#10 – VALUE ADDED AUDITING® – GREG HUTCHINS

What value are you offering these days?

Greg Hutchins pixThis is probably the most important question management is asking these days.  Functions and activities that don’t add value are outsourced. Quality, operational, internal, and financial audits are outsourced if they don’t add real operational and managerial value. 

Value means different things to different people.  What is important to one organization may be different to another.  One company’s best practice may be another company’s standard operating procedure. Continue reading

CERM Bootcamp Lessons Learned

We just ended our first Certified Enterprise Risk Manager(R) Bootcamp in Seattle.  Five days of risk bonding, sharing of risk information, and risk learnings.  it was a great success.

We had a number of lessons learned:

Enterprise Risk Management (ERM) is reshaping many industries from pharma, electric power, water, food, etc.  These industries are developing ERM standards.  The challenge is that many of these standards have not been deployed or adopted.

Adoption of ERM is still early in most companies.  Publicly held companies often have mature ERM as part of their internal control over financial reporting programs to comply with Sarbanes Oxley and other regulations.  The operational ERM programs are still in their infancy.

Material risks are more often in operations, technology, and IT.  Engineering, IT, quality, supply management, and other operational professionals need to learn and implement risk management in their areas.

Tell us your ERM experiences?  Are they the same as our lessons learned?

#6 – PROJECTS NEED TO BE ‘IN CONTROL’ – BY DAN SWANSON – TECHNOLOGY@RISK

Dan Swanson pixInternal auditors play a valuable role in ensuring that IT investments are well-managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project’s life cycle — not just in post-implementation assessments.

Continue reading