
Norman Marks
This year, the publication from Deloitte is more interesting than usual. In their Audit Committee Brief, November/December 2014, they ask What’s on your agenda for 2015? They highlight:
• Effectively managing IT
• The audit committee report (as filed in the 10-K)
• Internal controls, in particular the focus by the PCAOB on material weaknesses and the work of the external auditor, as well as the update of the COSO internal controls framework
• Globalization and its effect
• Finance talent
• Anti-corruption
• Risk oversight
• Tax considerations
Addressing the risk oversight issue first, Deloitte has made some progress this year. They make the important statement:
“Regardless of who in the company is in charge of risk, the most important consideration is that the company has a clear view of where risk monitoring and related activities are housed and that risk issues are being adequately covered.”
All of the topics in the Deloitte document are food for thought, but none more, in my opinion, than the topic of IT.
While Deloitte understandably focuses exclusively on the negative risk from technology (cybersecurity and so on), they make the excellent point that they need to get face time with the CIO. I think it is an excellent idea for the CIO to attend every other audit committee meeting.
Deloitte suggests questions for the audit committee to ask about technology-related risk, I think additional questions should be considered, including:
• How do you assess and manage business risk relating to technology? Are you engaged with the enterprise risk management process?
• How much risk is enough and how much is too much?
• How do you determine how much to invest to address technology-related risks?
• Are you taking enough risk when it comes to new technology that might advance the business? How do you know? Who do you work with to assess whether and when to deploy new technology?
• How do you know that the IT function is delivering the value it should to the business?
• How involved are you with the company’s strategy-setting processes? Is this the right level of involvement?
I welcome your comments.
• Effectively managing IT
• The audit committee report (as filed in the 10-K)
• Internal controls, in particular the focus by the PCAOB on material weaknesses and the work of the external auditor, as well as the update of the COSO internal controls framework
• Globalization and its effect
• Finance talent
• Anti-corruption
• Risk oversight
• Tax considerations
Addressing the risk oversight issue first, Deloitte has made some progress this year. They make the important statement:
“Regardless of who in the company is in charge of risk, the most important consideration is that the company has a clear view of where risk monitoring and related activities are housed and that risk issues are being adequately covered.”
All of the topics in the Deloitte document are food for thought, but none more, in my opinion, than the topic of IT.
While Deloitte understandably focuses exclusively on the negative risk from technology (cybersecurity and so on), they make the excellent point that they need to get face time with the CIO. I think it is an excellent idea for the CIO to attend every other audit committee meeting.
Deloitte suggests questions for the audit committee to ask about technology-related risk, I think additional questions should be considered, including:
• How do you assess and manage business risk relating to technology? Are you engaged with the enterprise risk management process?
• How much risk is enough and how much is too much?
• How do you determine how much to invest to address technology-related risks?
• Are you taking enough risk when it comes to new technology that might advance the business? How do you know? Who do you work with to assess whether and when to deploy new technology?
• How do you know that the IT function is delivering the value it should to the business?
• How involved are you with the company’s strategy-setting processes? Is this the right level of involvement?
I welcome your comments.
Les médias du groupe Finyear
Lisez gratuitement :
Le quotidien Finyear :
- Finyear Quotidien
La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises de la finance d’entreprise et de la finance d'affaires.
Les 4 lettres mensuelles digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- Le Capital Investisseur
Le magazine bimestriel digital :
- Finyear Magazine
Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres
Le quotidien Finyear :
- Finyear Quotidien
La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises de la finance d’entreprise et de la finance d'affaires.
Les 4 lettres mensuelles digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- Le Capital Investisseur
Le magazine bimestriel digital :
- Finyear Magazine
Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres
Autres articles
-
Coinbase et Visa, un partenariat pour des transferts en temps réel
-
Brilliantcrypto, la nouvelle aventure play-to-earn basée sur la blockchain Polygon, arrive sur Epic Game Store
-
Nomination | Truffle Capital promeut Alexis Le Portz en qualité de Partner
-
IPEM Paris 2024 : 5500 participants au Palais des congrès
-
Pomelo annonce une Série A à 35 millions de dollars menée par Vy Capital