate the stories and advice I share in this article. If you have ever dreamed of getting that plum auditing role that includes travel, take note: it isn’t always what you imagined it to be. This article will help you understand the pros and cons of the traveling auditor’s life.
Topics: Protiviti, information technology risk, Hot Issues, internal audit, Cross-border & Non-US issues, audit, project management, travel, audit assignments, network & internet security, Paul Pettit
Add a Comment: