The ICI "Certification Series" has been completely updated and is available online to everyone around the world! Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
Dr. Michael Pregmon, Jr. COO and Managing Director
Periodically at the Institute, we receive inquiries from internal control professionals asking about the best method for assessing and ranking the various risks in their businesses. And, our response typically is: "it depends upon the organization's risk appetite."
Nevertheless, there are techniques to help determine the priority of your business risks. Priorities differ from one organization to another. So, each company must evaluate this challenge individually. Companies who are geographically dispersed and/or have different operations must assess these individually by each operation as well.
There are numerous methods for performing such analyses, but three key elements must always be considered:
The exposure or damage that can result from an unfavorable event.
The likelihood of such an event occurring.
The magnitude of the risk.
Consequently, the vulnerability and threat of each risk must be considered. Risks with the associated vulnerabilities and threats are the requirements for control. In other words, you cannot effectively develop control until you know the risks and associated vulnerabilities and threats.
The next concern, of course, is how best to prioritize your risks to enable cost effective management. A high magnitude risk may be quite costly to attain absolute control. But if the threat is relatively small, this will factor into its priority.
most common methods are brainstorming,
risk exposure - threat
diagram, and the Threat
Point Matrix. Certainly, brainstorming risk exposure for priority ranking is typically the most frequent method used. But, the Threat
is a more informative tool used to identify points
in systems that have high risks of
loss due to control weaknesses.
The technique involves building a matrix. On one dimension are the control points and the
other dimension potential points of threat. By identifying the points with the highest probability
of loss, organizations are given insight into where business systems are most likely to experience loss.
The use of the threat point matrix enables us to rank the points in sequence at which we
believe the large losses will occur. Thus, the point ranked higher will get the most control resources. Further, we likely will place an emphasis on installing controls at the highest risk point, since we may not have resources to install positive control at all points within our operations.
The Internal Control Common Body of Knowledge (CBOK) provides an excellent description
of this tool in section 184.108.40.206. This is an excellent process to have in your internal control toolbox.
HELP US IMPROVE INTERNAL CONTROL SYSTEMS WORLDWIDE
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at:
email@example.com or by phone at
727-538-4113in the USA.
ICI Affiliate News:
The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below:
ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification. Individuals or companies interested in internal control training or Certification should contact:
ICI is proud to announce it has entered into an agreement with Better Business Governance - APAC PTE LTD (BBG) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia.
Better Business Governance will be responsible for all development activities, including professional training and Certification. For more information on upcoming activities in this area please contact:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.
Individuals or companies interested in internal control training or Certification should contact:
CICS Training course to be held in HCM City over 4 days:
25 & 26 May and 1 & 2 June 2019
CICS examinations to be held in Vietnam:
11 April 2019
27 June 2019
12 September 2019
19 December 2019
For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology, Level 5, 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
As it has done for several years now, the IRS issued an updated list of "Dirty Dozen" tax scams for 2019. For the third year in a row one of the biggest scams is phishing attempts. Phone scams also figure prominently, with criminals making threatening phone calls to innocent taxpayers.
For many years, the U.S. Securities and Exchange Commission has required the CFO of a public company to certify the accuracy of the organization's financial statement, providing confidence to investors in the report's quality. This much-valued guarantee of corporate responsibility testifies to the robustness of the company's internal control structure and systems. However, recent research by BlackLine revealed a surprising lack of confidence within finance departments in the numbers being reported. According to a survey we commissioned of more than 1,100 C-level executives and finance professionals, 71% of C-level executives completely trust the accuracy of their financial data. However, only 38% of finance professionals - the people preparing the statements and reports - share that opinion. The findings are evidence of a disconnect about the accuracy of the data. That's dangerous at a time when many companies are transforming around data to make more informed business decisions.
It sounds like it should have been impossible to miss, but it took more than a year for an industrial equipment company to discover $12,000 worth of doggie day spa charges on an employee's expense reports. Level upon level of corporate management also failed to detect that the same employee was running a scheme to sell more than $200,000 in company equipment on eBay.
Only a fraction of expense reports are closely examined, so it is no wonder that companies experience more than $7 billion in annual losses from fraud, according to the Association of Certified Fraud Examiners.
By using robots, instead of relying on random spot checks, companies are catching fraud more than twice as fast and fraud losses are halved, said Andi McNeal, director of research for the Association of Certified Fraud Examiners.
The hits just keep coming for MoviePass. Its parent company, Helios and Matheson Analytics, has restated the financial results it previously reported for the quarter ending last September 30 to reflect lower revenue and a wider net loss. In a succinct SEC filing, the owner of the wayward movie ticketing firm said its management "has determined that a material weakness relating to subscription management existed in the company's internal control over financial reporting." As a result, the actual quarterly revenue figure should have been $74.7 million, 8% lower than the $81.3 million that was reported. Net losses of $146.7 million were 7% higher than the figure that was reported.
Since the enactment of the Sarbanes-Oxley Act of 2002 (SOX), public companies have taken steps to strengthen their internal controls over financial reporting and enhance their ability to comply with rules and regulations. For the past two decades, in response to accounting and corporate scandals as well as increased enforcement of Foreign Corrupt Practices Act of 1977 (FCPA) violations by the SEC and Department of Justice (DOJ), there has been an increase in corporate boards' awareness and management's focus in governance and risk management. Specifically, beyond basic internal controls, companies are taking preventive measures to manage their potential risks of fraud and noncompliance by implementing anti fraud
policies and procedures, staying on top of relevant compliance requirements, and leveraging periodic fraud awareness training to keep employees informed of their roles and responsibilities.
WATER services company China International on Thursday said that there has "regrettably" been a lapse in internal controls in conducting its various share buybacks from Dec 21, 2017 to Oct 16, 2018, which led the company to inadvertently breach listing rules of the Singapore Exchange (SGX).
The board has since conducted a review of its internal control policies and taken rectification measures to ensure that similar breaches will not occur again.
Japan market watchdog seeks $1.2 million fine against Citi, alleges JGB manipulation
Japan's SESC market watchdog said on Tuesday it had recommended a $1.2 million fine against the British unit of Citigroup Inc for alleged manipulation of Japanese government bond (JGB) futures prices. The incident marks the latest crackdown by Japanese authorities over alleged attempts to manipulate prices in the JGB futures market. The SESC said an employee of UK-based Citigroup Global Markets Limited made buy and sell orders for 10-year JGB futures without the intention to execute. The SESC recommended a penalty of 133 million yen. Citigroup said it takes the recommendation seriously. "Citi will place the utmost priority on further enhancing governance and internal control to comply with the financial regulations and directives," it said in a statement.
"Given economic conditions at home and abroad, there are many factors that could pose a systemic risk to the capital market," Won said, without elaborating.
South Korea's main stock index sank nearly 2 percent on March 25, hit by fresh fears of a global economic slowdown. The FSS will preemptively cope with risk factors in local stock and asset management markets, Won said. From next month, the FSS will begin conducting a "comprehensive inspection" of financial firms as it seeks to strengthen protection for consumers and improve corporate governance at financial firms.
Read the Article
"How would your life be different if...You stopped worrying about things you can't control and started focusing on the things you can? Let today be the day...You free yourself from fruitless worry, seize the day and take effective action on things you can change." Steve Maraboli
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
The Internal Control Institute™ (ICI) is a worldwide organization devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework. Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance. Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.