top banner

Control Chatter                                                   October 2018
News that Control Professionals Need to Know

 Quick Links
 *All New* Internal Control online courses
ici logo
The ICI "Certification Series" has been completely updated and is available online to everyone around the world!  Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
To review the course catalog click here: ICI Course Catalog
To register for one or all of the online training programs click here:  
Online course pricing has been reduced by over 70%, so get started today! 
****Limited Time Only****
Test your Knowledge of Internal Control
*** Take the  Internal Control Knowledge Mini-Assessment ***
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
In This Issue
All New Internal Control online courses
Internal Control Emergency
ICI Announcements
5 cybersecurity frameworks accountants should know about
Equifax Data Breach, One Year Later: Obvious Errors and No Real Changes
Former Swiss Bank Executive Sentenced to Prison for Role in Billion-Dollar International Money Laundering
Yellow Book meets yellow cake and all sorts of delicious changes
Compliance Weaknesses Cost Capital One $100M
2018 State of the SOX/Internal Controls Market Survey
IRS Needs to Improve Data Controls
China's New e-Commerce Law: Businesses Should Ready for Stronger Compliance Norms
Promoters of 73,000 companies may face action
How storytelling can increase support for whistleblowers
Internal Control Emergency
By Michael Pregmon, Jr., Ph.D., CICP
COO and Managing Director
Dr. Michael Pregmon, Jr.
COO and Managing Director 
We have covered the topic of fraud several times in this space.  And, for good reason.  It is on a meteoric rise!  Not only is this true on the Internet, but also in business. Consider this:
The typical organization loses five percent of its annual revenue to fraud, with a median loss of $160,000. Frauds committed by owners and executives were more than nine times as costly as employee fraud. The industries most commonly affected are banking, manufacturing, and government.  At least 10 % of business bankruptcies cited fraud as the cause according to the Office of the Superintendent of Bankruptcy in Canada.  Unfortunately, most frauds last about 18 months on average before being detected.
Fraud can be committed through any media, including mail, wire, phone, and the Internet (computer crime and Internet fraud). The international dimensions of the web and ease with which users can hide their location, the difficulty of checking identity and legitimacy online, and the simplicity with which hackers can divert browsers to dishonest sites and steal credit card details have all contributed to the very rapid growth of Internet fraud.  The Wikipedia .org online presentation provides an extensive description of fraud and embezzlement that is worth reviewing.  
Ask yourself these two questions:

1.     Is our organization prepared to meet the control challenges required in the current business environment as indicated above?

2.     Do we have trained internal control professionals who can help us meet these challenges?

We are in a different business environment today with many unique challenges.  Different strategies are required to continue with the successes we've enjoyed.
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at: or by phone at 727-538-4113   in the USA. 

ICI Affiliate News:

The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below.

Training Plans :

Curitiba - November 19-23, 2018
Brasília - November 26-30, 2018

For more details on planned training please check on the website below, or send a message to Mr. Eduardo Person Pardini


CICS Training Class Hangzhou October 18-21, 2018

Training Plans:

Beijing - November 22-25, 2018
Shanghai - November 29- December 2, 2018

Individuals or companies interested in internal control training and Certification should contact:  
Mr. Qiu Jianting
Room 1039, Block A, Jinmao Building, No. 18, Xizhimenwai Street,
Xicheng District, Beijing, China
Zip Code: 100044
Mobile phone: 13810588109


Training Plans :

Luxembourg - October 24, 2018 (in French)
Brussels - January 22, 2019 (in French)

For more information on scheduled training and exams please contact Mr.Yves Dupont of ICI Belgium at: 
For more information on upcoming activities in this area please contact Mr. Summit Goyal of  ICI India at :
Phone: +91 9810575613

Myanmar and Cambodia:
ICI is proud to announce it has entered into an agreement with Better Business Governance - APAC PTE LTD (BBG) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia. 
Better Business Governance will be responsible for all development activities, including professional training and Certification.  For more information on upcoming activities in this area please contact:
Better Business Governance
Mr. Sanjeev Gathani
1 Claymore Drive
#08-14, Orchard Towers (Rear Block)
Singapore 229594
For more information on upcoming activities in this area please contact the following:
Antonio Salas Hernandez CICP,  Email: 
Joaquin Prendes Herrera, Email: 

Middle East:
Practical Application of Control Best Practices Muscat Oman Sept 2018
Control Best Practices Muscat - Oman Sept 2018

The CICS exam is now being  provided in Arabic.  Osool Training and Consulting has courses and testing available in Jordan, Libya, Muscat, Sudan, Qatar, the United Arab Emirates, Kuwait and Palestine. 

Training Plan 2018
Certification Preparation Programs are scheduled as follows:

Certified Internal Control Specialist (CICS) Amman-Jordan October 7-16
Certified Internal Control Specialist (CICS) Muscat- Oman October 28 - Nov 1
Certified Internal Control Specialist (CICS) Tunis-Tunisia  October 6-11
Certified Internal Control Specialist (CICS)  Riyadh- KSA  November  18-22
Certified Internal Control Specialist (CICS)  Kuwait-Kuwait  November  25-29
Certified Internal Control Specialist (CICS)  Doha-Qatar December 2-6
Certified Internal Control Specialist (CICS)  Dubai-UAE    December  23-27

Interested applicants in that region should contact Osool for scheduling for future programs.  For additional information on scheduled ICI Certification and program sessions, please contact:

Lina Salameh
Assistant General Manager
O SOOL for Training & Consulting
Mob Oman:  +968 95 98 98 20
Mob Jordan: +962 7 99589666
Tel:   +962 6 5927171 Ext. 107
Fax:  +962 6 5927172

Leadway Consulting conducts CICS training sessions and examinations in Nigeria. For more information on upcoming activities in Nigeria  please contact:
Mr.  Joel Aluko


For more information on activities in Pakistan individuals or companies should contact : Muhammad Farooq Hammodi

Singapore, Malaysia, Indonesia and Taiwan:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.  

Individuals or companies interested in internal control training or Certification should contact:
General enquiries for all 4 markets -
Singapore - Mr. Bob Seetoh -
MalaysiaMr. Melvin
IndonesiaMr. Barry Dingga -
Taiwan - Ms. Mickey Tai -


CICS Training course:  Istanbul - September 22-23, 2018
CICS Certification Exam: Istanbul/Ankara - 20 October 2018

For information on scheduled ICI Certification and program sessions, please contact ICI Turkey  below:

Ms. Ilknur Tunc,  VP -
Dr. Bertan Kaya -
GOP Mahallesi, İran Caddesi, Karum İs Merkezi
No:21, D Blok, 4. Kat, D:398-399

+90 (312) 4425015 T
+90 (533) 4474444 D
CICS Training course: 15, 16, 22, 23 September 2018

CICS examinations to be held in Vietnam: 

20 September 2018
20 December  2018
04 April 2019

For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology,  Level 5 , 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Office: 848 3803 5020 - 848 3512 9371 - 848 3512 7652

For more information on activities being planned please contact:
Mr. Proctor Nyemba at:
2018 Internal Controls Training Calendar:  View the Training Calendar
Internal Control Chatter  
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
5 cybersecurity frameworks accountants should know about
Posted by Guest Blogger
Oct 24, 2018
You've seen all the news stories: Cyberattacks are happening almost daily, and they can have devastating consequences. You know you need to protect your organization's data. But where do you even start?  A cybersecurity framework can guide you in the right direction. These frameworks help you design a cybersecurity risk and controls process that is right for your organization. Whether you're interested in helping set up your own organization's cyber program, or you're interested in providing assurance on other organizations' cybersecurity systems, you should be familiar with different cybersecurity frameworks and what types of companies they're best for. 
Equifax Data Breach, One Year Later: Obvious Errors and No Real Changes, New Report Says
How the Equifax Breach Went From Bad to Worse
Equifax's massive security breach impacted as many as 143 million people.
September 8, 2018
The U.S. General Accounting Office (GAO)  today released a comprehensive report  examining the reasons for the massive breach of personal information from Equifax one year ago today. The report covers the breach and both company and governmental actions in response since.
It breaks little new ground, but summarizes an array of errors inside the company, largely relating to a failure to use well-known security best practices and a lack of internal controls and routine security reviews.
Former Swiss Bank Executive Sentenced to Prison for Role in Billion-Dollar International Money Laundering Scheme Involving Funds Embezzled from Venezuelan State-Owned Oil Company
Department of Justice 
Office of Public Affairs
October 29, 2018
Former Swiss Bank Executive Sentenced to Prison for Role in Billion-Dollar International Money Laundering Scheme Involving Funds Embezzled from Venezuelan State-Owned Oil Company  The former managing director and vice chairman of a Swiss bank was sentenced to 10 years in prison today, after previously pleading guilty for his role in a billion-dollar international scheme to launder funds embezzled from Venezuelan state-owned oil company Petróleos de Venezuela, S.A. (PDVSA).
Yellow Book meets yellow cake and all sorts of delicious changes
Posted by Guest Blogger
Oct 22, 2018
While I'm not a good baker, when I talk to CPAs who are new to the governmental auditing area and need to understand what the "Yellow Book" is, I often explain using the analogy of a multi-layered cake. The bottom layer of the cake is the AICPA auditing standards, which are the basis for most Yellow Book audits. The second layer of the cake (let's make it a yellow layer!) adds standards issued by the Government Accountability Office (GAO), known as the "Yellow Book" or Generally Accepted Government Auditing Standards (GAGAS) that build upon the AICPA rules. Finally, if your client gets federal funds, there may be a third layer of the cake that consists of compliance auditing requirements. The big news for auditors right now is that the GAO has issued a 2018 revision to the Yellow Book  which will change the ingredients for the middle layer of the cake. If you audit federal, state or local governments, or not-for-profits, whose audits are subject to the Yellow Book, you should begin updating your recipe card so your cake turns out right. 
Compliance Weaknesses Cost Capital One $100M
By C. Ryan Barber
October 23, 2018
The penalty was part of a 2015 consent order. "We have worked diligently with our bank regulators to strengthen our processes and internal controls," a bank spokesperson said Tuesday.  Capital One N.A. has  agreed  to pay $100 million to resolve a financial regulator's claims that the bank failed to address shortcomings in its systems for preventing money laundering.
2018 State of the SOX/Internal Controls Market Survey
Authors: SOX & Internal Controls Professionals Group, EisnerAmper, and Workiva
Key takeaways: 

1. The current state of SOX and internal control processes and top challenges for the year ahead

2. SOX compliance costs are slightly higher than reported in the 2016 and 2017 surveys

3. The third annual survey indicated increased co-sourcing of compliance

4, Manual processes are responsible for the majority of internal control failures, according to respondents

Download Here

WHISTLEBLOWER PROGRAM:IRS Needs to Improve Data Controls for Some Award Determinations
Oct 29, 2018
Tax whistleblowers who report on the underpayment of taxes by others have helped IRS collect $3.6 billion since 2007. Whistleblowers can claim awards of between 15 and 30 percent of the proceeds that IRS collects as a result of their information. However, before 2018, IRS wasn't required to pay whistleblowers for information that led to the collection of Foreign Bank and Financial Accounts penalties. Congress began to require IRS to pay whistleblowers for this information in February 2018.
China's New e-Commerce Law: Businesses Should Ready for Stronger Compliance Norms
The timing is important as e-commerce sales accounted for 23.8 percent of all retail sales in China in 2017, and is projected to reach 33.6 percent by 2019. As the country's  e-commerce market grows at a staggering rate, so does the need for stricter oversight and market regulation. Responding to this, the Standing Committee of the National People's Congress (NPC) passed a new law on August 31, to improve the regulation of China's booming e-commerce market. It was first reviewed in December 2016 and deliberated upon by the NPC in October 2017 and June 2018.  In this article, we highlight key changes introduced in the new e-commerce law.
Promoters of 73,000 companies may face action
By Rajat Arora
Oct 26, 2018
NEW DELHI: The government is likely to take action against the promoters of 73,000 companies in which it has detected fraudulent transactions after the demonetisation drive in 2016.  "We have identified 73,000 companies in which Rs 24,000 crore was deposited after demonetisation. The investigation is being undertaken by various agencies," minister of state for corporate affairs PP Chaudhary told ET.  "Around 1.26 lakh companies were initially identified where unusual transactions were reported, where accounts of such companies were used only to park money. But the number was reduced after preliminary probe," he said. On IL&FS, which has defaulted on debt, Chaudhary said the Serious Fraud Investigation Office (SFIO) probe is on and the government will look at the report to bring structural reforms on corporate governance. 
Read the Article
How storytelling can increase support for whistleblowers
By Hervé Stolowy, Professor of Accounting and Luc Paugam, Professor of Accounting
August 28th, 2018
Whistleblowers are often condemned by society, but they can be key to uncovering scandal. Hervé Stolowy, Luc Paugam and co-researchers Yves Gendron and Jodie Moll uncover how whistleblowers can tell their stories to better promote the positive aspects of their role for society and increase their legitimacy.  Whistleblowers expose illegal and unethical behaviour within organisations - they 'blow the whistle' on wrongdoing. In recent years, they have played important and well-publicised roles in revealing fraud and misdemeanour in large international corporations.  For example, it was the action of whistleblowers that enabled the Enron and WorldCom scandals to come to light. With this in mind, you would think that whistleblowers would be heralded for exposing organisational crimes. Instead, Professor Hervé Stolowy reports, "They are often chastised and risk job loss, career annihilation and can even find their personal safety threatened".
Control Quotes
"Incredible change happens in your life when you decide to take control of what you do have power over instead of craving control over what you don't." 
Steve Maraboli
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
ici logo The Internal Control Institute™ (ICI) is a worldwide organization  devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.  Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance.  Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.