top banner

Control Chatter                                                   May 2019
News that Control Professionals Need to Know

 Quick Links
 Internal Control online courses
ici logo
Start becoming an Internal Control professional today!
The ICI "Certification Series" has been completely updated and is available online to everyone around the world!  Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
To review the course catalog click here: ICI Course Catalog
To register for one or all of the online training programs click here:  
Online course pricing has been reduced by over 70% 
Test your Knowledge of Internal Control
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
In This Issue
The Internal Control Manager.
ICI Announcements
SEC Considers Easing Major SOX Provision for Smaller Companies
Over a third of audits still failing the quality tes
Corporations must help shape a better world
Governance key to corporate resilience
The Impact and Effectiveness of Corporate Governance Reforms
Data Security Controls: Primary Objective
An insider look at the SEC's cyber exam
AZZ Replaces Auditor After Streak of Accounting Difficulties
In-House Counsel And Insider Trading
The Internal Control Manager
By Michael Pregmon, Jr., Ph.D., CICP
COO and Managing Director
Dr. Michael Pregmon, Jr.
COO and Managing Director 
Organizations today are quickly realizing the urgency of improving control operations in their company. This is especially critical in this age of concerns for data security and integrity. COSO (the Commission Of Sponsoring Organizations) suggests that all employees are responsible for internal control. Further, the COSO Framework specifies that to be effective, information and communication must flow freely from the top of the organization to the bottom and visa - versa. Information in most organizations commonly does flow from top to bottom. But unfortunately, it often doesn't flow upward as it should. There are many reasons for this "logjam." But if we're truly honest and realistic, this most often occurs because employees are traditionally reluctant to criticize an organization's processes openly in fear of being considered non - supportive. Here is where the internal control manager can significantly impact the effectiveness of the control process in the firm.
Internal control managers do only four things. But, they must perform these four activities well. These are:
Actually, these are the four major activities any good manager must accomplish for success.
For the internal control manager, there are a number of activities necessary in each of these categories. However, here are some of the most important considerations in each group:
Planning :
The major task here is for the internal control professional to perform the risk analysis for the company. The threats facing the organization at all levels must be considered. A threat point matrix is typically constructed of the risks, vulnerabilities and threats facing the entity. This provides insight into which risks/threats are the most vulnerable. The organization likely does not have enough resources to protect itself 100% from all risks.
Organizing :
Perform an organizational self-assessment by providing a footprint chart of the company's status of control activities compared to world-class standards. This provides information and direction as to where the control improvement emphasis should be focused.
Ensure that staff are properly trained in control activities and awareness. COSO suggests that all employees are responsible for control. Staff members must be trained in control techniques relevant to their responsibilities.
Controlling :
Install reasonable reporting throughout the organization to insure proper feedback and that established processes are followed. And most importantly, insist upon continuous improvement.
As a control professional, do you practice a good POLC process?

The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at: [email protected] or by phone at 727-538-4113   in the USA. 

ICI Affiliate News:

The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below:

ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification.  Individuals or companies interested in internal control training or Certification should contact:
Contact: Humphrey Chawafambira
E-Mail:  [email protected]

Training Plans :

Porto Alegre - June 3 to 7, 2019
Belém - June 24 to 28, 2019
Fortaleza  - July 1 to 5, 2019
Curitiba - July 15 to 19, 2019
Sao Paulo - August 8 to 14, 2019
Recife - September 2 to 7, 2019
Belo Horizonte - October 14 to 18, 2019

For more details on planned training please on the website below, or send a message to Mr. Eduardo Person PardiniEmail:  [email protected]

  Training Plans:

Beijing - June 19 - 22, 2019

CICS Training Class Xi'an, Shaanxi Province April 2019

Individuals or companies interested in inter
nal control training and Certification should contact:  
Mr. Qiu Jianting
Room 1039, Block A, Jinmao Building, No. 18, 
Xizhimenwai Street,
Xicheng District, Beijing, China
Zip Code: 100044
Mobile phone: 13810588109


Training Plans :

In partnership with IIA-Bel, ICIB started a series of lunch workshops about how the various principles of the COSO 2013 can be developed in the organizations.  Each session contains a one hour discussion on the adequate design of the IC system component, illustrated by ICIB, and 1 hour discussion about the evaluation / audit of this component by an IIA-Bel representative.  After completion of the 6 workshops, a summary of the findings will be published in a White Paper issued by both institutions.  Given the success of these sessions, a second series of workshops will be organized later this year.

ICIB also organized a CICS in house training for the internal audit team of the province of Hainaut-Belgium; the CICS exam scores were exceptionally high for this group of candidates

For more information on scheduled training and exams please contact Mr.Yves Dupont of ICI Belgium at: 
For more information on upcoming activities in this area please contact Mr. Summit Goyal of  ICI India at :
E-mail:  [email protected]
Phone: +91 9810575613

Myanmar and Cambodia:
Better Business Governance - APAC PTE LTD (BBG) has become a representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia.  Better Business Governance will be responsible for all development activities, including professional training and Certification.  For more information on upcoming activities in this area please contact:
Better Business Governance
Mr. Sanjeev Gathani
1 Claymore Drive
#08-14, Orchard Towers (Rear Block)
Singapore 229594
E-mail:  [email protected]
For more information on upcoming activities in this area please contact the following:
Antonio Salas Hernandez CICP,  Email:  [email protected] 
Joaquin Prendes Herrera, Email:  [email protected] 

Middle East:

10th Annual Conference held in Amman Jordan April 2019

The CICS exam is now being  provided in Arabic.  Osool Training and Consulting has courses and testing available in Jordan, Libya, Muscat, Sudan, Qatar, the United Arab Emirates, Kuwait and Palestine. 

Training Plan 2019
Certified Internal Control Specialist (CICS) Certification Preparation Programs are scheduled as follows:

Cairo, Egypt - June 30 - 4 July, 2019
Cairo, Egypt - July 21 - 25, 2019
Amman, Jordan - August 25 - 2 September 2019
Muscat, Oman - September 29 to 3 October 2019

Interested applicants in the region should contact Osool for scheduling for future programs.  For additional information on scheduled ICI Certification and program sessions, please contact:
Lina Salameh
Assistant General Manager
O SOOL for Training & Consulting
Mob Oman:  +968 95 98 98 20
Mob Jordan: +962 7 99589666
Tel:   +962 6 5927171 Ext. 107
Fax:  +962 6 5927172

Leadway Consulting conducts CICS training sessions and examinations in Nigeria. For more information on upcoming activities in Nigeria  please contact:
Mr.  Joel Aluko  [email protected]


For more information on activities in Pakistan individuals or companies should contact : Muhammad Farooq Hammodi


CICS Examination to be held in Bucharest on 6 December 2019
CICS Training Course to be held in Bucharest from 28 to 30 October 2019

For more information on activities in Romania contact : Cosmin Serbanescu at the National Institute for Internal Control in Romania.
Tel:  + 40 752 525 525


Singapore, Malaysia, Indonesia and Taiwan:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.  

Individuals or companies interested in internal control training or Certification should contact:
General enquiries for all 4 markets - [email protected]
Singapore - Mr. Bob Seetoh - [email protected]
MalaysiaMr. Melvin Beh[email protected]
IndonesiaMr. Barry Dingga -  [email protected]
Taiwan - Ms. Mickey Tai - [email protected]


        CICS Training course to be held in Istanbul 15 and 16 June 2019.

For detailed information on scheduled ICI Certification and program sessions, please contact ICI Turkey  below:

Ms. Ilknur Tunc,  VP - [email protected]
Dr. Bertan Kaya -  [email protected]
GOP Mahallesi, İran Caddesi, Karum İs Merkezi
No:21, D Blok, 4. Kat, D:398-399

+90 (312) 4425015 T
+90 (533) 4474444 D
CICS Training course to be held in HCM City over 4 days:
25 & 26 May and 1 & 2 June 2019

CICS examinations to be held in Vietnam: 
27 June 2019
12 September 2019
19 December 2019

For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology,  Level 5 , 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Office: 848 3803 5020 - 848 3512 9371 - 848 3512 7652

For more information on activities being planned please contact:
Mr. Proctor Nyemba at:  [email protected]

Internal Control Chatter  
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
SEC Considers Easing Major SOX Provision for Smaller Companies
T he Securities and Exchange Commission has proposed changes that would limit the need to adhere to the Sarbanes-Oxley Act ( SOX ) requirements to obtain audits of their financial controls over financial reporting ( SOX 404 ) to larger public companies. The SEC  voted yesterday  to propose amendments to the accelerated filer and large accelerated filer definitions. The changes could have a big impact on the need for companies to obtain audits of their internal controls over financial reporting (ICFR) under SOX provision 404. Smaller reporting companies with less than $100 million in revenues 
Over a third of audits still failing the quality test
By Julia Irvine
16 May 16, 2019 

The number of deficient audits performed by the six largest global audit firm networks reduced by 3% in 2018, although the current level - at 37% - is still unacceptable  The statistics, revealed by the International Forum of Independent Audit Regulators (IFIAR) in its seventh annual survey of inspection findings by its member regulators' individual audit firm inspections, show that audit quality is slowly improving.  Five years ago the number of audits found to have significant deficiencies stood at 47%. By 2017, this had reduced to 40% and is now at 37%. However, as IFIAR points out, "While the downward trend is encouraging, the recurrence and level of findings reflected in the survey indicate a lack of consistency in the execution of high quality audits and the need for a sustained focus on continuing improvement".
Corporations must help shape a better world - or risk being left behind
24 May 2019
The duty to pursue profit as a CEO is a duty of temporal order, while the pursuit of long-term advantage involves preserving and enhancing the competitive advantage over time, protecting the reputation and lifespan of the enterprise, and considering not just interests of the shareholders, but those of key stakeholders.
Governance key to corporate resilience
Corporate governance has become a key factor in the risk profile of many countries, contributing to some of the biggest swings, both positive and negative, in the 2019 FM Global Resilience Index released Wednesday.
Norway again holds the top spot for overall resilience in the index, while Denmark rose from seventh to second place, boosted by an "impressive improvement" in its supply chain visibility, followed by Switzerland, FM Global said in the report. Haiti is the bottom-ranked country in the report, followed by Venezuela and Nepal, unchanged from last year.
The Impact and Effectiveness of Corporate Governance Reforms
By FAUVER, Larry |  HUNG, Mingyi | LI, Xi | TABOADA, Alvaro G.
May 24, 2019
The past 20 years has seen a marked global increase in the amount of corporate board reforms aimed at increasing firm value. It is believed that with greater outside representation on the board, insiders - such as top executives and shareholders - will be discouraged from reaping private rewards, and instead will encourage investment in projects that benefit everyone. In addition, it will also hopefully improve financial reporting transparency. This should then reduce the cost of capital by increasing outside financing, and thus increase firm value.  Reforms may be necessary if firms are prevented by corporate insiders from investing in good practices. Indeed, government enacted reforms can help immensely, as they require firms to improve board practices - regardless of controlling shareholders' views - and encourage conventions that would not otherwise be adopted. 
Read the Article  
Data Security Controls: Primary Objective 
Strong information security management calls for the understanding of critical principles and concepts such as data classification, change management/control, and protection mechanisms. Nonetheless, such terminologies might be overwhelming at the beginning, causing most enterprises to blindly adhere to compliance requirements without complete knowledge of whether they secure their software, networks, and systems. Comprehending the primary purpose of data security measures promotes a security-first data protection approach that enables companies to  protect themselves against cybercriminals  and satisfy compliance requirements as well.
An insider look at the SEC's cyber exam
By Wes Stillman
May 29, 2019
Advisors have no excuse for not taking cybersecurity seriously. They've heard about the risks - the potential losses to their reputations and their bottom lines. At the same time, the SEC has publicly detailed its focus areas, such as risk assessment, data loss prevention, vendor management and incident response. What has been less obvious, however, is how examiners evaluate firms to determine whether they pass the test. Several of the cybersecurity requests made of an independent advisor recently in a SEC exam may not be exactly what practitioners had in mind. 
AZZ Replaces Auditor After Streak of Accounting Difficulties
The equipment maker dismissed BDO after disclosing material weaknesses in financial reporting oversight
By  Tatyana Shumsky and  Kimberly Chin
Specialty equipment maker  AZZ   Inc.  said it replaced its auditor after the company disclosed material weaknesses in controls over its financial reporting.
AZZ's audit committee dismissed BDO USA LLP and replaced the Chicago-based auditor with Grant Thornton LLP. AZZ said it informed BDO of the dismissal last week.  AZZ's move comes after two years of accounting difficulties. The company delayed filing its fiscal 2019 and 2018 annual reports and had disclosed separate material weaknesses in its internal controls over financial reporting of revenue in both years. 
In-House Counsel And Insider Trading: What Can We Learn From Recent Case Law?
May 22 2019
Two recent insider trading cases involving internal counsel, one on each side of the border, serve as a reminder of the high standards to which regulators hold internal counsel, and the importance of robust insider trading policies. I n both of these cases, the internal counsel were regularly given access to material non-public information (MNPI) as part of their roles. Both also either had direct oversight of, or were involved in administering, the issuer's trading policies. The combination of access to MNPI and involvement in trading policies in both cases created a heightened possibility for risk of insider trading.
Control Quotes
Freedom is the only worthy goal in life. It is won by disregarding things that lie beyond our control. 
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
ici logo The Internal Control Institute™ (ICI) is a worldwide organization  devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework.  Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance.  Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.