Comments re post by Norman Marks – internal audit and ERM accused of failing to hit the mark – discussion about management, boards and audit committees – David Tate, Esq., Royse Law Firm

I have provided below a link to a post by Norman Marks, in which Norman discusses and in part compares or contrasts internal audit and ERM. Norman’s post is a good, worthwhile read.

There are many good writers on these topics – you will also note that there are disagreements between knowledgeable professionals. Just for example, as Norman notes, ERM or enterprise risk management is a management function (I would say a management, board and audit committee function) whereas internal audit is independent; however, there has been for sometime considerable discussion about the role of internal audit and whether it can be or should be or has been expanded in ways that could make it less independent or less of an audit function and more of an advisory function in some circumstances – internal audit endeavors to make itself more valuable and needed as a function and department.

I don’t get into the discussions about whether internal audit should or should not be less independent or more advisory – instead, if internal audit is not being sufficiently utilized I primarily attribute that to one or both of two reasons which can be interrelated: (1) either internal audit needs to do a better job selling to management, the board and the audit committee how internal audit can help, or (2) particularly the board and the audit committee need to be more educated or convinced about how internal audit can help them to satisfy their oversight duties and responsibilities (I can help you with reason (2)).

If you are interested in risk management and enterprise risk management you are aware that COSO is still updating its ERM framework. If you aren’t interested in risk management or ERM but you are a board and/or audit committee member you definitely should be interested as it or parts of it are part of your oversight duties and responsibilities.

COSO has said that its updated ERM function should be out mid-2017, in other words, soon. This is a big deal. Whereas risk management professionals will extensively evaluate and comment about the new framework from an ERM perspective, and although I am also a CPA, I will primarily evaluate the framework from a legal perspective and what the new framework will or may require of management, the board and the audit committee in satisfaction of their duties and responsibilities. Add to this the COSO 2013 updated internal control framework, and the changes that are being made to audit procedures and the audit report, in addition to increasing disclosures about events, practices and procedures not just numbers, and you have a significantly changing environment in terms of management, board and audit committee duties and responsibilities.

That’s all for now. Below is the link to Norman Marks’ new blog post – read his post – it covers more about internal audit and ERM than the title indicates. David Tate, Esq., Royse Law Firm (see below for firm practice areas), Menlo Park, California office, with offices in northern and southern California. The following is a link to my other blog, about trust, estate, and elder, etc., disputes, litigation and difficult or contentious administrations: http://californiaestatetrust.com.

Here is the link to Norman’s post:  https://normanmarks.wordpress.com/2017/07/15/internal-audit-and-erm-accused-of-failing-to-hit-the-mark/

David Tate, Esq. (and CPA, California inactive). Royse Law Firm, Menlo Park Office, California (with offices in both northern and southern California).

Royse Law Firm – Practice Area Overview – San Francisco Bay Area and Los Angeles Basin, http://rroyselaw.com/

  • Corporate and Securities, Financing and Formation
  • Corporate Governance, D&O, Boards and Committees, Audit Committees, Etc.
  • Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  • International
  • Immigration
  • Mergers & Acquisitions
  • Labor and Employment
  • Disputes and Litigation (I broke out these areas because they are my primary areas of practice)
  •             Business
  •             Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  •             Trade Secrets, NDA, Financial & Accounting Issues, Fraud, Lost Income, Royalties, Etc.
  •             Privacy, Internet, Hacking, Speech, Etc.
  •             Labor and Employment
  •             Mergers & Acquisitions
  •             Real Estate
  •             Owner, Founder, Investor, Board & Committee, Shareholder, D&O, Lender/Debtor, Etc.
  •             Insurance Coverage and Bad Faith
  •             Investigations
  •             Trust, Estate, Conservatorship, Elder Abuse, Etc., and Contentious Administrations
  •             Dispute Resolution and Mediation
  • Real Estate
  • Tax (US and International) and Tax Litigation
  • Technology Companies and Transactions Including AgTech, HealthTech, etc.
  • Wealth and Estate Planning, Trust and Estate Administration, and Disputes and Litigation

New COSO Updated ERM Framework – Coming Soon – End of June, Perhaps – Could Be Very Important

Just a heads up, a source has suggested that the new long-anticipated COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM update might finally be out at the end of June. COSO is spending a very long time (since October 2014) preparing and vetting this “update” of the 2004 Enterprise Risk Management — Integrated Framework. COSO’s sponsoring organizations are the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Accountants (now the Institute of Management Accountants [IMA]), and the Commission includes representatives from industry, public accounting, investment firms, and SROs (exchanges).

We’ll have to wait and see what we get with this “update,” which will either simply be a relatively unimpressive or vague tweak, or a useful, modernized, sufficiently detailed guide which might become the standard to achieve, or somewhere in between. I’m hopeful for the useful version – ERM needs a big boost – this “update” is important. I find that there really are only three ways to provide this type of boost: sponsorship and push by large or influential organizations and people, mandatory (i.e., by law, regulation or rule) adoption, or, sometimes, push and expectancy by the public.

Here is the link to the COSO website https://www.coso.org/Pages/default.aspx

Best to you, David Tate, Esq., Litigation, D&O, audit committees, etc., Royse Law Firm http://rroyselaw.com/

Forwarding a worthwhile paper discussing objective based risk management

I am forwarding a link to a short article by Tim Leech and Lauren Hanlon discussing, as they say, Paradigm paralysis in ERM & internal audit. I am providing you with this article because of the discussion between risk management that first and primarily identifies risk, and one that first starts with the objectives of the enterprise, and then follows with the risks to those objectives.

You might also be aware that soon, perhaps next month in September, COSO will be making available its eagerly awaited ERM update, which could be an important development.

Below is the link to the Leech/Hanlon paper (I do also note that they lost me a little with the sample summary report on the second page of the paper – I prefer reports that very easily speak for themselves – but I have found that sometimes professionals with Tim’s experience tend to write in a manner that is not always the most easy or simple to understand). This is a worthwhile paper – please read it.  Dave Tate, Esq., San Francisco and California.

http://riskoversightsolutions.com/wp-content/uploads/2011/03/Risk-Oversight-Solutions-Paradigm-Paralysis-in-ERM-IA-Tim-Leech-Lauren-Hanlon.pdf