- How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
- In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
- A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
- SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
Pascal Allison says
1. How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
There is a common saying, if it is not broken, do not fix it. Sometimes, a breakage cannot be fixed; thus, prevent the breakage – applied the necessary controls considering the risks and cost. Controls can also be determined by looking at some physical variables. A risk and cost analysis must be done to determine the controls. Automatic control is not cheap; thus, an organization should implement as much automated control as needed and acceptable by the organization.
It is a good thing to have a solid foundation for a house. I will consider controls from the initiation of the design phase, then adjust through the process. This makes it a lot easier to implement controls, and the expected results can come in handy. Controls can increase or reduce through the process depending on the risk analysis and cost associated with implementation.
2. In the Real-World Control Failures, we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
The definition of a good leader comes in different forms. If you are a good person, that is different. If you are good at implementing the company policy, it is also different. Implementing the company policy can be parallel or unparallel with the leader character.
Is it a root cause of the control failures?
Yes – when the leader character prorogates illegality, immorality, and unethical activities;
No – when the leader character conforms with the law and regulatory terms/conditions.
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
J. C. Watts said, “Character is doing the right thing when nobody’s looking. There are too many people who think that the only thing that’s right is to get by, and the only thing that’s wrong is to get caught.”
When it comes to audit, the opportunity, rationalization, and pressure will exist. What makes the auditor stands tall among his peers, other professionals, and the industry is his character. Character is not a suit you wear sometimes, it must be wore at all times. As an auditor, I will build my reputation and maintain an ethical character in the industry by imploring integrity – doing the right thing whether someone is looking or not.
Then the question comes, “What is the right thing?” Follow my code of ethics, be law-abiding, submit to regulatory standards, etc.
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
Again, this goes back to cost-benefit analysis. What is the weigh of GRC against the cost of implementing controls? What is the weight of GRC against the cost of not having controls?
Justifying the cost of GRC depends on the cost-benefit analysis and implementation.
No – If the cost of GRC (controls) is higher than the benefit, there is no justification.
Yes – If the cost of GRC (controls) is lower than the benefit, there is justification.
Scott Radaszkiewicz says
Pascal, the Watts quote is one of my favorites. Defines character so brilliantly. You must be above reproach with all of your actions as an auditor, and doing so, even when you know it can slip by is the most important aspect. I have never been in their shoes, but I’m sure auditors feel pressure all of the time when conduction an audit. It’s how they react and conduct themselves under this pressure that defines them. I’m sure it’s not easy, and it takes a special kind of person.
James T. Foggie says
1 .How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
Automated controls should be considered whenever feasible. Controls such as automated prevention and remediation can be vital to providing the confidentiality, availability and integrity of information assets. Automated controls typically remove the possibility of human error when coded and implemented accurately. In this day and age of agile system development, automation should be considered during the design phase of any tool development. Systems should be designed as flexible as possible with the necessary automation implemented; however, there a many legacy applications still in existence and will continue to exist. With respect to legacy applications, automated controls should be considered
for implementation as opportunities present themselves.
Pascal Allison says
Opportunity, feasibility, and human error, I think taking into account the cost and benefit (financial, market share, reputation, etc.) for determination and implementation will also help the process.
Mahugnon B. Sohou says
You are right James. All the reasons you mentioned are good one, but ones need to also consider what a vulnerabiltiy in the system would cost us if a control was in place versus what it would cost when there is not control initial set.
Scott Radaszkiewicz says
Right James, when feasible. I often see times when everyone tries to automate everything, and they spend more time trying to get things automated then if they just did the routines manually. Automation can help with ease of task completion and aid in errors, but you have to way the costs of implementing these controls. Feasible is the right word!
James T. Foggie says
2 .In the Real World Control Failures we’ve reviewed, describe the character of the leaders involved. Is it a root of the control failures?
In the Real World control failures presented during this semester, consistently, dishonesty seem to be a common characteristic among the leaders throughout the synopsis of many of the presentations. For the most part, the dishonest character of leadership created an environment of fraud and control failure, however the fraud triangle typically painted the complete picture of the control failures. In each real world control failure example offered, rationalization, motivation and opportunity was usually at the root of the fraud. The combination of the existence of the fraud triangle and dishonest leaders created the control failures which led to the significant fraud covered in the real world examples presented this semester.
Mengqiao Liu says
Agreed with you of the fraud triangle and dishonest leaders created the control failures. Those dishonest leaders created/had motivations and opportunities to make frauds. I would say the characters ‘facilitated‘ ’’this fraud triangle came true,
Mahugnon B. Sohou says
I Totally agree with your point. One common factor that kept coming up in those real life exemple were the dishonnesty of the leaders, however like you said I think the Fraud triangle, opportunity, rationalization and pressure were the biggest factors.
James T. Foggie says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
As an IT Auditor I would conduct myself in a professional manner at all times. In order to gain the confidence in my team lead, and the auditee, I will make sure I utilize industry standards and guideline throughout my involvement in any audit engagement. Another very important characteristic I plan to utilize to project good ethical character is professional skepticism. Clients will not respect your audit engagements if you take the word of the client and do not perform the necessary tests to confirm control effectiveness. Lastly, I will aim to produce concise and well organized working papers that support all
findings in audit engagements I complete.
Mahugnon B. Sohou says
Gaining th econfidence of those that you are working with through your actions is an important factor in building your reputation as an IT auditor. You are also right about professional skepticism. As an IT auditor ones must always perform testing and look for evidence and not just take clients words for it.
James T. Foggie says
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
The cost of GRC can significant. In addition to implementation cost, there could be significant costs related to maintenance and support of the GRC system. To justify this significant cost, companies must tie benefits to the overall business objectives of the company. Specifically speaking, companies must provide a Return On Investment (ROI) argument for the GRC value. Benefits of the GRC must directly tie into the ROI.
For example, efficiency benefits (faster audit reports); risk reduction benefits (fewer incidents, fines etc.);
and strategic performance benefits (better strategic decisions using risk and compliance info) can all justify the significant cost of a GRC system.
Heiang Cheung says
Yeah agreed James the benefits need to outweigh the cost. If GRC is able to save them from a control failure that would cost more than implementing GRC than it’s worth it. If it’s a small company it’s probably not worth it and insurance is probably the best bet.
Robert Conard says
Yes, I think the GRC module is to confront a gap that is significantly unaddressed by certain companies in aligning their organization with compliance responsibilities. It seems like a niche product for companies that are struggling with regulations;
Derrick A. Gyamfi says
Automated system controls are a key part of any strong internal control environment. The desire for automated controls should increase for any organization that wants to strengthen its control environment. They increase efficiency of operations, improve accuracy and help eliminate fraud. A major advantage of robust automated is that they are more reliable than manual controls – they work automatically and are not subject to human error or failure. I think it is better to consider controls at the initial design phase but with continuous monitoring and a culture of improvement in an organization in an organization, the environment should be assessed frequently to evaluate and make the better.
Derrick A. Gyamfi says
In the Real World Control Failures we have reviewed, the character of the leaders have been very dishonest, greedy, with a very low level of integrity if any. With this type of leaders in an organization, there is a high likelihood of fraud due to a poor “tone at the top”.
The connection between fraud and the “tone at the top” of an organization has received international attention over the last few years. Tone at the top refers to the ethical atmosphere that is created in the workplace by the organization’s leadership. Whatever tone management sets will have a trickle-down effect on employees of the company. If the tone set by managers upholds ethics and integrity, employees will be more inclined to uphold those same values. However, if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud because they feel that ethical conduct is not a focus or priority within the organization. Employees pay close attention to the behavior and actions of their bosses, and they follow their lead. In short, employees will do what they witness their bosses doing.
Derrick A. Gyamfi says
Integrity is an important fundamental element of the auditing profession. Integrity requires accountants to be honest, candid and forthright with a client’s financial information. Auditors should restrict themselves from personal gain or advantage using confidential information. While errors or differences in opinion regarding the applicability of accounting laws do exist, professional accountants should avoid the intentional opportunity to deceive and manipulate financial information.
Public accounting firms or private companies often develop a code of ethics or conduct for auditors. These ethics and conduct rules ensure all auditors act in a consistent manner. In the absence of specific rules or standards, auditors should review their actions to ensure they are following commonly accepted principles. I will build my reputation and maintain a good ethical character in the industry by consistently abiding by these code of conducts and being mindful of the leadership of each organization I find myself in over the course of my career.
Folake Stella Alabede says
1. How much of automated controls should be desired?
Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
From a technical perspective, automation primarily means reducing the administrative effort required on the part of the ICS and any persons responsible for compliance.
Consideration of automated vs manual control vary and depends on the nature, volume, type etc of an organizations business. It is mostly agreed that manual processes that could be replaced by automated controls should be eliminated, but also, manual controls/process can play an important and complimentary role.
It might also be beneficial to consider controls at the initial phase because this ensures that an organization has considered all scenarios that could arise in the normal course of business, and have have detective, preventive and/or compensating controls in place as needed. Through a BIA, a control risk assessment etc, an organization can identify various threats and vulnerabilities and consequently put appropriate controls in place, as opposed to “winging” it and introducing controls “when the need arise”, because this probably means a breach of some sorts has occurred, and the organization has a need to introduce additional controls
Ref – AGAS Chapter 4.3 (SAP GRC)
Mahugnon B. Sohou says
1.How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
Based on a cost benefit analysis an organization should implement as much automated control as the organization need. It is a good idea to have controls from the very beginning, at the initial design phase and all the way throughout the process. This allows for a better risk mitigation and an early detection of vulnerabilities or error early.
Mahugnon B. Sohou says
2.In the Real-World Control Failures, we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
A leader can come in multiple shapes. By definition a good leader is a person who can guide others. He also makes sure to implement company policy and that they are followed. However in most cases that we reviewed the leader did not ensure implementation of strong policies. It could be considered a root cause of the control failures in the cases where the illegal act starts with the leader so it start sfrom the top to the bottom
Mahugnon B. Sohou says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
It is true that a person’s character is very crucial in the audit industry. What makes the auditor stands tall among his colleagues and in the industry in general is his character. I would build my reputation by maintaining my integrity at all time. Doing the right thing at all time, not only when people are looking but also when people are not.
Derrick A. Gyamfi says
Casid,
I absolutely agree that character and integrity are crucial in the audit industry. Moreover, objectivity and independence are important ethical values in the profession. Auditors must remain free from conflicts of interest and other questionable business relationships when conducting services. Failure to remain objective and independent may hamper an auditor’s ability to provide an honest opinion about a company.
Mahugnon B. Sohou says
4.SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
This all comes down to a cost-benefit analysis. Companies must measure the cost of GRC against the benefit of having this control in place, or the impact of not having this control. The cost of GRC could be justified If it is lower than the benefit.
Scott Radaszkiewicz says
Mahugnon, I agree. It’s a business decision. What are the costs associated with this implementation. What business goals are we trying to accomplish. Does this align with our mission. It’s all part of a bigger picture. And each organization will have their own answer.
Scott Radaszkiewicz says
Question 2: In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
In the real world control failures that we have reviewed, I think there have been a mix of issues. Certainly, in a case like Enron, there were issues with management that lead to deception. The management of Enron intentionally cooked the books and provided false information. In this case, you could say this speaks to the character of Enron. In some other examples, Target or Home Depot hacks, well, in these cases, management wasn’t’ doing anything wrong. These companies systems were just taken advantage of by hackers.
Scott Radaszkiewicz says
Question 3: A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
Honor and integrity. These are the two key building blocks to building your character as an auditor. You must be follow the letter of the law when it comes to any engagement. You can’t bend or change anything, not even one time, because if you do, then you’ll be known for it. You must make the right call, each time, and have no emotion about it. You can’t look the other way for a friend, or long time client. Everyone is treated with the same criteria. No exceptions.
Scott Radaszkiewicz says
Question 4: SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
I think, as with any cost justification, it depends on the company. SAP’ GRC module helps an organization implement governance, risk and compliance, and the costs could be very different for each organization. So, this is a business decision. If the cost to implement SAP’s GRC is going cost $100,000, and the organization could potentially avoid theft, fines and fees of $1,000,000, then the cost of implementing the system could be justified. It all comes down to the organization, their business plan, and their risk appetite.
Folake Stella Alabede says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
To build your reputation in this industry, a very important part is keeping up with industry trends and standards. Isaca helps ensure this, even though it looks like a painful process, that after getting certified in various exams (CISA, CRISC etc) you have to continue earning CPE’s and going for professional development, or your certification status can be suspended/revoked.
To maintain a good ethical character in this industry also requires some objectivity and self discipline. Some organizations are particular that employees do not receive a gift (cash or whatever form) that exceeds a certain amount. At my previous job, that amount was $35. This enables and keeps an employee honest, on the right track and unbiased. If a client you are auditing is able to give you- the auditor a gift like a car (with values ranging from $15,000 and above), it tends to reason that such auditors judgment of the client ‘might’ be biased and cloudy.
ISACA also helps answer these questions, as there is the “ISACA code of Professional Ethics” which states some requirements that’s helps with being a good auditor.
http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx
Tamekia P. says
1. How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
The more automated controls there are, the less manual controls are necessary. It is beneficial to consider the controls at the initial design phase because it is easier to automate at the beginning versus starting and attempting to automate the controls at a later date.
Tamekia P. says
2. In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
The leaders involved in Lehman Brother collapse had a lack of integrity by performing false accounting practices. This is a root cause of the control failures because it demonstrates a lack of tone at the top. The leaders had a responsibility to shareholders and failed this responsibility when they chose to continue to record these temporary transactions.
Heiang Cheung says
Hey Tamekia,
Good point on tone at the top. The lack of governance in these company are probably the main cause because if the culture of some of these organization change there might be a different story to tell. Having a culture of just focusing on meeting numbers will probably not end well because people will cut corners to meet their goals.
Tamekia P. says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
You can build your reputation by practicing integrity in small scenarios. You don’t want to get a reputation as someone that bends the rules for small things as they may doubt that that you will maintain integrity in larger things.
Tamekia P. says
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
A GRC is effective but the cost may or may not be justifiable depending on the organization. If the organization requires all of these customized discrete modules then the benefits from using GRC may not be maintained if the system can not correctly analyze the inputs.
Heiang Cheung says
1. How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
I think automated controls should be desired the most and used whenever it’s possible because it removes human error. In most cases of control failures its caused by somebody not doing what they are supposed to. I believe it’s more beneficial to consider controls at the initial design phase because it will save time because if you introduce the controls as needed you will constantly have to go back and rebuild.
Heiang Cheung says
2. In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
I feel like on a lot of the control failures we have reviewed so far the character of the leader involved were that they were just negligent. For example, Yahoo control failure, they didn’t care enough to staff their security team or upgrade some of their technology. Even with the financial failure they didn’t care if they were over leveraged as long as the business was making money. They all lack governance and oversight and when you lack that people do whatever they want.
Heiang Cheung says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
Not only is character important in the audit industry I feel like character is very crucial in everyday life. I would build my reputation and maintain a good ethical character by following the policies that are in place. Also I would be honest in everything I do and be known as a person who don’t cut corners.
Heiang Cheung says
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
Of course, the cost could be justified but it all depends on the size of the company because if it’s a small company there might not be as much risk to implement GRC to make it worth the price. If the company is large, it’s worth the cost because it could help prevent some of the risk that can potentially cost them more than implementing GRC.
Robert Conard says
1. Automated controls are desirable for the efficiency computers can bring to protecting, monitoring, and responding to threats. Considering controls during the design phase is ideal to begin creating a protected environment, however it is common to continue adding controls as vulnerabilities arise. Control management processes should be in place after designs have been implemented to enable further controls to be added down the road.
Robert Conard says
2. The leaders from our real world control failures have often been the root cause of the control failure. Usually there are the policies in place to confront such vulnerabilities, but it is the failure to enforce them that ultimately leads to the issues that arise in the organizations.
Heiang Cheung says
Hey Robert,
Your right that it’s because they didn’t follow the policies in place but I think that you have to think about the cuture of the company. Take for example, the Wells Fargo case where theymade ficticious loans and bank account just to reach sales target. I think if they were not pushing their sales team to meet number than they probably won’t have that happen. If you push people to make number thats are unacheavable than the only way to achieve it is to cheat.
Robert Conard says
3. Character comes from approaching situations professionally while considering the real world ramifications. Being thorough and hardworking is a desirable quality, however, in real situations, the auditor does not escalate issues to their maximum. Simply bringing the vulnerability to the attention of management is enough, and driving only so much as the situation demands.
A good auditor is also not influenced by auditees attempts to distract from findings. The job of the auditor is absolute and we as professionals must understand our role in completing a project.
Robert Conard says
4. The cost can be justified if there is an existing lack of enforcement or knowledge around the policies of the organization in the first place. The GRC tool simply allows the computer to analyze and monitor inconsistencies with internal policy. As auditors, I wonder to what extent this technology is reliable since it will largely be used by the organization and may diminish the value of independence.
Folake Stella Alabede says
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
The cost of GRC should be well justifiable as the importance of the GRC(Governance, Risk and Compliance) module cannot be over-emphasized. When done right, SAP GRC helps organizations manage their regulation and compliance as well as reduce/remove risks.
The SAP GRC module would help an organization with compliance with regulatory bodies like SOX etc., as these regulatory bodies are there to ensure there are controls in place to detect and prevent risks/frauds/errors. Before the SAP GRC, reviews were done manually, sometimes by generating lots of reports etc; this was time consuming, prone to errors and lots of other associated manual risks, now the SAP GRC would analyze, manage and monitor.
And even though GRC might be costly, when done right, some of the advantages include greater information quality, ability to perform repetitive processes in a consistent manner and reduced cost.
Mengqiao Liu says
1. How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
There is an opposite: manual controls and automated controls. Manual control is a control performed by a person without making direct use of automated systems. Automated control is a control performed by an automated system, without interference of a person. Then how much of automated controls should be desired depend on the situation. A performance of a Quality Assurance review needs manual control. The reviewer evaluates the process and related requirements in order to confirm that the entire process was executed correctly. If the system has great amount of data that is needed to be monitored, then a automated control should in place.
Mengqiao Liu says
2. In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
In my memory, most of the characters of the leaders involved in the Real World Control Failures were CEOs. The organizations were failed to perform manual and automated controls to the data, the financial transactions, and SoD monitoring. I would say it is a root cause of the control failures. They had the motivations and opportunities and they tried to make the fraud became rationalization.
Mengqiao Liu says
3. A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
Auditing profession has been facing the crisis of confidence and trust due to its failure to maintain public trust. Ethical behavior audit teams must be free from interference or impairment from any department or management function. Conflicts of interest are avoided by ensuring individual auditors are not assigned to evaluate the department the auditor reports to. Auditors should never represent themselves as having expertise they do not possess. Auditors must be selected on the basis of proven technical expertise and recognized certifications. Auditors must be fully qualified in all relevant industry standards and governmental regulatory requirements.
Mengqiao Liu says
4. SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
GRC is a control tool, to measure a control tool whether is justified through how does the control work for the internal security. How long or how many risks does GRC monitored; how many compliance issues does GRC remediated, these are the method to measure whether the cost of GRC is justified.
Nauman Shah says
Yes completely agree, the company would have to do a cost – benefit analysis. Some of the metrics that can be used to measure the benefit would be the number of compliance issues that can be remediated with GRC implementation .
Akiyah Baugh says
How much of automated controls should be desired? Is it beneficial to consider controls at the initial design phase or controls are introduced as and when needs arise?
I think it’s important to consider automated controls at the design phase and as the needs arise.
It designed correctly for accuracy, automated controls will lessen the chance for human error, speed up processing time, which could turn into cost savings and improve client satisfaction. I worked in an office where the supervisor wanted to automate 80% of the office’s manual processes. Many of the automated controls were mapped out during the project design phase, however, several other automated processed were “phased” in after the project had been live for some time.
Akiyah Baugh says
In the Real World Control Failures we have reviewed, describe the character of the leaders involved. Is it a root cause of the control failures?
The characters involved in the Real World Control failures we have reviewed, all appeared to be owners/ Suite level personnel who were greedy, negligent, lacked integrity, and in some cases lacked or disregarded technological expertise. I think in many cases it was a root cause for the control failures. The leaders not only disregarded controls that were put in place but also pressured their direct reports to disregard controls as well.
Akiyah Baugh says
A person’s character is very crucial in the audit industry. How would you build your reputation and maintain a good ethical character in this industry?
I will build my reputation by performing the duties of my job to the best of my ability. I will maintain a good ethical character at all times, try my best not to have a social relationship with the department that I am charged with auditing( maintaining a professional relationship only would hopefully make doing my job a lot easier., and to always do my job and not let anything slide.
As an auditor your reputation will play a huge part in your success, therefore you should always take steps to ensure that your reputation, integrity, ethics, and morals are beyond reproach if you want to be successful.
Akiyah Baugh says
SAP’s GRC module may be important and effective, but can the cost of GRC be justified? Explain
GRC is expensive to implement, however having a GRC in place can assist in risk management, governance, and compliance. I think companies will spend the money if having a GRC proves worth it.
The cost of GRC can be justified by evaluating the cost of issues that arise as a result of not have a GRC in place. When GRC is done right, the benefits are plenty. These benefits include cost savings, and improved operations and functionality.
Nauman Shah says
1 – How much of automated controls should be implemented really depends on the control environment of the company as well as its risk appetite. A company with a higher risk appetite might not need as many automated controls as a company with a lower risk appetite. Controls should always be considered during the initial design phase, as they are an essential part of the overall project and any project would be incomplete without a proper control framework. Controls should be implemented by go live date!
Nauman Shah says
2 – Dishonesty and the motivation to make money were at the heart of the real world control failure scenarios discussed in class. However, in most cases it was a combination of factors that can be best described by the fraud triangle that lead to control failure. In these examples, rationalization, motivation and opportunity is what lead to the leaders of the company act in a dishonest and deceitful manner for their personal gains.
Nauman Shah says
3 – A person’s character is crucial in any industry not just audit. Auditors are at the third line of defense, it’s even more crucial for people in the first line of defense to maintain good ethical character as they are the ones dealing with the people and process day in and day out. I would build my reputation by consistently delivering high quality work and maintain my independence by performing impartial reviews of the workpapers.
Nauman Shah says
4 – SAP’s GRC module is important and effective for those companies that can afford it. For smaller companies it might not be prudential to implement something that costs several hundreds of thousands dollars to implement and maintain. With any implementation, it’s important to do a feasibility and cost and benefit analysis to determine if it makes business sense to proceed with the implementation.