A “quandary” is an interesting word meaning: a state of perplexity or uncertainty over what to do in a difficult situation. A quandary is also what many internal auditors find themselves facing when they audit GRC capabilities. This GRC Illustrated column from Compliance Week and OCEG helps auditors answer the questions, “How can we know if a capability is designed effectively when as auditors we may not be experts in the detailed activities of GRC capabilities? Who should provide the assurance?”
Jason Mefford
Posted inRisk Management
Lessons From Winnie the Pooh on Risk Assessments
I have spent almost twenty years as an auditor; externally, internally, or training auditors. When discussing the subject of risk assessments and annual audit plan development, I am reminded often of a quote from Winnie the Pooh. “Here is Edward Bear, coming downstairs now, bump, bump, bump, on the back of his head, behind Christopher […]
Posted inEthics & Culture
Want Strong Controls? Start With Respect
My experience over the last several years in corporate governance and internal audit finds that developing a culture of respect in the workplace is critical for a strong control environment. You can even find that expressed right in the COSO Internal Control Framework: “Control environment factors include the integrity, ethical values, and competence of the […]