ERM

Today we continue our in-depth look at the enforcement action against Citigroup, because the case truly does raise a host of interesting audit and compliance issues. Our prior post looked at Citigroup’s struggles with data governance; now let’s examine how the bank needs to revamp its enterprise risk management. The consent order from the Office…

Read More
COSO

Nearly 30 years ago as young bank auditor, I learned about a private sector initiative known as “The Committee of Sponsoring Organizations of the Treadway Commission,” or more simply, “COSO.” It was the mid-1980s. The savings & loan crisis was raging. COSO was, and continues to be, a joint effort of five private sector organizations…

Read More
sobel

Internal control and risk management enthusiasts, listen up: we have a new podcast with incoming COSO chairman Paul Sobel, who talked about his desire for COSO to publish more guidance to help companies understand how to put its internal control and risk management frameworks to good, practical use. As always, you can listen to the…

Read More
job

Audit and risk professionals with a yearning for public service at a good salary, you have a new option: the Securities and Exchange Commission is looking for its first-ever chief risk officer. The agency posted the job this week. Salary is $185,000 to $245,000, which is on par with what CROs earn in the private…

Read More

COSO unveiled its new framework for enterprise risk management this morning, a trimmed down version of the original draft that still places a heavy emphasis on embedding risk management across the whole enterprise and tying it deeply to corporate strategy. The framework is available at www.COSO.org. It’s the result of nearly three years’ work and…

Read More
SEC DERA

Let’s all be honest: the Securities and Exchange Commission is not known for a sense of humor. This is too bad, because at least some individual SEC employees I’ve met over the years have been quite funny. Their inner comedian yearns to break free in a litigation release or SEC comment letter, only to be…

Read More
erm framework

More news on the COSO framework for enterprise risk management: the final framework will consist of 20 principles rather than the originally proposed 23; the “ERM rainbow” graphic will be replaced with a more DNA-like image; and yes, COSO intends to have the complete framework ready for public consumption by sometime in July. That’s the…

Read More
erm framework

COSO plans to simplify its forthcoming framework for enterprise risk management, paring back some of the 23 proposed principles and renaming some of the framework’s five components, according to a project summary PwC has been circulating lately. A friend of the cause passed along that presentation to me earlier this week, and the framework’s development…

Read More
Amazon

Spotted on the Internet this weekend: Amazon.com is looking for a program manager to join a newly formed enterprise risk management team—which means, of course, that Amazon has a newly formed ERM team. That’s news to me. The job description says Amazon wants to create a new, centralized ERM function that acts as an adviser…

Read More
erm framework

One of the sleeper issues this year, that could become a larger issue for risk and compliance officers next year, is the COSO draft framework for enterprise risk management. Compliance officers in the private sector might want to watch what your brethren in the government sector are saying about ERM, since the points they are raising…

Read More