Blogs about: Automated Controls
Featured Blog
SAP’s Secret Recipe for GRC
It is true that SAP has been selling a number of what it calls GRC solutions. (Now that I have retired from SAP I can tell you that I wish they didn’t call them that – which I will explain later… more →
Norman Marks on Governance, Risk Management, and Audit
SAP’s Secret Recipe for GRC
— 4 comments
wrote 2 weeks ago: It is true that SAP has been selling a number of what it calls GRC solutions. (Now that I have retir … more →
Advice on scoping SOX work on segregation of duties (SOD) and restricted access (RA)
— 11 comments
wrote 2 months ago: Many organizations do far too much work on these areas, primarily because they scope the work in iso … more →
SOX: Potential changes in the evaluation of internal control over financial reporting
— 18 comments
wrote 4 months ago: As I open my email these days, I see people suggesting that we are about to enter a new era of asses … more →
A Leap Forward for Risk and Compliance
— 5 comments
wrote 6 months ago: Last week, I had the honor of being the opening keynote speaker at the Compliance Week West conferen … more →
The Future of Internal Audit – Automated Predictive Controls
wrote 6 months ago: The increasing quantity of data produced by today’s businesses is old news (1,2,3), in fact we have … more →
Fresh Thinking on Risk Culture
— 1 comment
wrote 6 months ago: The Institute of Risk Management (IRM) has published two documents on Risk Culture. The first is a p … more →
OCEG study says fragmented GRC is causing problems for many organizations
— 3 comments
wrote 6 months ago: The Open Compliance and Ethics Group (OCEG) has published its global 2012 GRC Maturity Survey, spons … more →
Questions to ask about GRC - Part 1: The Mystery of GRC
— 17 comments
wrote 10 months ago: Consultants and other thought leaders (including software vendors) are pressing boards and executive … more →
How secure are your mobile devices?
— 2 comments
wrote 10 months ago: Information Week has published an interesting report, 2012 State of Mobility Security. Their study s … more →
Technology continues to change our personal and work lives
— 2 comments
wrote 1 year ago: One of the fascinating aspects of my job is the ability to watch and wonder at the new ‘stuff’ that … more →
If you weren’t already worried about privileged users, you should be
— 7 comments
wrote 1 year ago: The issue of privileged users, and the risk that their access presents, is one many of us have been … more →
Continuously monitor social media for risk and control issues and opportunities
— 1 comment
wrote 1 year ago: This week, I met with a software company that specializes in monitoring social media. Their customer … more →
Taking big advantage of big data to drive big improvements in performance
wrote 1 year ago: One of the radical and disruptive elements of the digital world is the explosion of data, both struc … more →
SOX Master Class
— 3 comments
wrote 1 year ago: If SOX is your thing, I lead a master class for SOX managers for Marcus-Evans. This is a small group … more →
Mobile will bring both risks and opportunities. Is your company’s strategy optimized?
wrote 1 year ago: The Australian newspaper’s IT section ran a piece on October 25, 2011 a radical year of digital revo … more →
Continuous auditing that should NOT be performed by internal audit
— 8 comments
wrote 1 year ago: I have to admit to being a big fan of continuous auditing in general. One of my more popular papers … more →
PwC Global Information Security Study
wrote 1 year ago: This latest report from PwC, conducted with CIO and CSO Magazines, has some interesting content. One … more →
Protiviti study on IT auditing raises more questions than it answers
— 5 comments
wrote 1 year ago: There’s a new Protiviti study. Their 2011 IT Audit Benchmarking Survey summarizes the input from nea … more →
How well does your SOX team work with the external auditor?
— 1 comment
wrote 1 year ago: This week, I have been with a group of twelve SOX experts talking about how to optimize their SOX pr … more →
