top banner

Control Chatter                                                   January 2019
News that Control Professionals Need to Know

 Quick Links
 *All New* Internal Control online courses
ici logo
The ICI "Certification Series" has been completely updated and is available online to everyone around the world!  Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
To review the course catalog click here: ICI Course Catalog
To register for one or all of the online training programs click here:  
Online course pricing has been reduced by over 70%, so get started today! 
****Limited Time Only****
Test your Knowledge of Internal Control
*** Take the  Internal Control Knowledge Mini-Assessment ***
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
In This Issue
An ICI Warning
ICI Announcements
Largest Data Breach Ever
Audit Committees and Audit Quality
SEC's Proposed Whistleblower Rule Amendments
Top five risks facing directors in 2019
Dronemaker popular with insurers struggles with internal fraud
Facebook's privacy lapses may result in record fine from FTC
France fines Google $57 million
Many annual earnings are arriving without an audit
3 strategies to avoid being hacked
An ICI Warning
By Michael Pregmon, Jr., Ph.D., CICP
COO and Managing Director
Dr. Michael Pregmon, Jr.
COO and Managing Director 
We have repeatedly reported that fraud is on the rise. It is astounding to recognize the creativity that abounds involving different ways to deceive people, to either take financial advantage or gain additional business.
The Institute recently received several reports from its members and certified professionals about this scheme. This involves a practice to maliciously obtain money from unsuspecting individuals. And, it particularly occurs while surfing the web.
When visiting certain websites, the unsuspecting individual's computer is marked and identified. It is difficult to identify such a website. As a result, the unsuspecting individual will then find their computer screen seized with a message imprinted on a red background color screen. The message, purportedly from the Microsoft Corporation, will direct a call be made to a specific phone number.
When this number is called, the respondent will typically use a company identification acronym that appears to be an affiliation of the Microsoft Corporation. This respondent will then direct the caller to a computer service company who can unseize your screen and repair your computer relatively quickly. Interestingly, the cost for this service is rather expensive as one may expect.
Our members report that should this occur, such a malicious act can likely be resolved by your own computer service company far less costly, if for any fee at all. Or, you may even possess the skill to correct the misdeed yourself.
Fraud is abundant everywhere today. Be aware and be suspicious!
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at: or by phone at 727-538-4113   in the USA. 

The Internal Control Institute Welcomes New "Partner in Botswana"
ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification.  Individuals or companies interested in internal control training or Certification should contact:
Contact: Humphrey Chawafambira

ICI Affiliate News:

The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below.
Training Plans :

São Paulo  - February 11 to 15, 2019
Brasília - March 11 to 15, 2019
Rio de Janeiro - April 1 to 5, 2019
Fortaleza - April 22 to 26, 2019
Belo Horizonte - May 13 to 17, 2019
Porto Alegre - June 3 to 7, 2019

For more details on planned training please check on the website below, or send a message to Mr. Eduardo Person Pardini


Training Plans:

Hangzhou - March 14 - 17, 2019
Beijing - March 20 -23, 2019
Guangzhou - March 28 - 30, 2019
Xi'an, Shaanxi Province - April 11 - 14, 2019
Shanghai - May 23 - 26, 2019
Beijing - June 19 - 23, 2019

Individuals or companies interested in internal control training and Certification should contact:  
Mr. Qiu Jianting
Room 1039, Block A, Jinmao Building, No. 18, Xizhimenwai Street,
Xicheng District, Beijing, China
Zip Code: 100044
Mobile phone: 13810588109


Training Plans :

Brussels - January 22, 2019 (in French)
Luxembourg - February 28, 2019 (in French)

For more information on scheduled training and exams please contact Mr.Yves Dupont of ICI Belgium at: 
For more information on upcoming activities in this area please contact Mr. Summit Goyal of  ICI India at :
Phone: +91 9810575613

Myanmar and Cambodia:
ICI is proud to announce it has entered into an agreement with Better Business Governance - APAC PTE LTD (BBG) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia. 
Better Business Governance will be responsible for all development activities, including professional training and Certification.  For more information on upcoming activities in this area please contact:
Better Business Governance
Mr. Sanjeev Gathani
1 Claymore Drive
#08-14, Orchard Towers (Rear Block)
Singapore 229594
For more information on upcoming activities in this area please contact the following:
Antonio Salas Hernandez CICP,  Email: 
Joaquin Prendes Herrera, Email: 

Middle East:

The CICS exam is now being  provided in Arabic.  Osool Training and Consulting has courses and testing available in Jordan, Libya, Muscat, Sudan, Qatar, the United Arab Emirates, Kuwait and Palestine. 

Training Plan 2019
Certified Internal Control Specialist (CICS) Certification Preparation Programs are scheduled as follows:

Dubai, UAE February 24 - 28, 2019
Tripoli, Libya - February 24 - 28, 2019
Doha, Qatar - March 3 - 7, 2019
Amman, Jordan - March 10 - 18, 2019
Ramallah, Palestine - March 10 - 14, 2019
Kuwait City, Kuwait - March 17 - 21, 2019
Muscat, Oman - April 7 - 11, 2019
Tunis, Tunisia - April 7 - 11, 2019
Cairo, Egypt - June 30 - 4 July, 2019

Interested applicants in that region should contact Osool for scheduling for future programs.  For additional information on scheduled ICI Certification and program sessions, please contact:
Lina Salameh
Assistant General Manager
O SOOL for Training & Consulting
Mob Oman:  +968 95 98 98 20
Mob Jordan: +962 7 99589666
Tel:   +962 6 5927171 Ext. 107
Fax:  +962 6 5927172

Leadway Consulting conducts CICS training sessions and examinations in Nigeria. For more information on upcoming activities in Nigeria  please contact:
Mr.  Joel Aluko


For more information on activities in Pakistan individuals or companies should contact : Muhammad Farooq Hammodi

Singapore, Malaysia, Indonesia and Taiwan:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.  

Individuals or companies interested in internal control training or Certification should contact:
General enquiries for all 4 markets -
Singapore - Mr. Bob Seetoh -
MalaysiaMr. Melvin
IndonesiaMr. Barry Dingga -
Taiwan - Ms. Mickey Tai -


CICS Certification Exam Preparation Training to be held in Ankara 
from 9 - 10 March 2019.

For detailed information on scheduled ICI Certification and program sessions, please contact ICI Turkey  below:

Ms. Ilknur Tunc,  VP -
Dr. Bertan Kaya -
GOP Mahallesi, İran Caddesi, Karum İs Merkezi
No:21, D Blok, 4. Kat, D:398-399

+90 (312) 4425015 T
+90 (533) 4474444 D
CICS examinations to be held in Vietnam: 

11 April 2019

For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology,  Level 5 , 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Office: 848 3803 5020 - 848 3512 9371 - 848 3512 7652

For more information on activities being planned please contact:
Mr. Proctor Nyemba at:

Internal Control Chatter  
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
Largest Data Breach Ever Exposes Hundreds of Millions of Passwords, Emails
January 18, 2019 
These days, massive data breaches seem just like a common, even boring, fact of life. But occasionally, a breach comes along that gives people pause. This is one such case. The so-called "Collection #1" is the mother of all breaches. It's quite literally the largest single data breach by volume that has been discovered, containing about 772,907,991 unique email addresses and 21,222,975 unique passwords, Wired  reported.
Audit Committees and Audit Quality: Guidance from IOSCO
January 25, 2019
The International Organisation of Securities Commissions (IOSCO), being the leading international policy forum for securities regulators which focuses on the quality of financial reports and good corporate governance, has published a  report on good practices for audit committees of listed companies in supporting external audit quality.  The report focuses on the importance of ensuring the quality of a company's financial report, the independence of any external audit in achieving market confidence, transparency and effective functioning capital markets and the valuable role audit committees play in achieving this.
What Do The SEC's Proposed Whistleblower Rule Amendments Mean For Businesses?
Article by Laurel Gift
Co-authored by Masha Trainor
January 25 2019
In June of 2018, the US Securities and Exchange Commission (SEC) voted to propose amendments to the rules governing its whistleblower program. The proposed amendments are, at least in part, a response to the US Supreme Court's 2018 holding in Digital Realty Trust, Inc. v. Somers, and its effect on the definition of "whistleblower." In light of both the Digital Realty Trust decision and the proposed regulatory changes, in-house counsel and compliance leaders should examine their internal reporting policies, ensure that multiple avenues for internal reporting exist, and implement procedures for conducting efficient internal investigations.
Revealed: Top five risks facing directors in 2019
What are the biggest threats and issues for directors in the year ahead, and how complex are they going to be? "There are risks that are often interconnected and generally have high-speed impact and occur at scale," Institute of Directors chief executive Kirsten Patterson said. "Directors need to have their antennae up, be strategic and make sure they have the right information for decision-making."
Patterson outlined five issues, which IOD's governance leadership centre suggests should be top of mind for directors in 2019.
Dronemaker popular with insurers struggles with internal fraud
Lulu Yilun Chen

January 22 2019

DJI has unearthed cases of fraud involving its own employees that may trigger losses of about 1 billion yuan ($150 million) for the world's largest drone maker, marking one of the largest recent cases of graft among China's technology giants.  SZ DJI Technology Co., which discovered the corruption in an internal probe, said it's fired multiple workers who inflated parts costs for personal gain, and contacted law enforcement. The drone maker is still looking into the situation, which is "extensive" and involves a major sum, it said in a statement. The company didn't say how many employees were involved in the instances of graft.
Report: Facebook's privacy lapses may result in record fine from FTC
Associated Press
Jan. 20, 2019
Facebook may be facing the biggest fine ever imposed by the Federal Trade Commission for privacy violations involving the personal information of its 2.2 billion users. The FTC is  considering hitting Facebook with a penalty that would top its previous record fine of $22.5 million, which it dealt to Google in 2012 for bypassing the privacy controls in Apple's Safari browser, according to The Washington Post.  The story published Friday cited three unidentified people familiar with the discussions.The potential fine stems from an FTC investigation opened after revelations that data mining firm  Cambridge Analytica had vacuumed up details about as many as 87 million Facebook users without their permission.
France fines Google $57 million for violating new EU data privacy law
By Associated Press
Jan 21, 2019 
France's data privacy watchdog fined Google 50 million euros ($57 million) on Monday, the first penalty for a U.S. tech giant under new European data privacy rules that took effect last year.  The National Data Protection Commission said it fined the U.S. internet giant for "lack of transparency, inadequate information and lack of valid consent" regarding ad personalization for users.
It's one of the biggest regulatory enforcement actions since the European Union's General Data Protection Regulation, or GDPR, came into force in May. The rules are aimed at clarifying individual rights to personal data collected by companies, which are required to use plain language to explain what they're doing with it.
Many annual earnings are arriving without an audit, and that could be a problem
By Francine McKenna
Jan 23, 2019 
Many of the annual earnings results companies are releasing will arrive without an auditors' signature, and a study suggests that could be a problem.  A majority of companies announce annual earnings before auditors sign off on the numbers, but  new research  suggests the practice increases pressure on auditors to stick to the announced numbers rather than suggesting any final corrections or adjustments.  Approximately 70% of U.S. public companies announce annual earnings prior to the completion of an annual audit, by about 16 days on average. The practice has exploded in the past 15 years:   
3 strategies to avoid being hacked
Learn more about how concepts related to reconnaissance, simulation, and digital identity can improve cyber defences.
January 10, 2019
There's kind of three main new emerging focuses. I would say one is reconnaissance, and this basically means are you familiar with how you look from an adversary's perspective. Frankly this is an emerging area that organisations need to take from governments, who've been working with this sort of thing for a long time: understand your adversary, know what they see about you, know what makes them attractive or what makes you attractive to them, and use that information to make better decisions about where to invest in security technologies and controls. The next is simulation. The reality is it's not a question of if you will be hacked or breached, but when, because every organisation is a target, because every organisation represents an opportunity for a cybercriminal to achieve their goals. Then every organisation needs to practise for that day because that day will come.
Control Quotes
"To live in the past is to die in the present." 
Bill Belichick
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
ici logo The Internal Control Institute™ (ICI) is a worldwide organization  devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.  Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance.  Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.