Start becoming an Internal Control professional today!
The ICI "Certification Series" has been completely updated and is available online to everyone around the world! Course content prepares individuals to design and/or assess internal control and to assist management in installing internal control processes. In addition, the series prepares candidates for the Certified Internal Control Specialist (CICS) Examination.
The Internal Control Institute has developed a CICS Common Body of Knowledge Mini-Assessment that helps an individual determine their knowledge as it relates to governance and control practices. Results point out areas of knowledge that may require additional training and experience. The assessment also provides a measurement to the individual's readiness for CICS certification. The assessment measures core knowledge in eight critical areas including: Internal Control - Principles, Terms and Concepts, Internal Control Environment, Risk Management, Assessing Application Controls, Business System Control Assessment, Risk Assessment, Internal Control Measurement and Reporting, and Governance Practices
Dr. Michael Pregmon, Jr. COO and Managing Director
Organizations today are quickly realizing the urgency of improving control operations in their company. This is especially critical in this age of concerns for data security and integrity. COSO (the Commission Of Sponsoring Organizations) suggests that all employees are responsible for internal control. Further, the COSO Framework specifies that to be effective, information and communication must flow freely from the top of the organization to the bottom and visa - versa. Information in most organizations commonly does flow from top to bottom. But unfortunately, it often doesn't flow upward as it should. There are many reasons for this "logjam." But if we're truly honest and realistic, this most often occurs because employees are traditionally reluctant to criticize an organization's processes openly in fear of being considered non - supportive. Here is where the internal control manager can significantly impact the effectiveness of the control process in the firm.
Internal control managers do only four things. But, they must perform these four activities well. These are:
Actually, these are the four major activities any good manager must accomplish for success.
For the internal control manager, there are a number of activities necessary in each of these categories. However, here are some of the most important considerations in each group:
The major task here is for the internal control professional to perform the risk analysis for the company. The threats facing the organization at all levels must be considered. A threat point matrix is typically constructed of the risks, vulnerabilities and threats facing the entity. This provides insight into which risks/threats are the most vulnerable. The organization likely does not have enough resources to protect itself 100% from all risks.
Perform an organizational self-assessment by providing a footprint chart of the company's status of control activities compared to world-class standards. This provides information and direction as to where the control improvement emphasis should be focused.
Ensure that staff are properly trained in control activities and awareness. COSO suggests that all employees are responsible for control. Staff members must be trained in control techniques relevant to their responsibilities.
Install reasonable reporting throughout the organization to insure proper feedback and that established processes are followed. And most importantly, insist upon continuous improvement.
As a control professional, do you practice a good POLC process?
HELP US IMPROVE INTERNAL CONTROL SYSTEMS WORLDWIDE
The Internal Control Institute™ (ICI) improves organizational Internal Control worldwide by providing training, products and services and individual Professional Certifications recognized internationally. The Institute's Board of Advisors has determined it would like to further expand into areas where it is not directly represented. ICI provides world-class programs and its intellectual property to affiliates free of charge and shares all program revenue with them. If your organization is interested in partnering with ICI to earn revenue while you contribute to the development of the internal control profession worldwide please contact Dr. Michael Pregmon, Jr., Chief Operations Officer, by email at:
firstname.lastname@example.org or by phone at
727-538-4113in the USA.
ICI Affiliate News:
The Internal Control Institute is conducting certification training in a classroom format for the internationally recognized CICS (Certified Internal Control Specialist) certification in internal control. Information on these programs regarding dates and schedules can be found on the Events tab on our Website or directed to the affiliate named below:
ICI has entered into an agreement with Internal Control Institute of Botswana (ICI Botswana":) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in this territory. ICI Botswana will be responsible for all development activities in this area, including professional training and Certification. Individuals or companies interested in internal control training or Certification should contact:
In partnership with IIA-Bel, ICIB started a series of lunch workshops about how the various principles of the COSO 2013 can be developed in the organizations.
Each session contains a one hour discussion on the adequate design of the IC system component, illustrated by ICIB, and 1 hour discussion about the evaluation / audit of this component by an IIA-Bel representative. After completion of the 6 workshops, a summary of the findings will be published in a White Paper issued by both institutions. Given the success of these sessions, a second series of workshops will be organized later this year.
Better Business Governance - APAC PTE LTD (BBG) has become a representative for Products, Services and Internal Control Certifications (CICS/CICP) in Myanmar and Cambodia.
Better Business Governance will be responsible for all development activities, including professional training and Certification. For more information on upcoming activities in this area please contact:
ICI has entered into an agreement with GRC Consultancy Pte Ltd. (ICI Singapore, Malaysia, Indonesia and Taiwan) as its representative for Products, Services and Internal Control Certifications (CICS/CICP) in those territories.
Individuals or companies interested in internal control training or Certification should contact:
CICS Training course to be held in HCM City over 4 days:
25 & 26 May and 1 & 2 June 2019
CICS examinations to be held in Vietnam:
27 June 2019
12 September 2019
19 December 2019
For more information on upcoming activities in Vietnam please contact: NGUYEN THANH TUNG (MBA. M.Eng, PhD.) Director, FMIT Institute of Financial Management & Information Technology, Level 5, 126 Nguyen Thi Minh Khai Street, Ward 6, District 3, HCMC, Viet Nam
Each month the staff of The Internal Control Institute reviews hundreds of articles related to Internal Control and Corporate Governance. Here are brief summaries of some of the top articles (along with links to the original article) that may be of interest to you.
SEC Considers Easing Major SOX Provision for Smaller Companies
The Securities and Exchange Commission has proposed changes that would limit the need to adhere to the Sarbanes-Oxley Act (SOX) requirements to obtain audits of their financial controls over financial reporting (SOX 404) to larger public companies.The SEC voted yesterday to propose amendments to the accelerated filer and large accelerated filer definitions. The changes could have a big impact on the need for companies to obtain audits of their internal controls over financial reporting (ICFR) under SOX provision 404. Smaller reporting companies with less than $100 million in revenues
The number of deficient audits performed by the six largest global audit firm networks reduced by 3% in 2018, although the current level - at 37% - is still unacceptable The statistics, revealed by the International Forum of Independent Audit Regulators (IFIAR) in its seventh annual survey of inspection findings by its member regulators' individual audit firm inspections, show that audit quality is slowly improving. Five years ago the number of audits found to have significant deficiencies stood at 47%. By 2017, this had reduced to 40% and is now at 37%. However, as IFIAR points out, "While the downward trend is encouraging, the recurrence and level of findings reflected in the survey indicate a lack of consistency in the execution of high quality audits and the need for a sustained focus on continuing improvement".
The duty to pursue profit as a CEO is a duty of temporal order, while the pursuit of long-term advantage involves preserving and enhancing the competitive advantage over time, protecting the reputation and lifespan of the enterprise, and considering not just interests of the shareholders, but those of key stakeholders.
Corporate governance has become a key factor in the risk profile of many countries, contributing to some of the biggest swings, both positive and negative, in the 2019 FM Global Resilience Index released Wednesday.
Norway again holds the top spot for overall resilience in the index, while Denmark rose from seventh to second place, boosted by an "impressive improvement" in its supply chain visibility, followed by Switzerland, FM Global said in the report. Haiti is the bottom-ranked country in the report, followed by Venezuela and Nepal, unchanged from last year.
The past 20 years has seen a marked global increase in the amount of corporate board reforms aimed at increasing firm value. It is believed that with greater outside representation on the board, insiders - such as top executives and shareholders - will be discouraged from reaping private rewards, and instead will encourage investment in projects that benefit everyone. In addition, it will also hopefully improve financial reporting transparency. This should then reduce the cost of capital by increasing outside financing, and thus increase firm value. Reforms may be necessary if firms are prevented by corporate insiders from investing in good practices. Indeed, government enacted reforms can help immensely, as they require firms to improve board practices - regardless of controlling shareholders' views - and encourage conventions that would not otherwise be adopted.
Strong information security management calls for the understanding of critical principles and concepts such as data classification, change management/control, and protection mechanisms. Nonetheless, such terminologies might be overwhelming at the beginning, causing most enterprises to blindly adhere to compliance requirements without complete knowledge of whether they secure their software, networks, and systems. Comprehending the primary purpose of data security measures promotes a security-first data protection approach that enables companies to protect themselves against cybercriminals and satisfy compliance requirements as well.
Advisors have no excuse for not taking cybersecurity seriously. They've heard about the risks - the potential losses to their reputations and their bottom lines. At the same time, the SEC has publicly detailed its focus areas, such as risk assessment, data loss prevention, vendor management and incident response. What has been less obvious, however, is how examiners evaluate firms to determine whether they pass the test. Several of the cybersecurity requests made of an independent advisor recently in a SEC exam may not be exactly what practitioners had in mind.
Specialty equipment maker AZZInc. said it replaced its auditor after the company disclosed material weaknesses in controls over its financial reporting.
AZZ's audit committee dismissed BDO USA LLP and replaced the Chicago-based auditor with Grant Thornton LLP. AZZ said it informed BDO of the dismissal last week.
AZZ's move comes after two years of accounting difficulties. The company delayed filing its fiscal 2019 and 2018 annual reports and had disclosed separate material weaknesses in its internal controls over financial reporting of revenue in both years.
Two recent insider trading cases involving internal counsel, one on each side of the border, serve as a reminder of the high standards to which regulators hold internal counsel, and the importance of robust insider trading policies. In both of these cases, the internal counsel were regularly given access to material non-public information (MNPI) as part of their roles. Both also either had direct oversight of, or were involved in administering, the issuer's trading policies. The combination of access to MNPI and involvement in trading policies in both cases created a heightened possibility for risk of insider trading.
Freedom is the only worthy goal in life. It is won by disregarding things that lie beyond our control. Epictetus
Help Keep Everyone Informed...
If you see a news story concerning internal control or corporate governance that you feel is important for other professionals to know please send it to us .
The Internal Control Institute™ (ICI) is a worldwide organization devoted exclusively to internal control and corporate governance. The Institute is dedicated to the development of world-class educational programs and best practice guidelines on internal control and corporate governance, based on the Sarbanes-Oxley Act and the COSO internal control framework. Visit us on the web at the Internal Control Institute
Control Chatter is a monthly news summary of the top stories concerning internal control and corporate governance. Control Chatter is prepared by the staff of Internal Control Institute for the benefit of their members and associates. Please consider it for your personal use or pass it on to associates who may have an interest in one or more of the topics by clicking on the Forward email button below.