Control Chatter
August 2021
News that Control Professionals need to know
Quick Links
Test your Knowledge of Internal Control
The Internal Control Institute has developed two mini assessments to test your knowledge. A CICS Common Body of Knowledge Mini Assessment that helps an individual determine their knowledge as it relates to organizational governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessments also provides a measurement to the individual's readiness for CICS certification.
Start becoming an Internal Control professional today!
The ICI "Certification Series" of online courses
The ICI "Certification Series" has been completely updated and is available online to everyone around the world! Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination. To review the course catalog click
To register for one or all of the online training programs click here:
Online course pricing has been reduced by over 70%
Internal Control Chatter
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
Secretary-General signs the first Statement on Internal Controls
The Secretary-General has signed the first Statement on Internal Control for all operations of the Secretariat for 2020, marking an important milestone towards achieving greater accountability for results. The Statement on Internal Control is a public accountability document that provides reasonable assurance that the Secretariat operated under an effective system of internal control during 2020. This is a very important step towards a more systematic approach to managing control and risk as well as to increasing the effectiveness of the Secretariat. These entity assessments, and a collective review of their assessments, formed the basis for the Secretary-General’s statement on internal controls, now available publicly on the reform’s website:
Preparers are vital to the capital formation process
By ICAEW Insights
August 25, 2021
The American Accounting Association (AAA) played host to a stellar line-up in a session that interrogated the role of preparers of financial information in the financial reporting system.
The quality of financial reporting is the product of a whole system, not just the parts that lie within the profession, emphasised a panel of financial reporting heavyweights at an AAA annual meeting in August 2021. However, said Sarah McVay, Professor of Accounting Deloitte & Touche Endowed Professor in Accounting, Washington University, if a company invests in accounting, it thereby invests in the entire company’s performance.
How security professionals can approach risks to the financial team
By Barbara Cousins
August 19, 2021
While the acceleration of digital adoption across global organizations has greatly improved operational efficiency, one of the unintended consequences has been the vulnerability to cyber risks. CISOs and CSOs are no longer the only organizational roles worrying about hacks, breaches and other cyber concerns - now, we are seeing these worries trickle down to other disciplines. Finance teams in particular are increasingly worried about cyber issues, given the significant responsibility they have to secure and protect funds both inside and outside of their organizations.
In a recent independent survey commissioned by Flywire of 300 CFOs, VPs of Finance, Controllers and other executive-level finance professionals, respondents indicated they were just as worried about cybersecurity issues as they were with accounting issues. In the survey, 90% of respondents cited fraud, 88% cited concerns about being hacked, and 85% mentioned money laundering as their biggest cybersecurity concerns.
What’s the Difference between Compliance and Ethics?
August 18, 2021
Some might see it as an irrelevant exercise to dig into the nuances separating compliance and ethics, but there are differences. And it’s important to understand them, as a solid ethical compliance program can be highly advantageous to your organization.
What is compliance?
When it comes to corporate governance, compliance is defined as obeying the law. It is something that the government requires you to do, but often the laws can be confusing. An article in ethikos, the journal of business practice ethics, beautifully presents an example of this challenge:
“There will never be enough corporate resources to ensure each employee is following every law all of the time. What’s more: Not all laws have clearly delineated rules that can be followed easily. Under the Foreign Corrupt Practices Act (FCPA), for example, bribing a foreign official is a crime, but the FCPA does not provide a specific dollar amount for gifts and gratuities to foreign officials.”
In this case, your compliance organization would need to oversee and manage the employees’ opportunity to commit bribery. While it may not be illegal to provide some ‘generous gifts’, it would fall to your compliance organization to prevent misconduct.
What is ethics?
Ethics is doing what’s right – not just because of the wording of the government or law. Ethics is something you individually choose to consider before you take action; it’s the expressed intention to observe the law. A lack of ethics amongst employees and stakeholders can be disastrous to any organization.
SEC Cybersecurity Enforcement Action Underscores Why Cybersecurity Whistleblower Disclosures Should be Protected under SOX
By Jason Zuckerman and Katherine Krems
Wednesday, August 18, 2021
There is mixed authority on whether the Sarbanes-Oxley whistleblower protection law protects disclosures about inadequate cybersecurity. Last year, in an unpublished decision, the Third Circuit held that SOX does not protect disclosures about information security vulnerabilities. In that case, the employee identified and pressed for the resolution of concerns about access authorization and server stability. At trial, he argued that he reasonably believed those concerns evidenced an undisclosed material weakness in internal controls and could have led to inaccurate financial reporting, in violation of SEC rules. The court disagreed, reasoning that the employee’s disclosures did not relate to any of the enumerated laws within the ambit of Sarbanes-Oxley Act protected conduct. Some cybersecurity whistleblowers, however, have fared better in persuading judges that SOX protects whistleblowing about deficient information security controls. See, e.g., Prioleau v. Sikorsky Aircraft Corp., ARB Case No. 10-060 (ARB Nov. 9, 2011) (holding that disclosures about deficient information security are protected under SOX). The SEC’s recent enforcement against Pearson plc, for misleading investors about a cyber-intrusion and for failing to maintain adequate disclosure controls and procedures suggests that whistleblowing about cybersecurity at a public company implicates violations of SEC rules and therefore should be deemed protected conduct under SOX.
COSO issues guidance document on Enterprise Risk Management for Cloud Computing
August 9, 2021
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Crowe LLP, has developed new ERM guidance: ‘Enterprise Risk Management for Cloud Computing’. This provides a roadmap for establishing cloud computing governance leveraging the principles of COSO’s ‘Enterprise Risk Management (ERM) – Integrating with Strategy and Performance framework’. The use of the COSO enterprise risk management framework enables cloud computing to be integrated with the organization’s ERM function. The guidance explains how to apply the COSO ERM framework by evaluating each component as well as the 20 principles to cloud computing governance. As noted in the guidance, those organizations that have not yet created a cloud governance program can do so at any time and continue to refresh as changes occur. By incorporating cloud governance into the organization’s cloud computing processes, the organization is better positioned to manage risks that threaten the strategy and objectives of the organization
Internal controls lag in the face of transformation: KPMG
By John Buckley  
August 11, 2021 
A new poll conducted by KPMG that surveyed nearly 300 respondents from across 100 organisations — financial risk managers, accountants, internal auditors and compliance managers among them — found that nearly half had yet to automate internal controls. Rowena Craze, KPMG’s partner in charge of governance, risk and controls advisory services, said the trend urgently needs to change. “While some companies have already advanced to a system of artificial intelligence-enabled controls, many others urgently need to start the automation process,” Ms Craze said. “We would advise these organisations to start by identifying where the current pain points are experienced by the business. “Especially those that are manually labour intensive — such as collating data from multiple sources and manual reconciliations — or known control points of failure. These are potential target areas where businesses can start to assess the feasibility of automating controls.”
Beyond automation, the poll also found that internal controls continue to go undocumented, and were in some cases unclear. More than a third of respondents described their internal controls as either basic or rudimentary, while more than two-thirds said it wasn’t clear who was responsible for their organisation’s controls standards. Meanwhile, 85 per cent of respondents said their organisation’s internal controls were only partly documented, if at all.
SEC Alleges Employer’s Compliance Manual Violates Rule 21F-17
August 11, 2021
On June 23, 2021, the SEC announced that Guggenheim Securities, LLC (“Company”) agreed to settle charges that it violated Rule 21F-17 by including language in its compliance manual and training materials that allegedly prohibited employees from contacting regulators without prior Company approval. Without admitting or denying the findings in the SEC’s order, the Company consented to a cease-and-desist order, a censure, and a civil penalty of $208,912.

The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications
recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class
programs and its intellectual property to affiliates free of charge and shares all program
revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at or by phone at 727-538-4113 in the USA.

Below is a list of WorldWide Affiliates currently serving the profession. If your area is not represented please consider partnering with ICI
2021 Certification Training Program & Exams

ICI and affiliates around the world have a busy training program scheduled for 2021. For more details on the CICS Training programs on offer visit the Events page on our website by clicking on the link below.

ICI World Wide Affiliates

Contact: Mr Aminur Rahman
Tel: +88 01749 400600
Contact: Soulémane BABA DAMAGUI
Tel: +0022997492600
Contact: Mr Humphrey Chawafambira
Tel: +267 75618647
Contact: Mr Eduardo Person Pardini
Tel: +55 11 2599 8360
Contact: Mr Eric Kamegne
Tel: +237 658 292 978
The website of ICI Cameroon is now operational

Our first CICS session in April is online only
Contact: Mr Qiu Jianting
Tel: 400-098-1119 or 010 68004176
Contact: Mr. Yves Dupont
Tel: 0032 2 305 35 25
Contact: Mr Summit Goyal
Tel: +91 9810 575 613
Contact: Mr Nereo Guzman Mendoza
Tel: +52 811 181 3514
Middle East
Contact: Mr Belal Abdul Jabbar
Tel: +962 6 5927171
Myanmar & Cambodia
Contact: Mr Sanjeev Gathani
Tel: +65 9655 4633
Contact: Mr Joel Aluko
Contact: Mr Muhammad Farooq Hammodi
Contact: Mr Cosmin Serbanescu
Tel: +40 752 525 525
Singapore, Malaysia, Indonesia & Taiwan China
Contact: Mr Bob Seetoh
South Africa
Contact: Ms Sedie Jane Masite
Email: or
Contact: Ms Nadia Yaich
Contact: Ms Ilknur Tunc
Tel: +90 312 442 50 15
Contact: Mr Jesus Salazar Ras
Tel: +58 426 737 8096 or + 58 416 291 3788
Contact: Mr Nguyen Thanh Tung
Tel: 848 3803 5020
Contact: Dr Proctor Nyemba
Tel: +263 4 443124
Control Quotes:
People who think they know everything are a great annoyance to those of us who do.
Isaac Asimov
About ICI
The Internal Control Institute™ (ICI) is a worldwide organization devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.
Visit us on the web at the Internal Control Institute
Facebook Join My List Logo