top banner

Control Chatter                                                   March 2019
News that Control Professionals Need to Know

 Quick Links
 *All New* Internal Control online courses
ici logo
The ICI "Certification Series" has been completely updated and is available online to everyone around the world!  Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
To review the course catalog click here: ICI Course Catalog
To register for one or all of the online training programs click here:  
Online course pricing has been reduced by over 70%, so get started today! 
Test your Knowledge of Internal Control
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
In This Issue
Determining Your Risk Ranking
ICI Announcements
IRS's Dirty Dozen scams - 2019
Numbers Don't Lie, Until They Do
Expense report of the future reduces fraud and headaches
MoviePass Parent Cites "Material Weakness"
Leveraging Common Sense in Building an Effective ERM Program
China International reveals lapse in internal controls
Japan market watchdog seeks $1.2 million fine against Citi
FSS urges financial firms to improve internal control systems
Determining Your Risk Ranking
By Michael Pregmon, Jr., Ph.D., CICP
COO and Managing Director
Dr. Michael Pregmon, Jr.
COO and Managing Director 
Periodically at the Institute, we receive inquiries from internal control professionals asking about the best method for assessing and ranking the various risks in their businesses. And, our response typically is: "it depends upon the organization's risk appetite."
Nevertheless, there are techniques to help determine the priority of your business risks. Priorities differ from one organization to another. So, each company must evaluate this challenge individually. Companies who are geographically dispersed and/or have different operations must assess these individually by each operation as well.
There are numerous methods for performing such analyses, but three key elements must always be considered:
  1. The exposure or damage that can result from an unfavorable event.
  2. The likelihood of such an event occurring.
  3. The magnitude of the risk.
Consequently, the vulnerability and threat of each risk must be considered. Risks with the associated vulnerabilities and threats are the requirements for control. In other words, you cannot effectively develop control until you know the risks and associated vulnerabilities and threats.
The next concern, of course, is how best to prioritize your risks to enable cost effective management. A high magnitude risk may be quite costly to attain absolute control. But if the threat is relatively small, this will factor into its priority.
The three most common methods are brainstorming, risk exposure - threat diagram, and the Threat Point Matrix. Certainly, brainstorming risk exposure for priority ranking is typically the most frequent method used. But, the Threat Point Matrix is a more informative tool used to identify points in systems that have high risks of loss due to control weaknesses.
The technique involves building a matrix. On one dimension are the control points and the 
other dimension potential points of threat. By identifying the points with the highest probability 
of loss, organizations are given insight into where business systems are most likely to experience loss.
The use of the threat point matrix enables us to rank the points in sequence at which we 
believe the large losses will occur. Thus, the point ranked higher will get the most control resources. Further, we likely will place an emphasis on installing controls at the highest risk point, since we may not have resources to install positive control at all points within our operations.
The Internal Control Common Body of Knowledge (CBOK) provides an excellent description 
of this tool in section This is an excellent process to have in your internal control toolbox.
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at: or by phone at 727-538-4113   in the USA. 

ICI Affiliate News:

The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below:

ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification.  Individuals or companies interested in internal control training or Certification should contact:
Contact: Humphrey Chawafambira

Training Plans :

Rio de Janeiro  - April 1 to 5, 2019 
Brasília - April 22 to 26, 2019
Belo Horizonte - May 13 to 17, 2019
Porto Alegre - June 3 to 7, 2019
Belém - June 24 to 28, 2019
Fortaleza - July 1 to 5, 2019
Curitiba - July 15 to 19, 2019

For more details on planned training please on the website below, or send a message to Mr. Eduardo Person PardiniEmail:

  Training Plans:

Xi'an, Shaanxi Province - April 25 - 28, 2019
Beijing - June 19 - 22, 2019

CICS Training Class Hangzhou March 2019.
CICS Class Hangzhou March 2019.

CICS Training Class Beijing March 2019

Individuals or companies interested in inter nal control training and Certification should contact:  
Mr. Qiu Jianting
Room 1039, Block A, Jinmao Building, No. 18, 
Xizhimenwai Street,
Xicheng District, Beijing, China
Zip Code: 100044
Mobile phone: 13810588109


Training Plans :

For more information on scheduled training and exams please contact Mr.Yves Dupont of ICI Belgium at: 
For more information on upcoming activities in this area please contact Mr. Summit Goyal of  ICI India at :
Phone: +91 9810575613

Myanmar and Cambodia:
ICI is proud to announce it has entered into an agreement with Better Business Governance - APAC PTE LTD (BBG) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia. 
Better Business Governance will be responsible for all development activities, including professional training and Certification.  For more information on upcoming activities in this area please contact:
Better Business Governance
Mr. Sanjeev Gathani
1 Claymore Drive
#08-14, Orchard Towers (Rear Block)
Singapore 229594
For more information on upcoming activities in this area please contact the following:
Antonio Salas Hernandez CICP,  Email: 
Joaquin Prendes Herrera, Email: 

Middle East:

The CICS exam is now being  provided in Arabic.  Osool Training and Consulting has courses and testing available in Jordan, Libya, Muscat, Sudan, Qatar, the United Arab Emirates, Kuwait and Palestine. 

Certified Internal Control Specialist Training Dubai-UAE Feb 2019
Training Plan 2019
Certified Internal Control Specialist (CICS) Certification Preparation Programs are scheduled as follows:

Muscat, Oman - April 7 - 11, 2019
Tunis, Tunisia - April 7 - 11, 2019
Cairo, Egypt - June 30 - 4 July, 2019

Interested applicants in that region should contact Osool for scheduling for future programs.  For additional information on scheduled ICI Certification and program sessions, please contact:
Lina Salameh
Assistant General Manager
O SOOL for Training & Consulting
Mob Oman:  +968 95 98 98 20
Mob Jordan: +962 7 99589666
Tel:   +962 6 5927171 Ext. 107
Fax:  +962 6 5927172

Leadway Consulting conducts CICS training sessions and examinations in Nigeria. For more information on upcoming activities in Nigeria  please contact:
Mr.  Joel Aluko


For more information on activities in Pakistan individuals or companies should contact : Muhammad Farooq Hammodi


CICS Examination to be held in Bucharest on 6 December 2019
CICS Training Course to be held in Bucharest from 28 to 30 October 2019

For more information on activities in Romania contact : Cosmin Serbanescu at the National Institute for Internal Control in Romania.
Tel:  + 40 752 525 525


Singapore, Malaysia, Indonesia and Taiwan:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.  

Individuals or companies interested in internal control training or Certification should contact:
General enquiries for all 4 markets -
Singapore - Mr. Bob Seetoh -
MalaysiaMr. Melvin
IndonesiaMr. Barry Dingga -
Taiwan - Ms. Mickey Tai -


        CICS Training course to be held in Istanbul 15 and 16 June 2019.

For detailed information on scheduled ICI Certification and program sessions, please contact ICI Turkey  below:

Ms. Ilknur Tunc,  VP -
Dr. Bertan Kaya -
GOP Mahallesi, İran Caddesi, Karum İs Merkezi
No:21, D Blok, 4. Kat, D:398-399

+90 (312) 4425015 T
+90 (533) 4474444 D
CICS Training course to be held in HCM City over 4 days:
25 & 26 May and 1 & 2 June 2019

CICS examinations to be held in Vietnam: 
11 April 2019
27 June 2019
12 September 2019
19 December 2019

For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology,  Level 5 , 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Office: 848 3803 5020 - 848 3512 9371 - 848 3512 7652

For more information on activities being planned please contact:
Mr. Proctor Nyemba at:

Internal Control Chatter  
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
IRS's Dirty Dozen scams - 2019
By Sally P. Schreiber, J.D.
March 19, 2019
As it has done for several years now, the IRS issued an updated list of "Dirty Dozen" tax scams for 2019. For the third year in a row one of the biggest scams is phishing attempts. Phone scams also figure prominently, with criminals making threatening phone calls to innocent taxpayers.
Here are the 2019 Dirty Dozen:
Numbers Don't Lie, Until They Do
A good number of controllers, financial analysts, accountants, and auditors don't completely trust the accuracy of their company's financial data.
March 21, 2019
For many years, the U.S. Securities and Exchange Commission has required the CFO of a public company to certify the accuracy of the organization's financial statement, providing confidence to investors in the report's quality. This much-valued guarantee of  corporate responsibility  testifies to the robustness of the company's  internal control  structure and systems.  However,  recent research  by BlackLine revealed a surprising lack of confidence within finance departments in the numbers being reported.  According to a survey we commissioned of more than 1,100 C-level executives and finance professionals, 71% of C-level executives completely trust the accuracy of their financial data. However, only 38% of finance professionals - the people preparing the statements and reports - share that opinion.  The findings are evidence of a disconnect about the accuracy of the data. That's dangerous at a time when many companies are transforming around data to make more informed business decisions. 
Expense report of the future reduces fraud and headaches
March 25, 2019 
It sounds like it should have been impossible to miss, but it took more than a year for an industrial equipment company to discover $12,000 worth of doggie day spa charges on an employee's expense reports.  Level upon level of corporate management also failed to detect that the same employee was running a scheme to sell more than $200,000 in company equipment on eBay.
Only a fraction of expense reports are closely examined, so it is no wonder that companies experience more than $7 billion in annual losses from fraud, according to the Association of Certified Fraud Examiners. By using robots, instead of relying on random spot checks, companies are catching fraud more than twice as fast and fraud losses are halved, said Andi McNeal, director of research for the Association of Certified Fraud Examiners.
MoviePass Parent Cites "Material Weakness" In Its Accounting Controls, Restating Results With Lower Revenue, Wider Net Loss
by  Dade Hayes

The hits just keep coming for MoviePass. Its parent company, Helios and Matheson Analytics, has restated the financial results it previously reported for the quarter ending last September 30 to reflect lower revenue and a wider net loss. In a succinct SEC filing, the owner of the wayward movie ticketing firm said its management "has determined that a material weakness relating to subscription management existed in the company's internal control over financial reporting." As a result, the actual quarterly revenue figure should have been $74.7 million, 8% lower than the $81.3 million that was reported. Net losses of $146.7 million were 7% higher than the figure that was reported.

Leveraging Common Sense in Building an Effective ERM Program 
Since the enactment of the Sarbanes-Oxley Act of 2002 (SOX), public companies have taken steps to strengthen their internal controls over financial reporting and enhance their ability to comply with rules and regulations. For the past two decades, in response to accounting and corporate scandals as well as increased enforcement of Foreign Corrupt Practices Act of 1977 (FCPA) violations by the SEC and Department of Justice (DOJ), there has been an increase in corporate boards' awareness and management's focus in governance and risk management. Specifically, beyond basic internal controls, companies are taking preventive measures to manage their potential risks of fraud and noncompliance by implementing anti fraud  policies and procedures, staying on top of relevant compliance requirements, and leveraging periodic fraud awareness training to keep employees informed of their roles and responsibilities.
China International reveals lapse in internal controls over share buybacks
By Lee Meixian
MAR 07, 2019 
WATER services company China International on Thursday said that there has "regrettably" been a lapse in internal controls in conducting its various share buybacks from Dec 21, 2017 to Oct 16, 2018, which led the company to inadvertently breach listing rules of the Singapore Exchange (SGX).
The board has since conducted a review of its internal control policies and taken rectification measures to ensure that similar breaches will not occur again.
Japan market watchdog seeks $1.2 million fine against Citi, alleges JGB manipulation
Japan's SESC market watchdog said on Tuesday it had recommended a $1.2 million fine against the British unit of Citigroup Inc for alleged manipulation of Japanese government bond (JGB) futures prices. The incident marks the latest crackdown by Japanese authorities over alleged attempts to manipulate prices in the JGB futures market. The SESC said an employee of UK-based Citigroup Global Markets Limited made buy and sell orders for 10-year JGB futures without the intention to execute. The SESC recommended a penalty of 133 million yen. Citigroup said it takes the recommendation seriously. "Citi will place the utmost priority on further enhancing governance and internal control to comply with the financial regulations and directives," it said in a statement.
FSS urges financial firms to improve internal control systems
By Ram Garikipati
March 26, 2019
A senior financial regulator on March 26 called for financial firms to improve their internal control systems and governance structures, citing various risks that could weaken the nation's financial system.  Won Seung-yeon, deputy governor of the Financial Supervisory Service, made the remarks at a meeting with executives of securities and asset management firms earlier in the day.
"Given economic conditions at home and abroad, there are many factors that could pose a systemic risk to the capital market," Won said, without elaborating.
South Korea's main stock index sank nearly 2 percent on March 25, hit by fresh fears of a global economic slowdown. The FSS will preemptively cope with risk factors in local stock and asset management markets, Won said. From next month, the FSS will begin conducting a "comprehensive inspection" of financial firms as it seeks to strengthen protection for consumers and improve corporate governance at financial firms. 
Read the Article
Control Quotes
"How would your life be different if...You stopped worrying about things you can't control and started focusing on the things you can? Let today be the day...You free yourself from fruitless worry, seize the day and take effective action on things you can change." 
Steve Maraboli
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
ici logo The Internal Control Institute™ (ICI) is a worldwide organization  devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.  Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance.  Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.