top banner

Control Chatter                                                   April 2019
News that Control Professionals Need to Know

 Quick Links
 Internal Control online courses
ici logo
Start becoming an Internal Control professional today!
The ICI "Certification Series" has been completely updated and is available online to everyone around the world!  Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
To review the course catalog click here: ICI Course Catalog
To register for one or all of the online training programs click here:  
Online course pricing has been reduced by over 70% 
Test your Knowledge of Internal Control
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
In This Issue
The Genesis of Internal Control
ICI Announcements
COSO's Newest ERM Guidance
Three lines of defence to help with managing the risks in decision-making
Do you know how to create long-term value?
CAQ Releases Guide to Reviewing Auditors
Why good people do bad things
Rationalizing Fraud
Asset Fraud Starts With Humans and Can End With AI
Want to be a whistleblower? Read this first.
Corporate Governance For Start-Ups - Premature Or Paramount?
The Genesis of Internal Control
By Michael Pregmon, Jr., Ph.D., CICP
COO and Managing Director
Dr. Michael Pregmon, Jr.
COO and Managing Director 
Good internal control in an organization requires managing risks effectively. The overall management of risks in all organizations is a lofty challenge. This involves money and resources. Typically, organizations cannot afford to protect from all threats and risks 100%. Consequently, the risk management process involves compromises.   In fact, high cost threats may go unprotected if the risk probability of that threat is very low. And, determining the priority of all risks is the quintessential test of an internal control professional. But, this is the beginning.
Organizations, however, have various areas and activities to consider beyond the financial impact's need for good internal control. Internal control professionals recognize that there are tools available to analyze and rank financial activities/internal audit. However, few tools are available to assist professionals to analyze risks in some other areas such as COSO and ISO. But the tools that have been available have limited integration alternatives for all three GRC (government risk and compliance) requirements - COSO, ISO, and Internal Audit. Further, many of the software platforms available are often too costly for the small business operator, family owned company, and even some medium sized companies.

The Institute recently became aware of a new internal control software platform and tool.  It likely will be useful to banks, financial institutions and government agencies as well, in addition to the smaller operator.  It is extremely more cost effective compared to other internal control software platforms available.  And, it is fully integrated for risk assessment in the three areas identified above that is not currently available in one integrated package.  Most importantly, it helps to comply with regulations, establish, monitor and report systems of risk management.
Feel free to contact the Internal Control Chatter at: should you desire just more information and/or a contact about this new internal control tool.

REMEMBER - good internal control in an organization starts with effective risk management!
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at: or by phone at 727-538-4113   in the USA. 

ICI Affiliate News:

The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below:

ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification.  Individuals or companies interested in internal control training or Certification should contact:
Contact: Humphrey Chawafambira

Training Plans :

Belo Horizonte - May 13 to 17, 2019
Porto Alegre - June 3 to 7, 2019
Belém - June 24 to 28, 2019
Fortaleza - July 1 to 5, 2019
Curitiba - July 15 to 19, 2019

For more details on planned training please on the website below, or send a message to Mr. Eduardo Person PardiniEmail:

  Training Plans:

Xi'an, Shaanxi Province - April 25 - 28, 2019
Beijing - June 19 - 22, 2019

Individuals or companies interested in inter nal control training and Certification should contact:  
Mr. Qiu Jianting
Room 1039, Block A, Jinmao Building, No. 18, 
Xizhimenwai Street,
Xicheng District, Beijing, China
Zip Code: 100044
Mobile phone: 13810588109


Training Plans :

In partnership with IIA-Bel, ICIB started a series of lunch workshops about how the various principles of the COSO 2013 can be developed in the organizations.  Each session contains a one hour discussion on the adequate design of the IC system component, illustrated by ICIB, and 1 hour discussion about the evaluation / audit of this component by an IIA-Bel representative.  After completion of the 6 workshops, a summary of the findings will be published in a White Paper issued by both institutions.  Given the success of these sessions, a second series of workshops will be organized later this year.

ICIB also organized a CICS in house training for the internal audit team of the province of Hainaut-Belgium; the CICS exam scores were exceptionally high for this group of candidates

For more information on scheduled training and exams please contact Mr.Yves Dupont of ICI Belgium at: 
For more information on upcoming activities in this area please contact Mr. Summit Goyal of  ICI India at :
Phone: +91 9810575613

Myanmar and Cambodia:
Better Business Governance - APAC PTE LTD (BBG) has become a representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia.  Better Business Governance will be responsible for all development activities, including professional training and Certification.  For more information on upcoming activities in this area please contact:
Better Business Governance
Mr. Sanjeev Gathani
1 Claymore Drive
#08-14, Orchard Towers (Rear Block)
Singapore 229594
For more information on upcoming activities in this area please contact the following:
Antonio Salas Hernandez CICP,  Email: 
Joaquin Prendes Herrera, Email: 

Middle East:

The CICS exam is now being  provided in Arabic.  Osool Training and Consulting has courses and testing available in Jordan, Libya, Muscat, Sudan, Qatar, the United Arab Emirates, Kuwait and Palestine. 

CICS Training Class March 2019 Libya

CICS Training Class March 2019 Jordan

Training Plan 2019
Certified Internal Control Specialist (CICS) Certification Preparation Programs are scheduled as follows:

Cairo, Egypt - June 30 - 4 July, 2019

Interested applicants in that region should contact Osool for scheduling for future programs.  For additional information on scheduled ICI Certification and program sessions, please contact:
Lina Salameh
Assistant General Manager
O SOOL for Training & Consulting
Mob Oman:  +968 95 98 98 20
Mob Jordan: +962 7 99589666
Tel:   +962 6 5927171 Ext. 107
Fax:  +962 6 5927172

Leadway Consulting conducts CICS training sessions and examinations in Nigeria. For more information on upcoming activities in Nigeria  please contact:
Mr.  Joel Aluko


For more information on activities in Pakistan individuals or companies should contact : Muhammad Farooq Hammodi


CICS Examination to be held in Bucharest on 6 December 2019
CICS Training Course to be held in Bucharest from 28 to 30 October 2019

For more information on activities in Romania contact : Cosmin Serbanescu at the National Institute for Internal Control in Romania.
Tel:  + 40 752 525 525


Singapore, Malaysia, Indonesia and Taiwan:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.  

Individuals or companies interested in internal control training or Certification should contact:
General enquiries for all 4 markets -
Singapore - Mr. Bob Seetoh -
MalaysiaMr. Melvin
IndonesiaMr. Barry Dingga -
Taiwan - Ms. Mickey Tai -


        CICS Training course to be held in Istanbul 15 and 16 June 2019.

For detailed information on scheduled ICI Certification and program sessions, please contact ICI Turkey  below:

Ms. Ilknur Tunc,  VP -
Dr. Bertan Kaya -
GOP Mahallesi, İran Caddesi, Karum İs Merkezi
No:21, D Blok, 4. Kat, D:398-399

+90 (312) 4425015 T
+90 (533) 4474444 D
CICS Training course to be held in HCM City over 4 days:
25 & 26 May and 1 & 2 June 2019

CICS examinations to be held in Vietnam: 
11 April 2019
27 June 2019
12 September 2019
19 December 2019

For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology,  Level 5 , 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Office: 848 3803 5020 - 848 3512 9371 - 848 3512 7652

For more information on activities being planned please contact:
Mr. Proctor Nyemba at:

Internal Control Chatter  
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
COSO's Newest ERM Guidance 
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released Enterprise Risk Management-Integrating Strategy with Performance in September 2017 to emphasize the importance of enterprise risk management (ERM) in strategic planning, as well as the necessity of incorporating risk management throughout an organization. Much of COSO's thought leadership on ERM has stemmed from a survey that it conducted in 2010, which found that only 28% of respondents believed their organization's implementation was "systematic, robust, and repeatable" or was regularly reported to their board of directors . COSO partnered with PricewaterhouseCoopers for the 2017 updates, and some of the great free resources provided on both COSO's and PricewaterhouseCoopers's websites are presented in this month's column.
Three lines of defence to help with managing the risks in decision-making
April 4, 2019
Regulatory reviews of organisational failings inevitably focus on why risks were not effectively identified, measured, monitored or managed. The risks are the same for policy-makers. The Three Lines of Defence model for risk-management is a way to ensure policy doesn't fail.
Increased use of technology, new ways of working and changing regulatory and stakeholder expectations are creating new stresses on how risk is considered in decision-making.  Regulatory reviews repeatedly highlight lack of clarity around governance and risk-management responsibilities and capabilities, plus weak risk culture, as the underlying causes of organisational misconduct.  Consequently, how well (i.e., clearly) the roles and responsibilities for risk are expressed and monitored is under increased scrutiny for their effect on organisational effectiveness.
Do you know how to create long-term value?
April 8, 2019
Take this quiz to find out how much you know about how the CGMA Business Model Framework helps boards, senior executives, and support staff gain an understanding of their organisation's business model at a time of change.
Take the Quiz  
CAQ Releases Guide to Reviewing Auditors
By Vincent Ryan
April 2, 2019
There continues to be interest from investors, regulators, and others regarding how audit committees perform their responsibilities, says the CAQ.
How much of a role do companies play in ensuring the quality of external audits? A big one, according to the Center for Audit Quality.
The public advocacy organization on Tuesday released its updated  external auditor assessment tool, which was last published in 2017.
In the intro to the 32-page document, the CAQ makes clear that " audit committees should regularly evaluate the external auditor ... in order to make an informed recommendation to the board whether to retain the [audit firm]." An assessment should be conducted "at least annually," according to the CAQ.
Why good people do bad things: a lesson in business ethics
by Jen Hantz 
Business students gathered in the Gentile Gallery to learn about the do's and don'ts of good business ethics at 5 p.m. on Monday, April 1.  In his talk titled "Why good people do bad things," Doug Perry, who graduated from Cornell University with a degree in law and who is on the advisory board for the business department, laid out the ground rules and proper ethics managers do not often consider when running a business. "Most people think that they would never act unethically in the business world, especially coming out of Franciscan," said Perry, opening his talk with the main dilemma at hand. He advised that companies should not talk about the rules but about ethics.
Rationalizing Fraud
How Thinking Like a Crook Can Help Prevent Fraud 
The well-known fraud triangle framework includes three distinct components-perceived pressures, perceived opportunities, and rationalizations-but until recently very little was known about perpetrators' rationalizations. The authors discuss the verbalizations used by fraud perpetrators to convince themselves that they are doing nothing wrong, as well as how fraud-related theories from the social sciences can inform the accounting profession. They argue that understanding the techniques that allow fraudsters to justify their crimes may prove to be the missing piece of the fraud prevention puzzle, and that better understanding of rationalizations could help corporate governance experts and auditors strengthen their antifraud programs.
Asset Fraud Starts With Humans and Can End With AI
Discovering the crimes and recovering stolen assets can be aided through forensic accounting along with artificial intelligence.
By Sheri Fiske Schultz and Katie Gilden
April 17, 2019
When it comes to occupational fraud, corporate corruption and financial statement fraud; they make headlines. But, the most common type of fraud-and most likely to affect your company-is asset misappropriation. Asset misappropriation, which includes cash and inventory theft schemes, occurs in more than 83 percent of all reported fraud cases. The most common type of asset misappropriation frauds are billing schemes and the costliest type is check tampering. The good news? Discovering the crimes and recovering stolen assets can be aided through forensic accounting along with artificial intelligence.
Want to be a whistleblower? Read this first
Legal experts and whistleblowers share advice on how to say something when you see something
April 11, 2019 
On Aug. 22, 2001, Enron vice president Sherron Watkins presented CEO Ken Lay with documents and a summary of facts regarding the Houston-anchored energy company's accounting problems. The scandal would eventually bring down Enron.  Watkins thought Lay would consult with accounting and legal experts and realize Enron had manipulated its financial statements and likely committed fraud. She also expected her boss would form a crisis management team, figure out the salvageable business lines and brace for a financial tsunami.  Of course, Lay took no such actions. Enron soon imploded, declaring bankruptcy on Dec. 2, 2001, and cemented itself in the annals of corporate America as a classic case of greed and hubris.
Corporate Governance For Start-Ups - Premature Or Paramount?
For a start-up, corporate governance from the start is as important as breaking even
April 7, 2019
Legal and accounting responsibilities may not be a high priority for the bootstrapped start-up, due to inadequate human resources or financial capacity. Things heat up when investors' requests need to be suitably accommodated, vendors default on contracts, and ESOPs need to be negotiated. So how can start-ups establish discipline within accounting, finance, and legal realms without diluting the focus on problem-solving, strategy and operations?  Are only mature companies required to focus on regulatory requirements?
Corporate governance requirements are dynamic, evolving, and should be commensurate with the size and scale of the start-up. In the early stages, the start-up may need assistance in incorporation, in choosing the most efficient corporate structure or in understanding the benefits and process of registering with the DIPP.  As the start-up gains traction, builds a team and earns revenue, GST registration and compliance with labor laws become important. Fund-raising can be made seamless with the right choice of financial instruments, expertise in negotiating term sheets and an understanding of valuation. Policies to prevent money laundering, bribery and employee harassment need to be considered by maturing start-ups. 
Control Quotes
Time management is an oxymoron. Time is beyond our control, and the clock keeps ticking regardless of how we lead our lives. Priority management is the answer to maximizing the time we have. 
John C. Maxwell
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
ici logo The Internal Control Institute™ (ICI) is a worldwide organization  devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.  Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance.  Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.