Norman’s most popular 2011 posts

These are the posts on my personal blog that obtained the most views. The #1 post, on risk appetite, garnered nearly 3,000 views.

I will later share the top posts on the IIA blog.

1	Just what is risk appetite and how does it differ from risk tolerance?
2	10 reasons not to like the COSO ERM framework – a discussion with Grant Purdy
3	The difference between continuous controls monitoring and the continuous inspection of transactions
4	The essential ingredient to effective risk management: the culture
5	How do you evaluate your risk management program?
6	A metaphor that explains GRC
7	PwC has sound advice on Continuous Auditing
8	What is the relationship between Governance, ERM, and Internal Control?
9	New guidance on risk appetite and tolerance. I like some parts, disagree with others
10	Explaining the value of risk management
11	Risk management is not a quarterly exercise. It should be a way of life
12	A good argument by EY for improved ERM, but a poor one for GRC
13	Risks to watch in 2011
14	Excellent resources for risk (and GRC) professionals
15	Is Internal Audit lacking in leadership skills?
16	The future of the internal audit profession
17	RIMS’ report on ERM standards and guidelines: a recommended read
18	Disappointed by the PwC State of the Internal Audit Profession 2011
19	Survey results: how people define GRC
20	Where should internal audit report? Should it be to the audit committee?
21	Risk-based Continuous Monitoring/Auditing – Developments
22	The solutions I would buy for GRC
23	Deloitte releases Global Risk Management Survey, on financial services institutions
24	What are the top issues for IT governance?
25	Continuous auditing that should NOT be performed by internal audit
26	KPMG reports major problems in how risk management is understood and practiced
27	Should internal audit ‘do SOX’?
28	Study reports on the Benefits of Continuous Monitoring
29	Questions to ask executives about risk management
30	People are the root cause of most risk and control issues
31	How many risks should be managed and often should you do so?
32	Enabling risk management across the organization
33	PwC explains why leading finance functions are 60% more efficient than the average
34	What is the state of internal auditing? My opinion
35	Advice from McKinsey on board dynamics and practices
36	Economist Intelligence Unit report on the maturity of risk and compliance
37	A true story of fraud and corporate culture that has implications for us all
38	PwC Global Information Security Study
39	Goldman Sachs’ 10 Principles of Effective Risk Oversight
40	Should the head of the internal audit function also direct the risk management program?
41	An effective risk tolerance, appetite, criteria, etc. statement
42	PwC reports changes are brewing in the boardroom. Are they enough?
43	Response to a guest blog on “What’s wrong with GRC?”
44	Does risk management really include the upside of potential events?
45	Just what is GRC? Please share your definition
46	Aberdeen’s report on risk management includes some interesting materials
47	Advice on board oversight of risk management
48	We need your comments to upgrade the draft COSO internal control framework
49	McKinsey survey shows board practices need improvement
50	Deloitte discusses effective board composition
51	Which came first, strategy or risk: which is the chicken and which is the egg?
52	A new study on “Effective GRC Management: Positioning your company for growth”
53	Facts, risks, and opportunities: The explosion of data about us and our companies
54	Shining the spotlight on mobile risks and opportunities
55	Can directors rely on external auditor to detect material errors in financial statements?
56	A discussion of Risk Appetite by thought leaders
57	Protiviti study on IT auditing raises more questions than it answers
58	Study assesses the cost of a data breach
59	There’s a ton of interesting content in Deloitte’s “Tech Trends 2011”
60	Chasing user access and SOD problems