Home > Risk > The most-viewed posts on Norman’s IIA Blog

The most-viewed posts on Norman’s IIA Blog

February 11, 2011 Leave a comment Go to comments

I recently posted a list of the top posts on my personal blog. Today, I want to share a list of the top posts, in terms of views, on my IIA blog.

1 What is “Risk-based” Auditing? 2304
2 Lessons for Internal Auditors From the Lehman Brothers Saga 2219
3 Let’s Talk About Governance 1748
4 Risk and Control Issues Commonly Overlooked by Internal Auditing 4: Linking Strategy to Execution 1529
5 Risk and Control Issues Commonly Overlooked by Internal Auditing 2: The adequacy of risk management 1454
6 Updating IIA Guidance on Continuous Auditing/Monitoring 1322
7 Building the Audit Plan Around Assurance on Governance, Risk Management, and Related Controls 1274
8 Is Internal Audit Meeting the Challenge? Perhaps Not! 1242
9 The Institute of Internal Auditors’ Tone at the Top Defines GRC and Gets It Right 1229
10 Food for Thought on Risk Appetite 1010
11 A Risk Assessment Tool for Auditors and Risk Officers 1004
12 How Do You Determine Whether the Risk Management Process Is “Effective”? 953
13 A Useful Framework for Assessing Your Risk Management Program 810
14 My Ideal Internal Audit Department 800
15 Risk and Control Issues Commonly Overlooked by Internal Auditing 3: People 731
16 A Challenging View of Internal Auditing 718
17 Risk Intelligence: Two Fine New Publications From Deloitte 709
18 A Strategic Plan for Internal Audit 689
19 King III: A Great Step for Corporate Governance? 665
20 Risk and Control Issues Commonly Overlooked by Internal Auditing 5: Management 650

 Which posts did you find most and least interesting? Are there topics you would to see covered in 2011?

  1. Keith Ouellette
    February 11, 2011 at 12:40 PM

    Being responsible for SOX & Internal Controls in a Business Unit of a large conglomerate, I have experienced risk-based auditing, both internal and external, working with our Governance area on supporting enterprise-level controls and the Compliance area for all issues raised in our Business Unit. So, GRC is well engrained in our corporate culture and top-down approach to assess risk.

    Since our Business Unit is well under the threshold regarding materiality, some of our risks remain “under the radar.” What I would like to see in future posts and surveys is how other Companies deal with risk assessment within their own Business Unit. From my point of view, materiality should be evaluated in relation to “the part, not the whole.”

    Most Business Unit auditors struggle with the concept of when we should elevate issues, to whom, when and how??? In my opinion, we should be responsible for raising issues to Senior Management, making appropriate recommendations for corrective action and requiring a Remediation Plan to be put in place by middle management. Should operational control issues be raised in the Control Self-Assessment process if considered insignificant for the Company as a whole?

  1. February 11, 2011 at 1:55 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: