The KnowledgeLeader Blog

As senior executives face more pressure to respond to rising costs and eroding profit margins, CFOs can remind their colleagues that they have more cost-optimizat...

Generating revenue is typically the number one goal of any business. However, as the famous adage goes, “It costs money to make money.” To that end, any business ...

Entity-Level Controls: The Importance of Setting the Tone: This blog post explains the importance of entity-level controls and explores the COSO Framework. Enter...

Tools The following tools were published on KnowledgeLeader this week: Project Risk Management Audit Work Program This sample audit program provides the intern...

According to standards set forth by the Institute of Internal Auditors (IIA), quality assessment review best practices should include an independent and external ...

Tools The following tools were published on KnowledgeLeader this week: Privacy Audit Work Program This tool contains two sample work programs that highlight ri...

What Are Financial and Credit Risks? Financial risk and credit risk are related risks that should often be (and are) considered together but are not wholly inter...

The explosion in the use of digital channels and the data they produce have caused a corresponding rise in the use of data analytics across organizations. Despite...

Tools The following tools were published on KnowledgeLeader this week: Accounts Payable Audit Work Program Organizations can use the general best-practice step...

Business can't be done, and money can't be made without taking on risks. Risk is an inevitable fact of business life. Big things, like expanding internationally o...

As businesses focus on digital transformation for speed and service, they tend to put more emphasis on individuals and interactions than processes and tools. In t...

Tools The following tools were published on KnowledgeLeader this week: IT Organization Audit Work Program This tool contains two work program samples that high...

We live and do business in a highly regulated, litigious society. It’s an inevitable but beneficial consequence of our pluralistic, capitalist system. In such a s...

Effective cost management is an essential factor for the success of any organization. For risk management and audit professionals, it is crucial to manage costs e...

Entity-Level Controls: The Importance of Setting the Tone: This blog post explains the importance of entity-level controls and explores the COSO Framework. Enter...

Maintaining transparency and accuracy in financial and operational reporting is critical to any company's compliance efforts. Two essential components of any comp...

Digital transformation is not only about embracing the latest software tools and apps; it also raises the bar in the war for talent. Organizations that want to th...

When viewed as a single corporate project or objective, governance, risk and compliance, often referred to by risk audit and accounting professionals as “GRC” for...

The beginning of the 21st century ushered in a new financial, commercial and industrial era. It was the beginning of the internet age. Powerful computer processor...

Data Security and Internal Controls In today’s digital age, breaches in data security from cyberattacks have become more prevalent and sophisticated, causing sig...

Audit Testing Needs Project Management For finance and audit professionals, project management is a core requirement for achieving effective results in audit tes...

Internal audit administration can help organizations better understand and manage risks, make better decisions, and achieve their goals more effectively. Internal...

Maintaining Control Corporate governance has become increasingly critical over the years, with organizations being assigned a growing responsibility to ensure th...

A question that companies regularly ponder: Why is customer satisfaction so important? Simply put, customers are the lifeblood of any business. Without customers,...

As risk management and audit professionals are well aware, investments and foreign exchanges can present significant challenges for companies. In the wake of the ...

If auditing critical business processes is a good thing, more auditing must be a better thing. That, at least, is the admittedly oversimplified thinking behind th...

Any number of disasters can adversely affect an organization. There are natural disasters like floods or tornados; technology disasters, including computer crashe...

At its core, vendor management is relationship management. It’s all about the relationships an organization maintains (and benefits from) between itself and exter...

Self-assessment is an organized means of using the knowledge of those who are most familiar with a topic, such as processes and controls. The self-assessment proc...

Project management is the act of applying expert knowledge, skills, tools and techniques to project activities within an organization or business to meet or excee...

In today’s modern digital age, competition in business and industry is relentless. High-level organizational performance and consistent improvement are critical t...

There can be no continuing success in modern business without rapid organizational evolution. Technology, communication, regulation and the economy all move too f...

Well-written, well-disseminated ethics policies are essential aspects of modern business. Ethics are, in fact, the foundation of all policymaking decisions. This ...

Corporate governance has traditionally been viewed as that which the board of directors does when providing oversight on strategy, policy, performance and transpa...

Defining Inventory When one thinks of inventory, the physical items in storage or warehouse facilities may come to mind. Yet the term is much broader. Inventory...

Risk at the Speed of Light There has never been a time when succeeding in business didn’t involve facing monumental challenges and taking great risks. It’s silly...

Responsible companies need to maintain the critical attributes of accountability, consistency and transparency to uphold the confidence of investors, regulators, ...

Disaster recovery is the process of rapidly recovering business operations in the event of a business interruption. The disaster recovery team of an organization ...

Credit and Collections Defined When defining credit and collections, it's best to begin with an understanding of accounts receivables, which is money owed to an ...

A Substantial Investment The modern business enterprise can’t exist without the benefit of up-to-date information technology (IT), at least not as a competitive ...

Introduction If you are reading this article, you are likely in the internal audit (IA) profession or looking to refine your internal audit practice. Or perhaps ...

It is impossible to overstate the value of information technology (IT) to the world of businesses and industries today. IT facilitates and enhances communication ...

Agile Defined Agile is a methodology that focuses on maintaining flexibility and staying in touch with clients. It recognizes that the linear approach taken in t...

What Is IT Risk? Information technology (IT) risk is any potential threat to business data, critical systems and business processes. It is the risk associated wi...

Checks and Balances The judicious segregation of key duties within a business is a fundamental principle of risk mitigation that should never be ignored or taken...

Introduction “Compliance” is defined as adherence to policies, plans, procedures, laws, regulations, contracts or other requirements within a company or organiza...

In the realm of computer science, the term data mining is interchangeable with the term knowledge discovery in data (KDD), and for good reason. There’s a tremendo...

Risk Assessment Defined Risk assessment is the identification and analysis of relevant risks to achieving objectives and forming a basis for determining how the ...

A Working Definition of Internal Controls For accounting, risk and audit, internal controls are a set of accounting best practices activities designed and implem...

Goodwill: An Elusive but Valuable Asset Goodwill might be the most valuable asset on your company’s balance sheet. It might also be the most difficult to place a...

COSO is a framework used by businesses to establish a set of internal controls for integration into their business processes. This set of controls assures that an...

While it’s true that no internal audit will ever go exactly according to plan, it is also true that audit planning is a necessary and important part of the overal...

The many ongoing risks that businesses face daily extend well beyond organizational risk and market risk to include a much longer set of risks that can be derived...

The Challenge Human resources (HR) professionals have a real and ongoing responsibility to the employees of the companies they serve. To the utmost extent possib...

Getting to the Core of Accounts Receivable Accounts receivable (AR) refers to the proceeds or payments that a company will receive from its customers who have pu...

Given the dynamic environment, the audit committee should take a close look at the company’s risk profile at least annually. Ideally, this review should be suppor...

The strength of the partnership between IT audit and the IT organization is a significant differentiator in the overall success of IT projects and IT audit effect...

Segregation of duties (SoDs) is an important concept to internal control frameworks, financial reporting and regulatory compliance, including the Sarbanes-Oxley A...

Expectations for transaction monitoring (TM) governance are quickly evolving due to the complexity of detection systems, the demand for additional operational ove...

The point of the article, of course, was that people must focus their attention in the correct places when considering what would most influence their quality of...

The chief audit executive (CAE) and internal audit can play one or more of the following roles in conjunction with the implementation of enterprise risk managemen...

WHAT DOES COSO STAND FOR? In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a COSO Framework for evaluating inter...

Written by Ann Butera, president of The Whole Person Project, Inc.     By definition, “influence” is the ability to get others to act on your suggestions wi...

Internal auditors have weighed the benefits of data analytics software since the earliest versions of the technology began to surface nearly two decades ago. The...

Chief audit executives may be comfortable that their approach to audit committee reporting has followed the same unwavering path for the past decade. But are th...

Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational ris...

In January 2013, the updated version of the Committee of Sponsoring Organizations of the Treadway Commission Integrated Internal Control Framework went into effe...

Everyone talks about the need for good risk management programs, but nobody seems to know how to audit them to ensure that they work. The people that bear respons...

Auditors often have the good fortune to go on audit assignments and client meetings throughout the U.S. and in many countries of the world. Some trips are specta...

The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and ob...

In order to be a high-performing auditor, you must be able to deliver messages in a clear and compelling manner. From kickoff meetings and status reports to inte...

The "Holy Grail" for IT has always been to be closely aligned with business efforts. For years, business has encouraged IT to focus on delivering business priorit...

Perhaps no disaster in recent history has done more to show the need for strong business continuity and disaster recovery planning than the Japan earthquake and ...

While strategy-setting defines an enterprise’s overall strategic direction, differentiating capabilities and required infrastructure, a business plan lays out ho...

Auditors can use data analytics to avoid the massive waste spending that often goes hand-in-hand with hiring outside vendors and contractors. This technique does...

Organizations have learned many lessons over the years from specific financial crises. For example, if a chief executive ignores the warning signs posed by the...

Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, which tends to be a vital compo...

Ensuring that an organization can recover from disaster is a basic business requirement the board should explore regularly with management. Nowadays, leading org...

The SEC introduced “disclosure controls and procedures” as a new term in its initial August 29, 2002, release following the enactment of Sarbanes-Oxley. Disclosur...

Everybody is talking about IT strategy these days. As IT managers, you’re faced with considerable pressure to communicate a comprehensive strategy, and show a cl...

We all know that change is inevitable, but what can an organization do to keep its strategies and risk management capabilities on the same course as the ever-cha...

Discussions of robotic process automation (RPA) and artificial intelligence (AI) tend to follow separate tracks. This has been a function of the way these technol...

Many businesses today exchange goods, services, information and knowledge using network-enabled technologies. Within such business, the proper protection of conf...

  Why are we meeting? What are the objectives of the self-assessment meeting? Defining the meeting objectives is the most important aspect of planning a self-as...

A budget is a systematic method of allocating financial, physical and human resources to achieve strategic goals. Companies develop budgets in order to monitor pr...

The focus on customer relationship management (CRM), also known as customer care or customer service, has been growing steadily for the last few years. Companies...

Cash flow management is the mobilization of company funds, the investment of these funds to produce income and compensation of the banks that support the process....

There are distinct differences between SOC 1 and SOC 2 reports, but these reports also certainly overlap. For example, the security principle in a SOC 2 report r...

Defined policies and procedures play an integral role in efficient and effective company operations. They are also key to the company’s internal control environme...

Data integrity is the assurance that information can only be accessed or modified by those authorized to access the system. Measures taken to ensure integrity in...

Project management is generally associated with the ability to apply expert knowledge, skills, tools and techniques to project activities in order to meet or exce...

The accounts payable process is all about how a company pays its bills. For most companies, accounts payable begins with receiving an invoice and ends with issuin...

Audit planning sets the tone for the audit. If audit planning hasn't been done well, it can make the entire audit much more difficult. You should be answering fou...

How many directors can name a chief risk officer who has advised them and the executive team that the organization is too risk-averse? In the digital age, not eno...

Project management risk is significant because of its lasting implications. By definition, a project is a “temporary endeavor undertaken to create a unique produc...

There are several key phases of the mergers and acquisitions (M&A) process: Growth/Portfolio strategy Due diligence Integration planning Integration execu...

Business continuity management (BCM) is the development of strategies, plans and actions that provide protection or alternative modes of operation for activities ...

Do your customers trust and believe in your company? Do you trust and believe your employees? Do your employees trust and believe in you? Trust and transparenc...

Auditing fixed assets is extremely important to ensure that accounting for capital assets and depreciation is in compliance with management’s objectives. Knowled...

Sustaining an effective business model in the face of digital disruption requires a strong foundation of IT governance able to scale and adapt to modern enterpris...

Given the complexity of the business environment, executives need to be careful to avoid overconfidence that can be bred by an expressed or implied “official” vie...

Developing risk maps, heat maps and risk rankings based on subjective assessments of the severity of impact of potential future events and their likelihood of occ...

"Close the books" is a process that a corporation uses to reconcile, consolidate and report financial information on a periodic basis. Each company defines closin...

Every audit committee should assess the effectiveness of the organization’s internal audit function at least annually, if not throughout the year. The critical ro...

Once a company forms an internal audit function, completes the risk assessment process and develops an internal audit plan that is responsive to the risk assessme...

The process of purchasing materials and supplies comprises procedures and activities to acquire goods in the correct quantity and in a timely manner. The process ...

The digital revolution currently taking place is transforming our world. Over the next few years, many organizations will need to undertake radical change program...

Making Your Risk Assessments Count: Consider the Distinguishing Characteristics of Risk Traditional risk assessment approaches don’t often address the unique ris...

An effective business process is built on a set of well-defined and clearly stated business objectives. These key objectives articulate the ideal performance resu...

Communicating with shareholders is about capital – the ability to access either equity or debt at the lowest possible cost. By understanding investor motivation a...

The audit committee of the board of directors helps the board fulfill its responsibilities to the company and its current and potential shareholders, the investme...

For directors to make meaningful contributions in their oversight of management, they need to understand the business environment within which the company operate...

“All of the blame and none of the praise” This was how one Human Resource professional described their job in a forum on tech recruiting recently. Human Resource...

Cybersecurity is likely to remain center stage as a top risk as companies continue to expand their reliance on digital technologies to transform customer experien...

Many organizations have failed to keep pace with changing trends in risk and compliance. Resource allocation for many risk and compliance initiatives implemented ...