The most-viewed posts on Norman’s IIA Blog
I recently posted a list of the top posts on my personal blog. Today, I want to share a list of the top posts, in terms of views, on my IIA blog.
Which posts did you find most and least interesting? Are there topics you would to see covered in 2011?
Advertisements
Being responsible for SOX & Internal Controls in a Business Unit of a large conglomerate, I have experienced risk-based auditing, both internal and external, working with our Governance area on supporting enterprise-level controls and the Compliance area for all issues raised in our Business Unit. So, GRC is well engrained in our corporate culture and top-down approach to assess risk.
Since our Business Unit is well under the threshold regarding materiality, some of our risks remain “under the radar.” What I would like to see in future posts and surveys is how other Companies deal with risk assessment within their own Business Unit. From my point of view, materiality should be evaluated in relation to “the part, not the whole.”
Most Business Unit auditors struggle with the concept of when we should elevate issues, to whom, when and how??? In my opinion, we should be responsible for raising issues to Senior Management, making appropriate recommendations for corrective action and requiring a Remediation Plan to be put in place by middle management. Should operational control issues be raised in the Control Self-Assessment process if considered insignificant for the Company as a whole?