Blog and Resources
Blog and Resources
New IIA Global Standards: Brave New World or “Old Wine in New Bottles”?
3 Questions to Consider Before Implementing the New Standards In January 2024, the Global Internal Audit Standards (the IIA’s Standards) were updated after a long consultation process. While the updated standards are not expected to have a dramatic impact on IA...
Assessing Board Minutes: A Risk Oversight Tool for Internal Control and Internal Audit Professionals
This template provides an easy guide for assessing your Board and Committee minutes aligned with best practices. It’s a useful template for internal control, internal audit, finance, or governance professionals. While it’s not meant to be a comprehensive guide of everything required for Board oversight, meeting, and minutes practices, it is a great resource for assessing Board and Committee minutes through the filter of an internal audit professional.
Are You Managing the Risks of Disclosure? – Revisiting Your Controls in the Age of ESG, DEI, and Social Media
Do people in your organization worry about saying too much, too little, or the wrong thing? I can guess the answer is yes. The risks of disclosure (and nondisclosure) are intensifying with the rise of new regulations regarding what we say and how and when we say it....
“Do More with Less”: 8 Ways GRC Programs Can Add Value in Lean Times
As we gear up for a strong Q4, everywhere we go we hear people talking about interest rates, inflation, layoffs, and the economic risks ahead. We’re seeing delays and even decreases in spending on projects, training, and benefits. People are trying to figure out how...
Revisiting Entity Level Controls: COSO 2013 Ten Years Later
A fish can’t survive if the water it’s living in is dirty. The same goes for your control environment. Your controls can only thrive in the right environment. Ten years ago, the approach to achieving that “right environment” shifted with the concept of Entity Level...
Embracing *Design 2.0* for Internal Controls: Using Different Approaches for Better Results
“Design” is the foundation of internal controls — from how you structure financial processes, controls, testing, and your program. But it is likely the most untapped and misunderstood aspect of your internal controls program too. Effective design is where your team’s...
How to Create Policies and Standards That Are Smarter, More Effective, and More Respectful
Whether you call them policies, standards, or guidelines, rules are everywhere in our organizations. We have rules for how we hire, train, take time off, buy things, and do our work. We have rules for our employees, our vendors, our partners, and even our customers....
Is “Digital Transformation” on Your Horizon? – Try Starting with “Digital Adoption”
When technology works, it works fabulously well. At its best, technology can lead to true, measurable “transformation” of our processes and how we work. For example, at a recent presentation, I heard a project manager explain a system he implemented that changed the...
Avoiding Risk Is Not a Strategy – Understanding 5 Risk Models and 4 Principles
Is “Risk Avoidance” Really “Risk Management”? A quick google search gives you the definition of risk management as being about “mitigating” risk. This is how, in practice, risk management most often works in the corporate world. It is rare to see a Risk Manager say,...
A Minute About Minutes: Best Practices for Boards and Teams
In the world of Internal Controls or GRC (Governance, Risk, and Compliance), there is tons more value we can extract from documentation and processes, but too many people leave that value on the table. And that’s where the topic of minutes comes in. They are obviously...