Internal Controls

Maintaining an Effective Compliance Program

May 22, 2012

Building out a first-rate compliance program is no easy task, but it's still only the start of the process. Maintaining its effectiveness by keeping up with rapidly changing regulations, assessing compliance gaps and filling them, and mitigating ongoing compliance risks are all necessary to ensuring that a compliance program stays on track. Details inside.
 

Electronic Information Deluge Putting a Strain on Records Management

May 22, 2012

Despite increased resources and good intentions, companies are still fumbling when it comes to executing a comprehensive information management program that balances the unique needs of physical and electronic documents. A recent survey from Iron Mountain found that nearly three-quarters of respondents said they lacked a cohesive, multi-year strategy for records and information management. More survey results inside.
 

Integrating Risk Appetite and Risk Management

May 15, 2012

Three years after the financial crisis, it's clear that companies still struggle with how to manage risk in the organization; just ask JPMorgan. Part of the difficulty: Getting a handle on risk across the organization is a complex undertaking which requires a careful balancing act. Integrating a formal statement of risk appetite with the risk-management program is an important step. Details inside.
 

Compliance Rescues Morgan Stanley From FCPA Prosecution

May 08, 2012

Morgan Stanley was exonerated from Foreign Corrupt Practices Act violations last month, despite a guilty plea by one of its top executives. The Justice Department and the SEC are citing the bank's strong compliance program for why it declined to pursue charges. "Corporate America has been sent a clear message that those who try will be rewarded," says Roy Snell, CEO of the Society of Corporate Compliance and Ethics.
 

Recipe for Anti-Corruption Successes: Due Diligence, Diverse Messaging

May 08, 2012

Much goes into doing anti-corruption properly, but there are four broad categories that top companies focus on: assessing corruption risks, devising controls against them, implementing those controls and procedures with the local workforce, and then following up with constant monitoring. Inside, more lessons for building an effective anti-corruption program.
 

COSO Extends Timeline to Digest Mountain of Feedback

May 01, 2012

Facing hundreds of ideas for changes and worries over transition, the Committee of Sponsoring Organizations is pushing the target completion date for a rewrite of its widely accepted internal control framework into the first quarter of 2013. COSO is also planning new supplemental guidance to be issued with the final framework.
 

Enterprise GRC Systems: Ready When You Are

May 01, 2012

After years of industry consolidation, integrated enterprise governance, risk, and compliance systems are ready for prime time. The systems can produce sophisticated risk analytics, real-time reports, and alerts on control failures. To take advantage of these GRC system features, however, internal processes must be thoroughly understood and cataloged. Details inside.
 

Banks Collaborating on Account Management Automation

May 01, 2012

The world's largest banks are working together to build a system that will standardize and simplify the management of their corporate clients' bank accounts. Known as eBAM, the system automates the process and uses common terms to manage accounts. It also simplifies creation of reports that aggregate and analyze data, makes it easier to audit the accounts, and improves security features for clients. Details inside.
 

How Not to Go Public

May 01, 2012

Online coupon purveyor Groupon got a rude awakening early in its public-company life: The Internet darling was forced to drastically revise down earnings and to admit to several internal control weaknesses. Shareholders quickly filed lawsuits. Such suits are likely to become more common now that the JOBS Act makes it easier for companies to go public without proper control systems. More inside.
 

COSO Framework Overhaul Sparking Deeper Debates

April 24, 2012

COSO's effort to update its famed, but 20-year-old, framework for managing internal controls has sparked a deeper debate this spring about how companies should approach internal control overall. "Some of COSO's own members are critical of the draft. It speaks to the fact that these organizations took their role seriously," says Norman Marks, vice president at SAP. A closer look is inside.
 

Remaking Internal Audit to Focus More on Strategic Risks

April 10, 2012

Once upon a time, internal audit departments were busy enough with reviewing financial statements and Sarbanes-Oxley compliance. But as company risks have exploded in recent years, the modern audit department has had to reconfigure its skills and priorities to match. The emerging result: audit departments pressured to understand what drives the business and to build deeper relationships with top managers. More inside.
 

Building an Effective Global Anti-Corruption Program

March 20, 2012

What are the hallmarks of a best-in-class anti-corruption compliance program? Anti-corruption experts cite five standard elements: a risk assessment, one global set of standards, wise use of technology, a strong tone-at-the-top, and constant monitoring of effectiveness. Companies that incorporate these characteristics will go a long way toward reducing corruption risks. More inside.
 

Starting a Compliance Program From Scratch

March 13, 2012

As many compliance officers know, being a compliance department of one is difficult enough. What if you're an organization's first-ever compliance officer? How do you go about building a program from scratch? Inside, we provide some insights on getting a compliance program off the ground. A more in-depth discussion of the topic will take place at the Compliance Week 2012 conference. Details inside.
 

Rethinking Supply Chain Risk Management Strategies

February 22, 2012

Companies such as Cisco Systems are working to get more visibility into, and control over, supply chain disruption risks. The strategy: invest heavily in analytics and build risk management into the design and planning phase of that. Other businesses, alas, still lag. "Overall, most companies don't have a strategy for managing supply chain risks," says Jerry O'Dwyer, a principal at Deloitte.
 

COSO Framework Update Strives for Incremental Change

January 03, 2012

The Committee of Sponsoring Organizations' proposal to modernize its landmark framework to govern internal controls is finally here—and is being praised as much for what it doesn't change as for what it does. "I don't see companies that have already used COSO having to change anything very much," says Norman Marks, vice president at SAP. A look at the tech-centric, globalized overhaul is inside.
 

IFAC Offers Alerts on Tough Audit Issues

December 30, 2011

Guidance emerging from the International Federation of Accountants might prove useful even in the United States in the coming weeks as companies close the books on 2011 and plan for the year ahead.
 

COSO Unveils Proposed Update on Internal Controls Framework

December 19, 2011

Just in time for the holiday reading list, COSO has published a draft of its updated internal control framework, calling on companies that rely on the widely accepted framework to consider how a modernized version might work in practice and provide feedback. The updated framework should help companies adapt to increasing complexity and pace of change, COSO says. More details inside.
 

SEC Settlement Gives Insight on Internal Control Requirements

November 08, 2011

A settlement between stock exchange Direct Edge and the Securities and Exchange Commission reveals some of the SEC's latest thinking on proper internal controls. The agency accused the company of failing to invest adequately in its systems and processes, and of lacking proper backup and failover systems. As part of the settlement, Direct Edge agreed to hire a chief compliance officer who reports directly to the CEO.
 

The Reasonable Person: Internal Audit's Role in Internal Investigations

November 08, 2011

Yes, sometimes the best response to an allegation of misconduct is to commission an external investigation—but in many cases, an internal investigation will do just as well. How can you assure objectivity and independence in those cases? Inside, Compliance Week Columnist José Tabuena explores internal audit's role in serving as the "reasonable person" whose expectations are what counts in court.
 

Boards Continue to Struggle With Oversight of Risk Management

September 27, 2011

A new report suggests that boards haven't done all they would like to tackle risk-management issues. More than half of those surveyed say they don't spend enough time on them, and about the same amount say their companies still don't have a chief risk officer. Meanwhile, more than 60 percent say that personal liability risks for directors are increasing. More survey results inside.
 

House Considers More 404(b) Audit Exemptions

September 22, 2011

Republicans in Congress have filed legislation to exempt far more businesses from Section 404(b) of the Sarbanes-Oxley Act, the onerous provision to get external audits of a company's internal controls. The bill would exempt companies with market capitalizations of up to $500 million, well beyond the $75 million market cap cut-off that exists today.
 

Want Strong Controls? Start With Respect

August 16, 2011

Speaking of employee surveys—Jason Mefford, head of internal audit at Ventura Foods, writes in a guest column this week that one of the most important variables a survey should track is employees' perceptions of respect in the workplace. If you want more engaged and productive employees, he says, then focus on respect in your organization.
 

Proper Execution of an Employee Survey

August 16, 2011

Employee surveys are one of the best ways to measure corporate culture: They create data on workplace behavior, and indicate trouble spots. "What we gain out of them is a better understanding of the ethical environment in our organization," says Bob Miromonti, head of compliance at $1.5 billion Centene Corp. So how should a survey be conducted? Details inside.
 

Auditing in the Clouds, Coming Down to Earth

July 12, 2011

The move to cloud services continues to accelerate, but the shift is more than just a change in technological platforms. It fundamentally alters the way business and IT systems function. Inside, Columnist José Tabuena looks at the many challenges the cloud creates for internal audit, including a lack of security standards, and finds that no way currently exists to audit the cloud in a consistent manner.
 

Recession Didn't Harm Controls, Companies Say

June 15, 2011

Internal controls are apparently no worse for the wear following the economic crisis, and for nearly half of companies they may even be stronger, according to a new poll from consulting firm Protiviti. Nearly 90 percent of finance and audit executives who took part in the survey said internal controls suffered no ill effects from the recession.
 

How to Handle Internal Investigations

June 07, 2011

Internal investigations are a critical component of a robust compliance program; without the ability to investigate allegations of wrongdoing, your company's credibility with regulators is pretty much sunk. At Compliance Week 2011, a trio of compliance professionals shared their approaches. Their ideas and advice are inside.
 

Improving Risk Assessments and Audit Operations

June 07, 2011

OK, you've been managing Sarbanes-Oxley compliance for years and your internal controls over financial reporting are solid. What's next for the internal audit team? How do you monitor other risks? Audit and compliance executives from Disney, Office Depot, Timken, and elsewhere gave attendees at Compliance Week 2011 a glimpse into their programs. Full coverage inside.
 

SEC Publishes Study on Auditing Internal Controls

April 25, 2011

The SEC has published yet another report mandated by the Dodd-Frank Act, this one concluding that companies with market capitalizations from $75 million to $250 million should not be exempt from compliance with Section 404(b) of the Sarbanes-Oxley Act, which requires an outside auditor's review of internal controls. The report could not say whether compliance costs discourage some small companies from going public. More inside.
 

The 'Mundane' World of Internal Control

March 22, 2011

Because of misunderstandings and a lack of board oversight, critical elements of the internal control system are woefully lacking at some companies. Inside, Columnist Richard Steinberg dispels some of the myths of internal controls and explains why it's not enough to simply comply with Section 404 of the Sarbanes-Oxley Act.
 

Case Study: Tyco International’s Centralized EH&S Audits

November 23, 2010

The regulatory and compliance difficulties that accompany a single merger are challenging enough. Now imagine the hurdles that arise when acquiring hundreds of companies in the course of just a few years.
 

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor