The nine-page audit was released to the Missouri News-Leader last week, and discovered the band program's practices and procedures were not followed properly in regards to the fall 2010 and spring 2011 terms. While no funds were missing, there were a number of areas where the organization lost out on opportunities.

"In 2010-2011, the program failed to charge all members of the Pride Marching Band the band activities fees of $335. The fees… cover the cost of the band camp, including housing, meals, clothing and travel," the source notes. "If correctly assessed, the fees would have raised $93,600. Instead, the university collected $88,240."

For educational institutions, improper procedures can cost thousands of dollars. For example, a recent audit of Georgia-based Kennesaw State University found weak protocols cost the university nearly $70,000.

According to the Committee of Sponsoring Organizations of the Treadway Commission – a group of five private sector companies aimed to provide leadership guidance – corporations must consider its risk appetite while it decides which goals to pursue. This is a three step process, which involves developing risk appetite, communicating it and then monitoring and updating it, the COSO report notes.

"As an organization decides on its objectives and its approach to achieving strategic goals, it should consider the risks involved, and its appetite for such risks, as a basis
for making those important decisions," the committee suggests.

To that end, it may be worth the time to reconsider risk management programs. The start of a new year presents new challenges, and more efficient risk assessment software can help better identify potential issues in advance.

Financial stress, operation change in organizations and the ever-looming threat of a double-dip recession may change how some people perceive their employers and jobs, making them more likely to engage in fraudulent behaviors. This translates into major risks for financial institutions, KPMG suggests

"It's highly likely that fraud, especially the internal threat, is going to continue to increase as economic pressures increase over the coming year," Hitesh Patel, a partner at KPMG, told the news source. "The possibility of a double-dip recession is likely to put further strain on households, driving more people to turn to fraud … to make ends meet."

With many companies just now beginning to recover from the 2008 recession, it's crucial they monitor internal activities. Fraud could further damage their relationships with investors and shareholders, not to mention their bottom lines.

Reports of bedbugs in Stonequist Aparments were the first sign that something may be wrong with the authority's financial budget and practices. There are several other concerns as well, including salary, compensation, travel and business expenses, as well as claims of nepotism, Mayor Scott Johnson told the Times Union.

Al Calluci, a city resident and a critic of the authority, was also included into the organization's seven-member board.

"Quite honestly, I don't know what the oversight has been. Absolutely, the state has to be involved," Calluci told the news source, referencing the U.S. Department of Housing and Urban Development.

HUD is a cabinet department formed in 1965 for the explicit purpose of developing and executing policies to support housing in metropolises. It is supposed to prevent buildings and properties under its control from becoming decrepit and uninhabitable.

The two-year review will cover all financial transactions, while transactions between shareholders from the past three years will be audited as a part of the initiative. The financial audit is tentatively scheduled to be completed within the first quarter, which will enable the company to complete a Form S-1 filing with the SEC.

"Bringing integrity and confidence in our financial reporting and financial processes is a critical action our company must take," said David McGee, CEO of Ronn Motor Company. "We believe the team we've assembled will conduct this audit process in a professional and efficient manner and further positions us toward being a 'Reporting Company' – a key objective for us."

The review should improve corporate governance and establish greater confidence among shareholders. After the economic collapse, many companies lost the trust of their investors, so performing audits and enhancing governance can help organizations reconnect with these individuals.

According to a recent survey conducted by Zurich Financial Services Group, approximately two-thirds of the executives surveyed said risk identification has become paramount over the past three years. Despite the growing importance of risk assessment, only one in 10 thought their management was effective in the creation of a risk-aware culture.

Additionally, many respondents believed it was crucial to link risk information to strategic decision making, but only 14 percent said their companies actually did that in an effective manner.

"There is no doubt that in today's challenging environment customers, shareholders and employees expect clear commitment to comprehensive and forward-looking risk management from top management and board," said Axel Lehmann, chief risk officer at Zurich.

IndustryWeek recently suggested assigning a corporate "risk champion." This individual would work toward achieving better risk awareness throughout the company and getting each department to work together to create a comprehensive risk strategy.

As IndustryWeek notes, various studies show the inefficiency of which risk governance is carried out. Seven percent of company revenue is devoted to risk identification and governance, but few firms work together to tackle these key issues and the matter tends to get pushed to the lowest levels of the organization.

David Young, senior vice president of insurance firm Willis, suggests appointing risk champions who will take control of the issue.

"Ignorance has never been a defense of the law. You should have known," Young told the news source.

Conversely, however, businesses shouldn't relegate all the responsibility on a certain person – there is a difference between having an individual take care of risk assessment and a person who will motivate others to address it. The risk champion should rally everyone else together to tackle the issue.

Data is the primary obstacle in that regard. Though some progress has been made to improve operational loss data, issues such as completeness, collection thresholds, dates and natural scarcity still prevent operational risk assessments from being as cut-and-dry as many financial institutions would like.

"For several important operational risk types, the lag that exists between a macroeconomic event and the losses can be many years, well beyond the scope of the exercise proposed by the regulators. One example is litigation losses (mostly under the ‘clients, products and business practices' risk type)," Cruz writes tor Risk.net.

With that in mind, transparency can also help ease relationships with investors. Corporations shouldn't try to hide risks or downplay them. Being straightforward is the best way to bolster confidence.

As RiskCenter notes, however, embarking on new objectives such as globalization opens corporations up to new risk. Some are obvious – like the tip of an iceberg – while others are less so – like the submerged core of the iceberg. Being able to perform risk identification for both types of dangers is crucial.

"While every business prepares elaborately for perceptible issues, few businesses take the initiative to develop an awareness and sensitivity to all that lies below, hidden from view, and waiting to cause chaos," the news source explains. "People don't know what they don't know. Worse yet, no one can plan for something that has never been anticipated."

In that regard, it's crucial that corporations use the most up-to-date risk workshop software to help prepare for all the possible scenarios.

The improvements would cost approximately $40 million to carry out and create approximately 400 to 600 yearlong jobs, the Bend Bulletin reports. Once the improvements are done, they would save local schools nearly $4 million a year. Moreover, the state would be able to pay for most of the renovations through low-interest loans.

However, school boards are skeptical of the savings, especially when considering the fact that planned improvements would require them to take on additional debt in a rocky economic climate.

"Quite frankly, it didn’t tell us anything more than we already knew," Gary Heldt, an engineer for Eugene School District, told the news source in regards to the recent audit.

With more organizations looking to save money, internal audit software can be a valuable asset. Running these reviews regularly can help determine how various policies and procedures may affect the bottom line.

"Effective enterprise risk management hinges on other dimensions as well, including organizational culture, behavior, ethics and change management … all the squishy, human stuff that defies convenient categorization in COSO cubes and other traditional risk management frameworks," business expert Eric Krell explains.

In the past few years, the corporations that have succumbed are the ones with limited views of risk indicators and management. Organizations such as MF Global were unable to survive because they didn't innovate with their risk management strategies and subsequent changes to their assessment programs didn't provide adequate results.

Financial officers need to arm themselves with the tools to properly manage their policies. Risk assessment software is paramount to this process.

Interim city manager Dan Stanley recently conducted an audit to determine where all the funding went. As it turns out, none of the health insurance funds were misappropriated, as some outraged workers had assumed. The report will be made available to the city council in the beginning of February.

"I will be sending that out to the council early next week," The Topeka Capital-Journal reports Stanley as saying. "But, in short, it was found that no funds were misappropriated from the fund for any other purpose than health insurance/fund-related expenses."

Several measures were taken to prevent the bottoming out of the fund, such as a one-time emergency infusion of $1 million earlier this year.

Internal audits can help organizations figure out where they went wrong and avoid making those mistakes again in the future. These reviews should be performed regularly and with the most up-to-date internal audit software.

The organization was asked to reassess its current legal and financial status after it received an eviction notice by its current landlord, the Inman Park United Methodist Church.

"There have been a number of missed monthly payments and we finally decided to work with a lawyer," Rev. Matt Nelson told GA Voice on Thursday. "A [letter] of demand for payment and notice of default … was initially served on Jan. 12."

In December, YouthPride board chairman Jordan Myers announced the company needed $40,000 to get current on debts or else it would face closure within 60 days. Now, the organization is being audited to determine whether it can continue to stay open and at least continue offering its services to troubled youth.

An internal audit task force can be leveraged to identify financial issues long beforehand, provided it is equipped with proper internal audit software.

According to the audit, CardioComm Solutions has well implemented management reviews, resource planning processes and corrective action loops. In conclusion, all the requirements of applicable ISO standards and Canadian regulatory requirement have been fulfilled and the firm's quality systems are well-established.

"This is excellent news for CardioComm Solutions," stated Etienne Grima, CardioComm Solutions' CEO, "especially in light of the rally in our stock price and brisk trading. The recent market response provides a clear signal that our shareholders … understand the significance of the FDA's permission to sell the HeartCheck with our GEMS software."

The medical industry is full of various regulations, so organizations need to stay on top of their policies and procedures to ensure they don't take any missteps.

The 2012 AFP Risk Management Survey asked chief financial officers, corporate treasurers and other key executives about the risks that impacted their earnings the most, and they all named the ones that are likely to cause the most uncertainty. Now, these companies are looking to risk identification to help mitigate these factors.

"Uncertainty is here to stay," said Jim Kaitz, AFP's president and CEO. "One way organizations can take control of rising uncertainty in their earnings is by adopting a new mindset and making more risk-adjusted decisions.  The ones that do this effectively will have a competitive advantage."

Risk assessment software is a key tool for businesses looking to prevent these issues from becoming a problem in the first place.

New standards were put into effect that clarified the troubled debt restructurings. A number of TDR disclosures related to credit quality and allowance for credit losses were made effective for the first time during this time frame. Additional disclosures about the items measured at fair value, namely more sensitive information, were also provided.

"New guidance clarifies which types of costs incurred by insurance companies can be capitalized (DAC) in the acquisition of new and renewal contracts," the report notes. "The FASB continues to re-debate issues on how financial instruments are classified and measured and is working with the IASB to come to a global answer for how to calculate credit losses at financial institutions."

It's crucial for corporations to keep up-to-date on any new standards within their industry so they can operate at maximum efficiency.

While the core of their job – providing independent assurance of function – remains unchanged, many internal auditors are now working more closely with businesses to make their reports more relevant to these companies. The news source cites internal audit's increasing focus on accessing the effectiveness of risk management processes as evidence of this.

"For many audit departments the use of analytic technology progresses from ad hoc testing of transactions in support of a given audit objective, through to automated control testing routines and then evolving to regularly scheduled continuous auditing. This increases the efficiency and effectiveness of the audit process and also provides timely identification of errors, fraud and control weaknesses," Business Finance Magazine notes.

Corporations may want to consider upgrading their internal audit software to keep up with the changing responsibility of the position if they want to maximize efficiency.

CLICK HERE to view the  GRC Cloud 6.0 Release Webinar

CLICK HERE to view the GRC Cloud 6.0 Release Webinar slide deck.

CLICK HERE to view the GRC Cloud 6.0 Release Notes.

GRC Cloud 6 introduces a new way for people to work together on your GRC program. The new configurable workflow engine enables you to completely and efficiently manage your Risk and Compliance processes.

Keeping track of the status of all work within your GRC programs through enhanced reporting. By introducing automated workflows to your GRC Cloud site you can solve many issues that trouble GRC professionals.

• Ensuring people know the work they are responsible to complete—and their deadlines—with automated messaging and outstanding task views.
• Achieving greater enterprise-wide buy-in by simplifying tasks and reducing training and oversight requirements.
• Ensuring people in the program follow the correct business processes
• Ensuring the proper hand offs happen at the right time.

GRC Cloud’s workflow builder enables you to build business processes where information is entered by different people in a pre-defined sequence. Each person’s view of the item is tailored to provide just the information they need at that time to complete their task. As each task is completed the next person in the workflow is alerted by e-mail they have work to do. The home page dashboard also advises each user of their current tasks. Other managers who need to know an item’s status can also receive customized alerts. For more details on the value workflow provides, please view our GRC Cloud Workflow Overview presentation.

CLICK HERE to view the  GRC Cloud 6.0 Release Webinar

CLICK HERE to view the GRC Cloud 6.0 Release Webinar slide deck.

CLICK HERE to view the GRC Cloud 6.0 Release Notes.

According to its 2012 Supplier Progress report, the company will be performing "rigorous audits" with a panel of independent experts in order to assess the working standards at suppliers, manufacturers and assemblers. If these working condition standards are not met, the iPod maker will cease relationships with the offender.

"We continue to expand our program to reach deeper into our supply base, and this year we also added more detailed and specialized audits to address safety and environmental concerns," the Apple report states.

Foxconn, a supplier of Apple products, was lambasted in late 2010 when 18 workers attempted suicide by jumping off the roof of its Taiwain factory because of poor working conditions. The incident gained international attention and spawned several documentaries critical of Apple and the other brands that were clients of Foxconn.

The new audit ostracizes the NYRA for not making changes outlined in two previous internal audits after the organization emerged from bankruptcy. If it weren't for the new Resorts World New York, the NYRA would have a deficit of nearly $20 million from its racing operations this year, nearly double from its $11.5 million deficit last year.

"NYRA may have even less incentive to be attentive to cost savings initiatives as its financial condition improves with the influx of VLT (video lottery terminal) revenues," the news source notes, citing the report. 2012 net revenue for 2012 is expected to increase by $48 million due to new gaming operations.

With many organizations looking to add new streams of revenue this year, its crucial they don't let other practices fall by the wayside. There are always ways to lose out on potential revenue so companies should make use of internal audit software to ensure they aren't letting anything slip through their fingers.

Carnival, the parent company of Costa Concordia, said the tragedy has forced the corporation to question its procedures, despite the safety record over the past few years. The review is being carried out by Captain James Hunn, a retired U.S. Navy Captain. The Health, Environment, Safety & Security Committee is also looking into new emergency response training and procedures.

"This tragedy has called into question our company's safety and emergency response procedures and practices," said Micky Arison, chairman and CEO of Carnival Corporation. "While I have every confidence in the safety of our vessels and the professionalism of our crews, this review will evaluate all practices and procedures to make sure that this kind of accident doesn't happen again."

Corporations should aim to conduct reviews and audits before crises happen to avoid them becoming issues in the first place.

For example, OmniTouch recently developed a wearable multitouch solution that can be broadcast and interacted with on any solid surface. Executives could display keyboards on an airplane tray table to write documents and emails or use the systems to take notes on pamphlets and material they are reading in their hands.

As the Internal Institute of Auditors explains, it's crucial that corporations develop policies to manage the use of new technology before they become potential risks.

"Is your organization taking advantage of the new technology to improve its products and services, the efficiency of business processes, and the quality of risk and performance information that drives business decisions?" the website asks. "Are your risk management and internal audit proactively engaged as advisors … to help pilot management?"

With the new year underway, this is the perfect time for corporations to reconsider risk indicators, governance and other critical policy matters.

According to the review, Catango Corporation, the owner and operator of the horse stable, owes the department upward of $100,000 in penalties for allowing unauthorized horses to stay for free. The audit, which examined the two-year period between July1, 2007 and June 30, 2009, found other violations were made as well.

"Among the horses that are allowed to stay at the stable for free are those owned by Ashley Nicoll-Holzer. Ms. Holzer is the wife of stable operator Rusty Holzer and a Canadian Olympic rider. Other horses, including those owned by Parks and those used for lessons, also stay for free," the Riverdale Press reports.

Rather than paying the penalties outright, the organization was allowed to make capital improvements, starting with the repaving of the parking lot and driveway leading to the Equestrian Center.

It's crucial that organizations take a look at their policies often to avoid getting themselves into potential legal trouble.

Should real-time trading be taken care of in-house, IID could save approximately $9 million per year. To hire a fulltime in-house staff that is able to achieve the same effect, it would cost only $810,000. Some of its contracts are currently handled by Coral Energy, a subsidiary of Shell Oil, the Imperial Valley Press reports.

"This is great," Matt Dessert, vice president of the IID board, told the news source. "It's going to create jobs in Imperial County that are now being outsourced to Coral, and it's going to save us at least $5 million (conservative total saving totals minus new expenses)."

At a time when many companies are focused on conserving money, internal audit software can be crucial to identifying trouble areas and potential savings.

Some firms are very incompetent, and PwC suggests they should be more innovative and agile when seeking out risk indicators. By updating archaic practices and integrating new technological solutions, they would be better able to identify potential risks to their well being, such as tsunamis or oil spills.

"The risk landscape is changing, and established risk management approaches need to be updated to keep pace," Richard Sykes, a partner at PwC's governance, risk and compliance division, told BDaily. "Many organizations currently have the wrong focus. They major on financial and operational risks and crucially regard risk and strategy as separate rather than seeing risk-taking as a key source of value creation."

Implementing new policies and updated technology, such as risk assessment software, is crucial to achieving up-to-date risk management processes.

Travel and resort fees were covered by AmeriBen/IEC Group, the organization which is in charge of processing employee benefit claims for the county. Every six months, administrators were offered travel for two people with free meals and three nights of lodging.

"The trio contended they didn't violate the county's gift policy because training was involved," the news source notes. "But auditors said the appearance of conflict with a vendor may be just as damaging to the county’s reputation as an actual conflict."

Among AmeriBen/IEC Group's other clients are several American-Indian tribes and the Tucson Unified School District.

Earning the trust of investors and other supporters is crucial, which makes gaffs such as this one potentially damaging. Internal audit software can help organizations identify these policy violations in advance.

In November, Olympus came clean after admitting it had used approximately $1.7 billion to cover losses made in the 90s and that the company's accounting practices were "not appropriate," making it one of the largest and longest-running corporate coverups in Japanese history.

Ernst & Young hasn't found any problems so far with the auditor's examination of accounts at Olympus. However, the organization was quick to note that its final report – which was scheduled for release in February – may be delayed even further due to the ongoing police investigation.

"The camera maker will decide whether to sue its corporate and accounting auditors by Jan. 17, the deadline for filing a lawsuit," Bloomberg Businessweek reports.

The lack of transparency has had a major impact on the corporation's stock, which plunged 59 percent last year as the scandal was first uncovered. This highlights the importance of transparency when dealing with accounting issues and using GRC software to prevent such issues from arising.

Financial Executives International recently released a new paper that touched on this subject, offering some advice for companies trying to stay ahead of the game. It's crucial that corporations understand and evaluate the facts of transactions, determine the boundaries and consider relevant accounting guidance.

"Having a robust process to make good accounting judgments is the responsibility of management," the paper notes. "However, that process should include steps to assess transactions to determine which are significant and warrant additional consideration compared to those that are more typical and are addressed through a company's routine internal control processes."

The modern business climate also requires corporations to be more observant of risk indicators, as they could quickly turn into major problems.

Unsurprisingly, many experts in the field are experimenting with altogether new strategies for measuring risk. Vikram Prandit, for example, recently suggested an alternative way for banks to better assess risk that involves having regulators create a benchmark portfolio that would require all financial institutions to measure against that.

"Institutions would be required to produce, on a quarterly basis for that benchmark portfolio, a hypothetical loan/loss reserve level, value at risk, stress-test results and risk-weighted assets," Prandit writes for the news source. "Right now these measures are run only against an institution’s actual portfolio and only a limited number of the results are disclosed."

Poor risk identification strategies can lead to the demise of a company, which is what happened to Wisconsin-based Legacy Bank. A recent report from the Federal Reserve suggests company practices were corrupt in a number of ways, from misleading customers to poor bookkeeping.

The audit suggests the party actually had tens of thousands of dollars less than it was supposed to. An amendment of the party's actual financial standings was submitted to the Federal Elections Commission and state Board of Elections.

"I'm glad we were able to recognize these discrepancies and resolve them quickly," he told the Providence Journal. "We worked swiftly and diligently to correct our reports. We can now move forward looking to the future of the party and Rhode Island."

Zaccaria attributes the mistake to human errors dating back to 2002 and insists the issues will be fixed moving forward. No money was illegally spent, he reasserts.

The discovery was announced during Zaccaria's first meeting as head of the state party. He was elected last December.

Conducting in-house reviews is crucial so that small errors don't go on to become larger mistakes. Internal audit software is a vital tool to discover bookkeeping mistakes.

The scathing review deemed the organization's oversight, internal controls and policy guidance by the institution's board of directors were critically deficient, the Milwaukee-Wisconsin Journal Sentinel reports. Legacy was heavily concentrated in commercial real estate loans, which proved to be a volatile and unprofitable market over the past few years as the economy collapsed.

For example, one bank executive hid the delinquent status of a loan from a customer in order to push for a renewal.

"Deficient oversight and weak internal controls were also evidenced by a lack of accurate financial information," the news source explains, citing the report. "Following the resignation of the bank's chief financial officer in September 2010, … numerous errors in the bank's financial information [were discovered], requiring regulatory report re-filings."

Because the economy is still on the mend, it's crucial that organizations pay special attention to risk indicators and develop plans to navigate these potential obstacles.

Speaking with CBC News, Mayor Dennis O'Keefe confirmed an internal audit had been launched in December after officials saw a rash of low-value purchase orders that couldn't be explained by the budget. No disciplinary action has been taken against employees yet, but the individual may be released if the investigation concludes the purchase orders were used for personal gain.

"They will conclude their investigation, I would hope, within the next two weeks so that we can get a resolution to this," O'Keefe told the news source. "Because we need to get a resolution to this, one way or the other, as quickly as possible."

Audited employees aren't always guilty, however. For example, a recent audit found Timothy Wanamaker, a city official of Alexandria, Virginia, was innocent of embezzlement claims.

Copetas was found to be in violation of federal law for providing students employed by the admissions department with scholarships. Additionally, she granted scholarships to a great-niece and great-nephew without citing her blatant conflict of interest and removing herself from the decision-making process, The Western Front reports.

The admissions director was fired by the educational institution three days before the internal audit was published. Copetas has since wrote a response letter to Eileen Coughlin, the vice president for enrollment and student services and Copetas' former supervisor, to dispute the decision, saying other schools in the state have taken less harsh action against larger offenders.

A recent audit elsewhere in the country found the Jefferson County Public Schools' administration was guilty of favoritism while hiring personnel. The audit suggested the school board be completely overhauled.

This mindset is a mistake, however, and auditors need to steer clear of making these assumptions. As Richard Chambers – the president and CEO of the Institute of Internal Auditors – explains, the market is constantly changing and what may have previously been a sound practice may quickly get a corporation into trouble during a new year.

"Following the risks seems so obvious to most internal auditors that it shouldn't even require a New Year's resolution to get it done," Chambers writes on his IIA blog. "Unfortunately, though, repeating last year's audits without considering this year's risks may not yield much value for our stakeholders."

It's crucial financial executives consider the risks their companies currently face when leveraging their internal audit software to assure they aren't committing any mistakes.

Speaking with PropertyCasualty360, the executive notes the importance of responsively identifying trends and emerging risks. East says that technology enables corporations to create, publish and distribute more data, facilitating the discovery of new trends. Conversely, however, it can also be overwhelming.

"The emerging generation of risk professionals is in many ways more connected and engaged in viewing risk management with a broad view and not narrowly limited by the purchase of insurance," he concludes. "This gives us the chance to pass the torch to a cohort prepared for the risks of the future."

Risk management software can help corporations master the tempo of 21st century business practices. Successfully leveraging these tools is key to achieving that mastery.

A state agency monitoring the Klamath County Mental Health Department found several deficiencies regarding billing after the organization was flagged due to non-licensed practitioners conducting patient evaluations. The Office of Payment Accuracy and Recovery was not pleased by the results and the department was forced to repay approximately $91,000 in non-compliant Medicaid bills.

To prevent the issue from reoccurring, Klamath County Mental Health Department has purchased an electronic health records system that will make the process of billing patients more fool-proof.

"The software won't allow us to bill out unless we've done everything correctly," Mental Health Department director Amanda Bunger told the website last week.

Companies looking to avoid compliance issues and ensure they are performing up to par should consider integrating audit software. These software solutions can lead to better results and help companies avoid paying penalties.

The report suggests the employees clocked in for 300 hours they didn't work and would then cover for each other when questioned. While the audit suggested they be fired, the three employees were only punished.

"The investigation was completed in mid-December, while the department already was coping with the departure of its eighth director in eight years, internal accusations of racial discrimination and reverse discrimination, and an ongoing probe of a house construction project that could leave the city on the hook to the federal government for $4.1 million," the Palm Beach Post reports.

Audits are crucial to determining how cities are performing and whether they are being operated properly. Internal audit software can help organizations identify potential problems and deal with them promptly.

The internal audit was performed as a part of normal business routines, KCBD reports. While the findings led to the resignation of Bruce, UMC officials refused to comment whether Bruce was the one embezzling funds or whether he was just a player involved with the process.

"In his position at marketing, [Bruce] had financial responsibility for advertisement, marketing, community support, a couple of departments like chaplain services, volunteer services, Seniors Are Special … several things reported to him," added Mark Funderburk, executive vice president of UMC.

By leveraging internal audit software, UMC was able to identify the embezzlement scheme before it was blown out of proportion. If the issue was left unchecked, it could have impacted the organization's relationship with the public taxpayers, who account for a significant amount of UMC's funding.

Skyworks Solutions originally brought the allegations to the table in connection with an arbitration proceeding in the Delaware Court of Chancery. AnalogicTech's accounting treatment of certain revenue for transactions conducted through the three-month period ending on June 30, 2011 was called into question.

"The Audit Committee, in consultation with independent outside legal counsel, has completed an internal investigation of these allegations, has found no improper conduct by AnalogicTech's officers, and has concluded that the company's accounting practices with respect to revenue recognition for the three months ended June 30, 2011 were appropriate in all respects," AnalogicTech said in a statement.

Internal audit software can be used to help confirm or deny any allegations made either by different sections in the company or through external business partners or clients.

Women's apparel retailer Talbots recently launched its own P-Card initiative, and to manage spending, the company is using audit software. Irene Connoly, a Talbots associate, told Pymnts.com that auditing the accounts will be crucial to ensuring the success of the program.

"We are now piloting some operational expenses that are high-volume, low-dollar. We’re going to pilot those and try to [learn] from that to figure out how to keep the control over… but they’re expenses because they are high-volume, low-dollar, and sometimes, they’re painful," Connoly explained. "We've got internal audit, accounts payable, procurement, IT, and now, the bank [involved.]"

Talbots has experienced a number of financial troubles over the past few years, so incorporating audit software may help the company get its accounts straightened out.

The biggest obstacle preventing better risk identification is the siloed approach that many financial institutions use, Bank Info Security explains. For example, different departments of an organization might be in charge of managing separate liabilities, such as credit, market and operational risk. However, there may be some overlap, which necessitates open communication between departments.

"You really have to communicate broadly throughout the organization," DeMarco told the news source. "Risk-management professionals need to be able to identify and assess risks and communicate those risks to business line managers up the corporate ladder so that risks are managed across the enterprise."

Communication, however, is only one part of the solution. Up-to-date risk assessment software may also help financial institutions ensure they are following any new regulations, such as the Dodd-Frank Act passed last year.

"We are very concerned about what it will mean for the liquidity of the market," Maria Pope, CFO at Portland General Electric, explained. "In terms of overall risk management, we are looking at how we manage the entire power supply operations area and doing extensive benchmarking with other utilities. We also have a fairly robust enterprise risk management program."

As a result, risk is becoming a focus point for many of these energy companies, with every key executive looking to identify and rate potential risks. Automated systems and risk management software are expected to become mainstays at utility providers if they don't already have systems in place.

Several major utility companies are already facing audits to determine whether they are complying with regulations. For example, National Grid recently missed the deadline of its audit, which does not bode well for the company.

Wanamaker was recently found guilty of embezzlement during his time at the city of Buffalo, New York, which prompted an internal audit after he was released from his position at Alexandria City Hall. The report, however, found that Wanamaker did not have the clout to collect funds as the deputy director of General Services at his new position.

"Wanamaker … pleaded guilty to a felony charge of stealing government funds from the city of Buffalo between 2004 and 2008 while serving in a variety of top posts," the Alexandria Times notes. "He tendered his resignation about 48 hours after revealing he had stolen roughly $30,000 in municipal and federal funds."

His position in Alexandria didn't involve traveling, unlike his post in Buffalo, which would have made it difficult to acquire funds.

Discovering corporate gaffs is paramount to running a successful organization. Internal audit software may put organizations in a better position to find these fiscal holes before they amount to a significant amount of lost money.

According to state controller John Chiang, the city's internal controls – or the lack thereof – could potentially lead to waste or malfeasance. The situation is so bad that Chiang compared Montebello to Bell, another California city that has become synonymous with corruption and mismanagement.

"While the roots of Montebello's problems are different from Bell's, they both share the common trouble of having little or, at times, no accountability in their spending of public dollars," Chiang told the news source.

Although no criminal wrongdoing was found, Chiang urges the city to revise its fiscal policies to get back on the right path. 

Not all American cities are struggling with management issues. For example, a recent audit suggests the Louisiana city of Slidell is operating with zero deficiencies.

The root of the problems stem to Rex Millsaps, a previous mayor of the city. There were several unapproved expenditures, an absence of written controls concerning transactions, assets and compliance, and just poor organizational measures in place while he held office from September 2006 to December 2010.

"This is the most important city operational event in the last 30 years," said City Councilman Tony Powell, who called for the report done by the Atlanta-based accounting firm Moore Stephens Tiller. "It goes to the heart of protecting the city's interest."

The audit tackled nine key areas of concern for the city, ranging from the construction of Lawrenceville's $10 million police station to $582,000 in paving and curb improvements. The city paid $20,000 for the review.

This instance further highlights the importance of conducting regular internal audits to prevent such gross mismanagement. By leveraging internal audit software, companies can more effectively avoid years of mismanagement and waste.

More than 80 senior-level auditors attended the seminar, including Sundaresan Rajeswar, a board member of the IIA, and Glenn Rhea, an account director at Qatar. Rajeswar spoke about a new program at the IIA that will help auditors discover risk indicators more effectively.

Meanwhile, Rhea spoke of the growing challenges facing the internal audit community, including new regulatory obligations that businesses need to address and the demand for more advanced GRC software.

"In addition, [Rhea] highlighted the need for greater collaboration between audit and compliance as part of the GRC lifecycle, in order to help meet some of these challenges more effectively and, ultimately, to improve risk assessment results," the news source recounts.

The Dodd-Frank Act, enacted in 2010 by President Barack Obama to prevent another economic collapse, is just one of the many new regulatory reforms businesses must contend with.

A letter sent prior to the holiday break requested the audit due to the lack of a master plan to oversee new renovations and redevelopment at the station, the Washington Times reports. Union Station Redevelopment was created nearly 30 years ago in 1982 and currently oversees Union Station's operations.

"We thought it was about time, frankly, with 90,000 people [daily] coming through the facility … and with huge changes under way," Delegate Eleanor Norton told the news source. "It's a gorgeous facility, and the federal government was right to put money into it. We better find out now if this corporation can support itself in the long term."

So far, the organization has done an effective job managing the site. In 2010, it had a total revenue of $10.3 million with total expenses of $6 million. It ended the fiscal year with total assets worth $33.9 million.

During a recent Globe Street webinar, the news source was consistently asked the same question by brokers: "I'm concerned my property may not pass Probably Maximum Loss Seismic Risk Assessments, which banks do not have a seismic policy?"

This means lenders without a seismic risk indicator policy may be taking on significant loss opportunities in the current economic climate.

"High risk properties are not screened out by Seismic PMLs," Globe Street notes. "And, more subtly, brokers know that they can take potentially more risky deals to these lenders."

Similarly, there are several other risk indicators that property lenders need to incorporate into their management policies if they don't want to end up on the wrong end of the deal. With foreclosures and land prices still at rock bottom, it's ideal to address these issues sooner rather than later.

According to Don Roose, president of U.S. Commodities in West Des Moines, Iowa, there are several potential developments that could affect American farmers. For example, the economic troubles in the European Union could lead to a further decline for feed products, which is a staple of Iowa produce. Land prices have also risen, which means agriculture firms may need to adjust their product prices upward.

"[Still,] we’ve taken a lot of the risk premium out of the market as world production has bounced back," Roose adds. Weather problems in South America may further fuel opportunities for American growers.

Agriculture manufacturers face other issues as well. For example, many government agencies have taken note of consumer demand for greater transparency in the production of goods, which is leading some growers to use few chemicals or genetically modified organisms.

The audit revealed a violation of the airport's original quitclaim deed in addition to mismanagement by the region's Airport Economic Development department. The county entered into a 25-year lease with Evergreen Maintenance Center in 1982. However, the travel center's quitclaim deed says it can't make exclusive deals for right of use.

"There is significant documentation to substantiate the FAA (Federal Aviation Administration) believes Pinal County has violated these deed restrictions," the Office of Internal Audit report states.

"We are (short) some lease money; we are taking steps to rectify the situation, and I am hopeful that Evergreen will recognize the strength of the lease agreement and will make it right," Pinal County District 3 supervisor David Snider told the news source.

For businesses, internal audit software can help discover mismanagement in advance before it has the chance to significantly affect the bottom line.

"If the world is a riskier place than you thought, then you hold more of the lower risk asset, which turned out was Treasuries. Clearly the low level of yields we are looking at is a form of risk aversion," Fisher explains. "The high bond prices/low yields reflect a lot of investors' anxiety about the world and they want to hold a lower-risk asset."

Fisher was also supportive Dodd-Frank directive as it will get more over-the-counter interest rate producing into clearinghouses. This move may push interest rate products into new structures that are better able to adjust to the current economic climate.

Risk management has become even more crucial as corporate treasurers strive to take on higher yields. A new survey from JP Morgan Asset Management suggests new treasurer strategies may be significantly more risky as they look to improve the results of their companies.

State law dictates that all governments must audit their finances on a yearly basis to ensure there are no discrepancies. Fortunately, Slidell's leaders had little to worry about, as the audit – performed by accountant Jim Tonglet and his firm – found nothing wrong.

"Our report found no deficiencies," Tonglet told the city council. "You have been good stewards of the city’s resources … The bleeding has stopped."

As the news source notes, the city's tax revenue had been slipping after Hurricane Katrina and the 2008 economic recession, but the government has managed to get its financials straightened out over the past year. To date, Slidell has more than $150 million in assets to deal with.

Internal audit software can help organizations better identify potential risk issues and prevent major losses from happening in the first place.

The pair of audits, which were filed with the Peoria County Supervisor of Assessment's Office, uncovered $848,000 worth of losses last year and $678,000 in 2009. The leak also cost $400,000 in 2008 and 2007. Clifton Gunderson, one of the accounting firms, seriously doubts the ability of the team to recover from the losses.

Club management, however, remains optimistic. President Rocky Vonachen told press the team would be financially stable in years to come, explaining the losses were only natural given the weak national economy. Speaking with the Peoria Journal-Star, Vonachen noted next season marks the 10th anniversary of the new stadium, which should bring higher attendance.

In the down economy, organizations should always be leveraging internal audit software to identify risk indicators and prevent these losses from occurring.

The 70-page report, conducted by two outside experts over the course of the summer, notes that several administrators were being overpaid based on current marketplace values, in addition to the hiring fiascoes.

"We see this report as a start of a conversation that the superintendent will need to have with the school board and the community in Jefferson County about the future of the central-office staffing," said the report’s co-author, Fenwick English, a professor of educational leadership at the University of North Carolina at Chapel Hill.

Overall, the report suggests recasting 31 positions throughout the JCPS board to lend better support to the 155 schools in the region. Auditors also found an additional five jobs that were unnecessary.

Whether it's a school or a major corporation, conducting internal audits can help find wasteful practices before they become a greater issue. Organizations should consider upgrading their internal audit software to prevent any deficiencies.

The first measure is risk-based capital and leverage requirements, which would be implemented in two phases. Phase one requires firms to develop annual capital plans, conduct stress tests and maintain adequate capital. The second would implement a risk-based capital surcharge based on the framework and methodology developed by the Basel Committee on Banking Supervision.

Additionally, the liquidity requirements "would be implemented in multiple phases. First, institutions would be subject to qualitative liquidity risk-management standards generally based on the interagency liquidity risk-management guidance issued in March 2010," the organization noted. These standards would require companies to conduct internal liquidity stress tests and set internal quantitative limits to manage liquidity risk."

The Federal Reserve has implemented a number of policy changes over the course of the year to modify regulatory practices since the passing of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Three-quarters of respondents (75.62 percent) said the plan to keep employment level over the next 12 months, while 16.34 percent intend to ramp up new hiring significantly over the same time period. Overall, only 6.65 percent of companies believe they will cut back on their existing workforces.

"The results come on the tail end of a positive year for privately held businesses, which saw average sales growth of over 6 percent, an increase from 4.5 percent in 2010, and -5 percent in 2009. Similarly, private businesses’ average net profit margin is at a 10-year high of 6.4 percent in 2011, after hitting a low of 4.2 percent in 2009, and climbing to just over 5 percent in 2010," the news source added.

With corporations hiring more accountants, it's equally crucial they upgrade their internal audit software, as it will help their larger workforce perform their jobs more efficiently.

However, as CreditUnionTimes suggests, quality of risk assessment is a crucial component. Inadequate procedures could prevent an organization from crafting an effective security and technology strategy, leading to potential losses.

"Overall risk to the organization/entity is the sum of all of the risks described in their risk catalog which represents the portfolio of relevant risks. Following this process can help your organization to build appropriate controls," the news source notes.

Organizations should develop a threat catalog that describes applicable risks and then determine the relevance as well as each impact a threat could have. Any vulnerabilities and inherent risks should be addressed in advance as well.

A disciplined approach will help companies discover risk indicators in advance, enabling them to avoid any potential threats before they become a serious problem.

Such a change could dramatically impact the relationship between external and internal auditors, how external auditors collaborate with internal auditors to maximize efficiency and how audits are generally planned and performed, the IIA argues. IIA president and CEO Richard F. Chambers also cited research conducted by the group, which suggested most auditors disagree with the proposal.

"It's not clear whether mandatory audit firm rotation will enhance auditor independence, objectivity and professional skepticism when considering the cost/benefit trade-offs," he explained.

Other disadvantages of a mandatory rotation include increased costs to the company, loss of knowledge during the transition and erosion of overall audit quality.

Despite what changes may happen regarding external audit firms, corporations should continue to use updated internal audit software to produce the most accurate reports.

The CVB board stopped its audit early on Monday evening as not all members had copies of the report. Audits for fiscal years 2009 and 2010 are now complete, while the 2011 report is still in progress. So far, Treasurer Bart Wise has discovered $19,700 in undocumented expenses – $14,000 of which had no receipts and another $5,700 which had no receipts or explanation of expenditures.

The majority of expenses came from previous executive director James Tsismanakis, who used funds for credit card purchases. Wise has implemented changes to prevent this from happening again in the future, explaining expenditures are now paid primarily with checks.

The Columbus, Mississippi Dispatch notes the board discussion was ripe with animosity between the various members, who were upset with the missing money.

Internal audit software, when used often, can help avoid situations such as these, enabling companies to find misappropriated funds before they can build up.

Richard Chambers, the president and CEO of the IIA and a member of several other accounting groups, admits that sometimes audits should be made public. For example, government auditors are necessary to maintain public trust in federal institutions.

However, when audits become public, it puts increased pressure on the corporation being inspected. Chambers recounts several occasions when he was asked not to look at specific areas because the company in question knew there were several problems but didn't want them appearing on public record.

"I recognize that internal auditors are often champions for transparency, but I believe that if our reports were distributed widely to stockholders, the press and other outside parties, over time our relationships with management might erode and our ability to add value would diminish," he explained.

This highlights both the importance of external and internal audits. To keep track of such deficiencies, it's crucial that companies use internal audit software.

BCG surveyed a number of advisers from big-name financial institutions in response to an SEC study that looked at three options for improving investment advisor examinations. One of the suggested proposals was the establishment of a self-regulatory organization that would examine all SEC-registered investment advisers.

"Among its key findings, Boston Consulting concluded that funding an enhanced SEC oversight program would cost $240 million to $270 million a year, while a FINRA SRO would cost $550 million to $610 million, and an entirely new SRO would cost $610 million to $670 million per year," Financial Planning reports, citing the BCG research.

Protecting investors has traditionally been a key goal of financial advisers, and the SEC proposal would further see that objective is carried out.

The deposit theft was the most egregious of the findings. Two employees at Kiroli Park were forging fake receipts and cashing checks for lodge rentals for themselves. Nearly $60,000 was taken from customers who were looking to rent the lodge or other picnic areas around the park.

"This had been ongoing for a period of time longer than the fiscal year ending June, 30, 2011," the news source states, quoting the report. The employees were terminated and arrested for felony theft in January 2011.

The report also noted deficiencies involving the handling of cash from customers at locations outside of town, such as the local recreation center and the convention center.

Better internal audit software may have helped the state department find the employees stealing the $60,000 much quicker instead of taking nearly a year. Given the rocky economy, finding these deficiencies in advance can be crucial for corporations.

Take, for example, Raymond James Financial – the firm had a client running a Ponzi scheme. After the situation was discovered and the client was brought to court, advisers from the firm faced fines for not reporting the instance and public rebuke.

Traditionally, financial advisers weren't always called upon to uncover fraudulent activities – sanctions were infrequently levied against the financial firms behind the offender. However, the passing of the USA Patriot Act, Bank Secrecy Act and other regulations has placed a greater emphasis on watchdog duties over the past two years.

"This is part of the maturing of anti-money laundering regulation," added Aaron Fox, managing director of IPSA International.

GRC software can help advisers better identify potentially fraudulent activities, enabling them to avoid any legal or brand repercussions.

According to the source, it may be a mistake to ignore KRIs and the outcomes of these processes. Current models produce a value-at-risk figure that doesn't bear much connection to the companies it is supposed to be applicable to. They just know to avoid having large losses that could affect that number.

"This is different to market and credit risk models. In market risk, for example, if an exposure to a particular instrument or market is deemed higher than management wants it to be, traders will hedge the position away or simply reduce it by selling assets," the news source suggests.

When developing a risk identification policy, it's crucial to consider a variety of factors. The most effective way to manage risk is by knowing how these different elements may affect the bottom line.

The Hollywood company was in the process of preparing for its upcoming initial public offering when recently appointed CEO Paul Byles suggested getting an audit from a third-party company, Squar, Milner, Peterson, Miranda & Williamson. Byles had worked with the firm before and opted to go with it instead of a local auditor because of his past experience.

However, Square Milner came to the conclusion that Hollywood Studios International had been mismanaged over the past two years, with several bookkeeping procedures drawing red flags from the firm. As a result, Byles pulled out from the company and withheld his future investments until the mismanagement issues were addressed.

After hearing the results, Hollywood Studios International claims it was set-up, and the audit was done improperly. If Hollywood Studios International had used internal audit software for risk identification, the whole situation may have been nipped in the bud.

Internal audit budgets and resources allocated to conducting them are beginning to stabilize after years of fighting for resources to accurate monitor processes and procedures, GovInfoSecurity notes. In 2012, many internal audit organizations will also be able to staff up for the first time in several years.

With more budget devoted to audits, the report suggests that strategic risks will be the new critical priority.

"Studies show that strategic risks present the greatest threats to shareholder value, an area that internal auditors frequently overlook," the news source explains. "Only 57 percent include strategic risk assessments in their annual risk assessment."

Additionally, more than half of internal audit groups said risk identification will see renewed attention. Perhaps with greater budgets, these departments should upgrade their internal audit software to better evaluate their corporations.

Auxiliary services include vending machines, copy and print services, culinary and hospital facilities as well as parking and transportation. KSU vice president of operations Dr. Randy Hinds took his position at the end of 2010 and asked for an audit to be conducted due to what he perceived to be as "loose protocols."

"The University’s K-Cash program allows KSU faculty, staff and students to access nine terminal locations throughout the campus where they can deposit money into machines to create fund balances on their KSU ID cards," the report states. "Eight machines accept cash only, and one machine accepts both cash and credit card deposits."

Internal audit software can help companies determine where they are losing revenue, which is especially crucial considering the turbulent economic situation.

Debbie Fletcher, a principal at Deloitte, explains that federal leaders have traditionally faced and managed risks. These challenges have become more complex and frequent as of late, however, and the future is less predictable. In response, they need risk management strategies that are more suitable to the economic climate.

"Leaders will want a more thoughtful and systematic approach of risk and how these risks could impact accomplishing critical mission objectives. Agencies and programs that can more clearly connect their budget requests with risk will do better as they face these looming budget cuts," she added.

According to a recent survey from JP Morgan, treasurers are growing less risk-adverse. They want to generate revenues, and they are willing to do more to achieve this goal, highlighting the need for better risk management. 

The audit analyzed the school year that ended June 30, with auditing firm Yeo & Yeo finding eight cases of material weakness. After observing the report, the school district says it agrees with the findings. Now, it plans to fix all the instances except one. This is the first time the school district was notified for improper accounting practices, says superintendent Linda Thompson.

"Some of these practices we did not realize were not good practices," Thompson told the news source, explaining that she was just following the procedures put in place by those who served before her. "That was practice long before me … You follow what the people before you did."

David Martell, executive director of Michigan School Business Officials, notes that eight material weaknesses in one audit is a surprisingly large discrepancy.

Many Michigan schools are finding ways to cut expenses where possible, and the newly-discovered deficits certainly won't help the district. This further highlights the importance of internal audit software.

Users get frustrated at having to look through all sorts of features and information that don’t apply to the task in hand. Some people, particularly infrequent users, can feel like they are being forced to play some cruel game of Where’s Waldo? when they look at an unfamiliar and cluttered interface.

In GRC Cloud we have worked hard to minimize this issue by making each field configurable for any user role, setting it as editable, read only or hiding it completely from view. In our new Workflow concept we have gone one step further.

In Workflow, a user may work on an item in more than one step – or state – of a workflow. In each state he or she may be required to complete different information and read different information that has been provided. In fact they may be required to attach evidence in the form of an external file in one state, but need to be prevented from doing so in another.

GRC Cloud’s Workflow Builder enables you to manage not only what a user can see or change, but when the user can see or change it. This enables your users to complete their work more quickly, as they do not have to search for the relevant information and wonder whether they are doing the right work at the right point of the business process.

For administrators, by simplifying the interface not only do you have happier users (and thus more buy-in to the program), you can also train people more quickly on what they need to do and when and you get fewer questions from people once they start their work.

We believe that workflow is all about providing the right information to the right people at the right time. The easier it is for people to work in your GRC program, the more enthusiastically it is adopted and the better input you will receive
This begs some questions.

• If you could expand the reach of your governance, risk or compliance program without increasing your training budget or administrative workload, would you do so?
• Could you ask people to assess more risks or evaluate more controls if they could do the work more quickly?
• Would you invite more people to participate if you knew your process and software design was intuitive and those additional people would provide valuable insights?
• Wouldn’t this make your company a more effective GRC organization?

By the way, the new workflow capability is introduced in GRC Cloud 6 which is being launched in January.

"Risk can never be entirely eliminated, but using risk assessments as part of an enterprise-wide risk management strategy will help credit unions continue to provide meaningful products and services to members while including necessary safeguards to protect the credit union," Davidson said at the CUES Directors Conference, the Credit Union Times reports.

The growing number of regulatory requirements – such as the Federal Financial Institutions Examination Council's new online authentication guidance – are increasingly making everyday operations at credit unions more complex. Better risk assessment processes will go a long way to ensuring companies aren't putting their earnings in danger.

As both entrepreneurs and consumers grow tired of new fees levied by traditional financial institutions, credit unions are becoming more popular and are increasingly managing more money. A number of credit unions saw an influx of tens of thousands of members in October after several banks launched debit card usage fees.

Given the growing importance of risk management, it's crucial that companies conduct effective risk assessments and have the right tools to do so.

According to a JP Morgan survey of 487 treasurers worldwide, risk appetite has continued to grow. This is despite the growing European economic crisis and the soft recovery of the U.S. economy.

Although surplus cash levels are at historic highs and still growing, the desire for return on investment is increasing even faster. Return on investment is now the key indicator of financial success, respondents said, up 48 percent in 2010 to 64 percent this year.

"At the same time, risk management is now the third most important issue for treasurers, moving up from fifth in 2010," the news source notes. "When selecting a primary bank, treasurers are now more focused on the financial strength of an institution rather than the importance of relationship management – down from 62 percent in 2010 to 50 percent this year."

When corporations are striving to achieve ROI so heartily, risk assessment software may help them avoid any potentially disastrous scenarios. 

The frauds ranged from misstatements of revenue to straight theft of inventory or cash. The survey was conducted by Certified General Accountants Association of Canada (CGA).
The top 6 fraud risks in order of decreasing frequency were identified as:

1. Misappropriation of inventory or assets
2. Misappropriation of cash
3. Misrepresentation of employment credentials, internal or external documents
4. Corruption
5. Theft of proprietary information and intellectual property
6. Assets/Revenue overstatement or understatement

So why are companies so vulnerable? “80% [of companies surveyed] aren’t prepared to deal with fraud in the workplace, the CGA says, and almost 60 per cent don’t go through regular assessments of how at risk they are to fraud.”

BPS Resolver’s risk assessment software systems are used to identify and assess enterprise risks including fraud by 8 of the top 10 global accounting firms(1) and by hundreds of the world’s best managed companies, large and small. Call today and ask us about our pre-packaged Fraud Risk Assessments.

Source & Quotes from: http://www.cbc.ca/news/business/story/2011/12/06/cga-fraud-report.html

(1)- Top 10 ranking from 2010 publication Accounting Today Top 100 Firms

The Tax Administration recently reviewed whether IRS examiners were following the guidelines they were supposed to as they reviewed the tax returns belonging to small-time corporations that owned less than $10 million in assets, Accounting Today reports. As the news source notes, these organizations typically have shareholders that are very involved with management of day-to-day transactions, which could lead to improperly organized financial operations.

"However, when TIGTA reviewed a nonstatistical sample of 51 closed corporate audits, it found potential quality concerns in 19 of them," Accounting Today added. "For example, IRS examiners did not always document the steps taken to investigate significant differences between the labor costs deducted in the corporate return and the amounts reflected on employment tax returns filed with the IRS."

If the IRS intends to become stricter with its auditing procedures, small corporations should consider integrating internal audit software to avoid costly run-ins with the agency.

Structural shifts in supply and demand are expected to keep commodity prices unpredictable. Short- and long-term commodity risk management strategies are seen as being the key to riding out the volatile price market.

"Companies need to set up a formal commodity risk management program," says report co-author and partner at Oliver Wyman's Global Risk & Trading consulting practice Alex Wittenberg. "The impact of volatile commodity prices can no longer be managed within a single function as a cost or procurement issue if companies are to respond successfully to these long-term trends."

Given the rocky economy, proper risk management has become especially important – one wrong step could have a detrimental impact on businesses. By leveraging risk and compliance software, companies can establish programs that will help them avoid these scenarios.

Please join us for an informative webinar presentation to help you prepare, set, and use Risk Tolerances in your Credit Union. Our speakers will overview guidance from the DICO web site (posted in September 2011), and will provide examples on how Risk Tolerances work, and how to use them.

Click here to register now.

Webinar Details

Presenter Information

Click here to Register

Vote with PC, MAC, iPhone, iPad and Blackberry

Grant Thornton LLP and Directors Global™ would like to invite you to an exclusive presentation on Wednesday, November 16, 2011 on the topic of Enterprise Risk Management. Register now!

Setting and using corporate risk tolerance—engaging your board and executive team is the first in a series designed to provide executives and directors with the necessary tools to implement best practice risk strategies. The series will also provide solutions on how to mitigate corporate risks and offer insights into improving board governance practices.

Registration is complimentary but space is limited. To register and for more information, please visit our event page.

The following positions are effective immediately:

• Malissa Lundgren, VP, Product, GRC Cloud
• Joe Crampton, VP, Product, Ballot & Survey
• David Pinder, VP, Services and Support

BPS Resolver, a leading GRC solution provider, is reorganizing to better fulfill the demands of current and future customers. A key element of this strategy is the appointment of “product owners” who are mandated to drive product strategy and execution across sales, development, professional services and support. With full management of each product line’s P&L, they will lead cross functional teams that manage the product roadmap, support sales and delivery and coordinate effort across company departments.

Steve Taylor said of these appointments “We have been considering for some time how to better meet changing customer needs and a dynamic business environment. Under this structure we will unleash the entrepreneurial spirit of these highly motivated individuals and give them the tools and resources they need to deliver the features and benefits demanded by our customers, while identifying new markets that will continue to propel BPS Resolver’s business.”

Malissa Lundgren joined Resolver Inc. in 2004 and has held a number of diverse positions and taken on growing responsibility during her career with the company. These roles have included marketing, product management and most recently, Director of Solutions Consulting. In this role Malissa lead professional services and was instrumental in building out a department that designs and implements tailored solutions for customers. Prior to her BPS Resolver career, Malissa co-founded a company focused in mobile workforce solutions.

Joe Crampton joined Resolver Inc in 2006 and quickly demonstrated an ability to help clients achieve project objectives and to innovate alternative benefits of the company’s products. Joe was promoted to Senior Solution Manager where he managed large software implementations across North America and around the world. Following the merger of Resolver and BPS, Joe was appointed Director of Product Research and Marketing working closely with analysts, customers and management to help set product strategy and determine market opportunities while also acting as internal product evangelist. Joe has an honours degree in Human Computer Interaction, a combination of psychology and computer science, and continuously applies that perspective to the design and development of BPS Resolver’s software solutions.

David Pinder leads the professional services group at BPS Resolver, which provides training, custom development and implementation support. Dave has a wealth of experience managing enterprise level software implementations for large financial institutions, having worked on multi-million dollar, multi-year rollouts of solutions in both the compliance and audit universes, leading talented development and services teams. Dave joined BPS Inc. in 2004 and, as Director of Solution Delivery, has been responsible for the entire project life cycle, from gathering and documenting initial requirements and timeframes through delivering the final solution and obtaining client signoff and acceptance.

Dave’s mandate is now being extended to encompass ownership of the GRC Enterprise product line.

The company is currently finalizing transition plans to ensure smooth handover to other members of the BPS Resolver team where required. The new positions report to James Patterson, Chief Operating Officer.

About BPS Resolver:

BPS Resolver products are purchased by companies that have material exposure to failures in legislative compliance, shareholder assurance and long term sustainability. BPS Resolver makes it simple for companies to effectively mobilize their people to address issues proactively and to demonstrate and document these efforts to third parties. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt and easy to use solutions. We proudly support over 300 companies in over 100 countries, with an approach that achieves the objectives of hundreds of risk management, audit and compliance groups, involving thousands of users. BPS Resolver applications were included in Gartner Inc.’s 2010 and 2011 Magic Quadrant for Enterprise GRC Platforms.

Contact:

For more information, please contact Steve Taylor, CEO at steve.taylor@bpsresolver.com or 416-622-2299.

Effective immediately, James Patterson is promoted to the role of Chief Operating Officer. In this position James will take on overall responsibility for the business’ operations with the heads of sales, client services, finance, product management and technology reporting to him.

Mike Wertman has been promoted to Chief Technical Officer, the position previously held by James. In his new role, Mike is responsible for technical strategy, software development, quality assurance, technical support, hosted infrastructure management and internal IT.

James Patterson has over 15 years experience developing advanced enterprise web applications and managing businesses. James’ career has included technology leadership roles across a variety of industries including oil and gas and hospitality. After several years with Accenture working in projects in Canada, the US and the UK, James exhibited his entrepreneurial spirit, co-founding a web retail business that he eventually sold to his partner. James joined Resolver Inc. in early 2004 and has held many development and technology related positions and increasing corporate management responsibility before formally transitioning into the new role. James holds a Bachelor of Commerce degree with an Information Systems major from McGill University.

Mike Wertman has more than ten years of experience developing and architecting enterprise software. Mike joined BPS as a senior software developer in 2004. He has held multiple development and technology related positions spanning all of BPS Resolver’s GRC product portfolio. Most recently, Mike has been serving as Chief Architect with a technical mandate across the product lines. Mike holds a Bachelor of Science degree in Computing and Information Sciences from the University Guelph.

Steve Taylor, CEO, continues in his role architecting corporate strategy and strategic relationships. Steve Taylor said of the appointments: “This is an exciting time for BPS Resolver. James has been continually expanding his responsibility within our company and has impressed me—and the board—with his business insight and drive to take the company to the next level. Meanwhile Mike has a track record of technical innovation and process improvement that will enable our development operation to meet the challenges ahead in this competitive arena.”

About BPS Resolver:

BPS Resolver products are purchased by companies that have material exposure to failures in legislative compliance, shareholder assurance and long term sustainability. BPS Resolver makes it simple for companies to effectively mobilize their people to address issues proactively and to demonstrate and document these efforts to third parties. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt and easy to use solutions. We proudly support over 300 top brand companies in over 100 countries, with an approach that achieves the objectives of hundreds of risk management, audit and compliance groups, involving thousands of users. BPS Resolver applications were included in Gartner Inc.’s 2010 and 2011 Magic Quadrant for Enterprise GRC Platforms.

Contact: For more information, please contact Steve Taylor, CEO at steve.taylor@bpsresolver.com or 416-622-2299.

Bangor Hydro will document regulatory requirements and its associated procedures in GRC Cloud and use the software to track any necessary compliance activities.

Bangor Hydro reviewed several vendors before purchasing and recognized BPS Resolver’s deep experience in NERC compliance from working with utilities across the United States and Canada. Bangor Hydro will be supported by BPS Resolver’s solutions consulting team in implementing the software and structuring all the compliance information in a manner specifically suited to their needs.

Bangor Hydro will use GRC Cloud on its Software-as-a-Service (SaaS) platform where BPS Resolver and its hosting partner maintain the application, databases and servers, apply upgrades and ensure maximum uptime.

Air Canada, Canada’s largest airline, has recently adopted GRC Cloud from BPS Resolver as its repository and reporting software for internal controls over financial reporting.

Although National Instrument 52-109 (the Canadian equivalent of Sarbanes-Oxley section 404) has been in effect for several years, many companies are still seeking the most efficient way to carry out their annual assessments and the most effective way to surface issues and implement improvements to their financial reporting controls.

Air Canada recently adopted GRC Cloud to consolidate and streamline their approach to managing internal controls and to provide a consolidated view of processes, risks, and controls to the organization.

BPS Resolver Inc, leading Canadian provider of ERM software solutions and Directors Global, experienced ERM consultants have collaborated to provide Ontario Class 2 credit unions with an efficient and cost effective approach to meeting DICO’s Enterprise Risk Management (ERM) requirements.

This high quality but low cost solution enables Credit Unions to self-develop, implement, and self-manage their ERM programs. Directors Global consultants will guide participating credit unions through a specifically designed process, based on our in deep understanding of DICO’s objectives and documentation. Credit union staff will record all necessary information and carry out their work on BPS Resolver’s easy to use and secure web-based risk management application, GRC Cloud, avoiding inefficient and unsecure spreadsheet approaches.

This package of expertise, workshops and software will enable any credit union to manage risk more effectively and meet DICO’s requirements efficiently in an affordable package. In addition, participation in the program enables credit unions to share their knowledge and experience with each other by working in a common approach and a common platform.

For further information please check out Enterprise Risk Management for Ontario Credit Unions or view our ERM for Ontario Credit Unions Webinar.

So why is it so effective?

At its simplest, BPS Resolver Ballot is voting software. (Think in terms of the Ask the Audience lifeline in Who Wants to be a Millionaire.) Risk managers ask a group of managers to rate the likelihood and impact of potential risks on a sliding scale using keypads.

As part of our product research, from time to time I sit in on customer risk workshops and training sessions. I once attended a risk assessment technique training session at one of the major risk management professional services firms. The program was for new consultants and was given by a long time user and advocate of Ballot at that firm. As he knew I was in the room I think he was being tongue in cheek when he told the new recruits that the risk assessment software had nothing to do with making risk assessment workshops effective. But he did have a serious point.

If you only want to gather opinions from a group, Ballot is certainly an efficient way to capture information quickly and an interactive and engaging approach for participants. But just because it is quick and fun, does not mean that you get better answers. BPS Resolver Ballot is truly effective when it is used to reach conclusions based on a collaborative, consensus-building process. If you are just using it to collect votes you are missing out on this powerful methodology.

Here is how the approach works. The first thing to understand is that the voting is anonymous. Therefore people give their views on likelihood or impact of a risk without concern they are going to be identified and directly criticized by a dominant personality or a more senior manager in the group.

So far, so good, as all views are represented in the voting. But if you just accept the majority vote and move on, you still have nothing more than an efficient system. Voting results are now used to kick-start a discussion. The facilitator uses the spread analysis (see the screen image of the voting results) to see if there are marked differences of opinion represented in the voting and, if so, starts probing the participants. As the votes were anonymous, she has to seek out a volunteer to represent one of the points of view and explain how their experience led to that view. She then seeks out someone to represent the opposing viewpoint. However, during this discussion she gives everyone in the room an opportunity to chip in and build on opinions expressed. As a result, people often hear a new take on a subject from people with different experience from their own.

OK, so how does the anonymity of the voting translate into a truly open discussion that avoids the risk of strong personalities or senior individuals dominating the discussion? Well, as all participants have seen the votes, they know that there is range of opinions in the room. A person who holds a less popular viewpoint will typically see that he or she is not the only one to do so and therefore is emboldened to share that view, knowing someone in the room will back them up. However, sometimes there is only one “outlier” who may not feel comfortable expressing that view and so the facilitator uses techniques to get other people to be “devil’s advocate” and represent those views. I won’t get into the details of these techniques here, but the end result is typically a healthy banter, that enables all participants, including the senior voices and strong personalities to hear differing points of view. This airing of diverse opinions and perspectives must take place to avoid “Groupthink”.

When the subject has been more fully discussed, the facilitator puts the question to a re-vote and typically one of two things happen. Either the re-vote doesn’t change the overall result but provides a lot more consensus, or the original minority view has persuaded the other participants to reconsider their views on the issue.

Either of these outcomes is valuable. Obviously if discussion and consideration have led the team to come to a conclusion they would have otherwise not made this is hugely valuable, preventing the company from making potentially expensive mistakes in under-controlling or over-controlling a risk. However, there is also value in achieving greater consensus. After the workshop has finished there may be mitigations to be put in place. These are more likely to be effectively resourced, prioritized and acted upon when all the people responsible feel they were part of the decision-making process that identified the actions to be done. At a minimum, participants leave the room with a representative understanding of the varying perspectives in the company, an effect which does not occur when the most senior or loudest voices in the room dictate the discussion’s tone.

So BPS Resolver Ballot risk assessment softwareimproves the efficiency of a workshop for sure, but better risk management decisions emerge when the technology is combined with training in the methodology and skills to bring ideas and opinions out of people. Together they are the cornerstone of probably the most effective way to assess business risks.

In response to the findings, Steve Taylor, CEO of BPS Resolver said “we live in an increasingly collaborative world where more stakeholders are involved, which makes decisions more difficult. Consensus-based cultures need to adopt tools and best practices to ensure they get the benefits of collaboration, but without getting bogged down by the process”. Phil Obendorf, EVP of Sales added “The survey results reflect our own experience running hundreds of assessment workshops for customers, which is that BPS Resolver Ballot lets you make better decisions in less time that you thought possible and in a process that participants enjoy!”

BPS Resolver Ballot is a voting application in which workshop participants use keypads to vote on questions and then review the results in order to stimulate discussion and make better decisions. The anonymous voting approach encourages candor, counterbalancing the influences of strong personalities in the meeting room. Facilitators use a variety of approaches to bring out the reasoning behind all sides of a debate, before putting the issue back to voting again. The end result is a set of decisions that have undergone more rigor, are of better quality and have greater buy-in by the group and therefore an increased opportunity to be successfully acted upon.

About BPS Resolver

BPS Resolver’s solutions make it simple for companies to proactively identify and address governance, risk and compliance (GRC) issues and to demonstrate these efforts to third parties. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt and easy to use solutions. Over the past 12 years we have supported 500 companies in over 100 countries in achieving the objectives of hundreds of risk management, audit and compliance groups, involving thousands of users. BPS Resolver applications are included in Gartner Inc.’s Magic Quadrant for Enterprise GRC Platforms.

For further information

Phil Obendorf Executive VP,
Sales, BPS Resolver Inc.
+1 (416) 622-2299 ext 435
phil.obendorf@bpsresolver.com

Our product team recently ran a customer satisfaction survey on Resolver*Ballot, our decision support software.  While we have always been proud of this software, we were frankly a bit blown away by the results. Here are some key findings:

Does Resolver Ballot help your company make decisions more quickly?

-          An astounding 83% agreed and only 3% disagreed.

Does Resolver Ballot help your company make better decisions?

-          73% said they agreed! Only 1% disagreed.

So at the intersection of these two questions our customers are saying that our software helps them make better decisions and make them more quickly.

Today we live in increasingly collaborative world where more stakeholders are involved and which makes decisions more difficult.  Consensus-based cultures need to adopt tools and best practices to ensure they get the benefits of collaboration, without getting bogged down by this same process.

Resolver Ballot, according to our partners and customers, is clearly an important piece of this puzzle!

Some of the other folks here at BPS Resolver will blog more on the results in the coming days.

Say what?

By posing a series of logical questions to a group, Resolver*Ballot creates a visual depiction of patterns of influence that show how one risk event increases the likelihood or impact of another. This picture is generated in real-time in a risk workshop, and can be done together with—or independently  from—the anonymous assessment.  The result is a map of interconnected risks with ratings of the impact on the organization.

Wow!

Here’s an example. The screen image below shows the impact that a new acquisition may have on an organization.  As a risk manager, you may or may not have visibility on M&A activity, but this visual representation helps us understand the sequence of risks that are more likely to come about if that event occurs.

Studies in psychology indicate that people are naturally good at seeing one or two levels of influence, but how many of us would look at an acquisition and immediately think of inadequate IT security (#4) and the increased probability of IP theft (#9)?

Now take the same picture and simply overlay the impact vote from a regular risk assessment workshop and you get something even cooler.

From the color coding (green is low impact, yellow is medium and red is high), you can see that according to the group’s votes, the acquisition risk (#7) is ranked as a medium impact risk. But seeing the risks in this view, it prompts us at least to reconsider #7 as a high impact risk, since it leads to an increase in probability for many other risks including, in this case, a high impact risk (#9). (F0r the same reason, risks #4 and #5 should also be considered for upgrading to high impact.

With this information in hand, a good risk manager who goes through an acquisition simply opens up their model and examines the types of risks that fall out from an acquisition. In this scenario some diligent work in the IT department to beef up the two new joined networks has the potential of stopping the flow of increasing likelihood between the risks.

I think this is pretty cool but I’d love to hear your thoughts…

So… wearing my optimist’s hat… there are a lot of people out there conducting risk assessments around a wide range of topics, in varying levels of detail, and with different levels of experience.

This blog will be the first of a series of that will focus on effective Risk Management. If you have additional suggestions for types of risk assessments, then please do post a comment or contact me.

Consider this a layman’s guide to an effective risk assessment.  I say “layman” as I am not an accountant, auditor, or lawyer. In fact I’m a nerdy computer science guy, so this is a completely biased but very effective way I personally have managed upwards of 20 corporate wide risk assessments.

Before you start

Before you dive into the risk assessment there are some basics to get sorted:

• Determine what type of results you want out to get out of the session—rankings, discussions, ideas, response plans…
• Figure out who should be involved – make sure you have representation from all key stakeholder groups
• Determine what format works for you – interviews, online surveys, workshops…

Here’s  a quick chart to help you pick which risk assessment type fits your needs, organization and resources or budget:

[1] The estimated risk that remains after existing controls or mitigating actions.

Effective Risk Assessment Workshops

In the rest of this article I will run through my approach to effective Workshop Risk Assessments, how to impress your peers and managers, and how to accurately identify and assess risks as they relate to any objectives.  If you’re a fan of surveys then please check out information on our Survey application.  Please note that Interviews are a great way of gathering information, however they take a long time to conduct and are more expensive due to the time spent aggregating and re-circulating results for agreement.

1. Preparing for the Workshop

• Book a reasonable amount of time to cover the topics
• Determine assessment scales that everyone will understand and get agreement from the two most senior people in the room.  Make sure they have both qualitative and quantitative components and do not focus exclusively on financial risk.
• Agree on a language for your risks that will reduce confusion. (e.g. don’t put the word “or” in your risks)

2. Principles of the workshop

• Ensure you get viewpoints from everyone
• Use an effective technique for anonymous voting (i.e. Resolver*Ballot)
• Have a “scribe” – one person dedicated to writing everything down. (Not you, and not one of the participants.)

Sample 90-Minute Agenda (30 Risks)

(Your group may be faster or slower depending on the # of risks and the depth of discussion.)

Context Setting
Introduce the room to the process you will be following (10 minutes)

1. Ensure that everyone understands the scales
2. Inform people that votes will be completely anonymous and that they should be open and honest
3. Describe your agenda and emphasize the importance of getting through the votes quickly

Voting
Quickly and anonymously rank all the risks on both impact and likelihood without discussion (30s/criteria or 60s/risk = 30 minutes)

1. Voting should be done quickly and silently to avoid “overtalking” each risk. There will be plenty of time for discussion later in the workshop.

Resolver*Ballot Feature: Anonymous voting is done through wireless keypads and should only take about 30 seconds per risk per criteria with our software – compare that to sticky notes or ballot boxes.

2. If you want to avoid pointless academic discussions vote on Residual Risk  only. Inherent Risk is only really only relevant to auditors, will double the time of the session and will add minimal value
3. If necessary, make sure that senior managers do not try to influence the vote with their comments

Clarify
Examine, discuss and re-vote on the risks with a lack of consensus (20 minutes)

Resolver*Ballot Feature: You just click on the “Spreads” button and Resolver*Ballot will show you the standard deviation of the anonymous votes.

1. Get your scribe ready to write.
2. Examine the wording of the risk. It’s possible people have interpreted the risk in different ways
3. If not, prompt discussion by asking people to volunteer why they or someone else voted either high or low.  (Remember the voting in Resolver*Ballot is anonymous so don’t corner someone and force them to tell you what they voted. If you didn’t use our software then this will be much more difficult.)
4. The discussion that emerges here is fantastic. When people have extremely different opinions this may be as a result of experience, personal exposure, education or many other factors. These viewpoints will improve the accuracy of your assessment immensely and are not possible without anonymous voting!
5. On occasion you will uncover a view point that a person has because of something they know that is personal (e.g. a career change). Make sure you respect people’s privacy and manage the conversation carefully.
6. Once you have discussed, if it sounds like people have changed their opinions then re-vote and see if the result has changed.

Another shameless Resolver*Ballot plug! If you don’t use anonymous voting the entire category (areas of low consensus) tends to disappear off the radar. The loudest voice or the most senior person will influence the room and the note taker into recording their position. Our software eliminates those problems and ensures that you will capture the different opinions resulting in a better product.

Discussion
Look at the results and focus on risks that exceed your risk appetite (20 minutes)

1. Start with the high impact and high likelihood risks

Resolver*Ballot Feature: Look at the auto generated Heatmap and zoom in on the values you are interested in (e.g top right of the Heatmap).

2. Get the discussion started on what risks are above appetite, and what that would actually be like for the project/company
3. Get ideas about what you could do to control them, and document actions.
4. Make sure your scribe is writing everything down.
5. If you have time, also look at the high impact and low likelihood risks, the company killers that should “never” happen.  Try to determine which other risks increase the probability of that risk occurring.

3. After the Workshop

• Share the results and the corresponding actions with participants; this will dramatically improve the process the next time around.
  • Resolver*Ballot Feature: Easily exports to PowerPoint and Excel documents to share with others.
• Keep the voting results and use them next time to plot change over time. If you are doing a routine assessment (e.g. every quarter) which risks are changing? Which risks are increasing?  Which actions did not get executed on?
  • Resolver*Ballot Feature: Merge multiple files and plot them on a single Heatmap to understand change

By now hopefully you’ve got some ideas on how to run an effective risk assessment, and our software will improve your results through anonymous voting.  We’ve helped hundreds of companies, large and small, get great results very efficiently.  This includes companies like Sony, Wal-Mart, Philips, Heinz, Deloitte, PwC, Ernst & Young and countless smaller companies.  We’ve even helped the Canadian Government and the United Nations.  Oh, and our software doesn’t cost much since it scales to the number of users that you need.  So, in conclusion, stop reading and buy our software. Or at the very least contact us for a discussion and a demonstration.

The OCEG framework is broken down into several practices and in the table below we have mapped the OCEG GRC elements against key features and functionality in the BPS Resolver GRC Suite.

For more information on  GRC Suite’s capabilities please contact our account team or call 1-888-891-5500 or +1 416-622-2299.

Two colleagues of mine, Tim and Lauren Leech have recently submitted to Congress a thought provoking paper advocating a re-write of Sarbanes-Oxley.  While the proposal suggests only a minor edit to the Act, the implications are significant, far-reaching and would represent a tremendous improvement to an Act that has generated considerable controversy.

Essentially Leech & Leech have put forth the idea that Sarbanes-Oxley becomes primarily risk-based in its approach, vs. the current focus at the control level. Their argument (at least part of it) is that without the right attention to – and understanding of – the risk environment, the work done at the control level is often wasteful and not focused on areas that represent a true potential source of unreliable financial reporting.  A risk based approach, according to the authors will help “allocate resources to the most statistically probable root causes that account for the majority of materially wrong financial statements.”

When reviewing potential software applications it is vital to view them from the perspective of all your types of users. Some buyers fall into the trap of purchasing the tool that best meets the needs of the “owners” of the GRC program, without considering what is most important to the regular – and irregular users – of the tool.

At BPS Resolver, we tend to think in terms of three types: Administrators, Heavy Users and Light Users. Although the definition of heavy and light users varies with how the software is used and the company that is using it, Each of these groups has very different usage patterns, needs and preferences.

The Administrators, who build frameworks, manage permissions, design reports and such, are often daily users who know features and functionality in detail. At the opposite end of the scale are the light users, who access the software quarterly or annually, and frankly forget a lot of what they know between these regular cycles.

As there are typically more light users than administrators, an intuitive interface and an ability to get to their tasks quickly and easily (i.e. very few clicks from the home page) is vital to assure their ongoing use of the system.  Our experience also shows that easy access to immediate reporting (pre-built or ad hoc) and the ability to click through those reports to underlying information is valuable to many types of user.

When we configure sites for customers we spend a lot of time thinking through making the site as intuitive as possible to use. Techniques include:

• Custom roles and permissions, so that a user’s view of content is limited to what they need to read and answer and not cluttered with details that other types of user require
• Custom workflows that refine the view to show just what is needed in each stage of a process, as well as define the work item’s path through the organization.
• Corporate terminology, that ensures terms currently used by the company are reflected in the software, rather than the company have to adopt the software’s terms
• Custom icons that appear on screen and in reports that reflect the corporate terminology or any company’s “house style”.

In the world of the smartphones, people see their consumer technologies rapidly becoming much easier to use, and thus their expectations of the technology they use at work are also increasing. Although an enterprise GRC application is always going to require more of a learning curve than an iPhone app, people are not afraid to click on things any more. And when they do click on something, they expect something intuitive and useful to happen, such as drilling down from a chart to a report.

We are regularly contacted by companies whose first GRC software deployment has failed due to their people not accepting the tool provided and who now want to replace their current solution. To ensure a successful software rollout, make sure the application – and professional services team – you select provides customized, intuitive experiences for all your user types.

The previous four blogs in this series touched on some important concepts companies need to understand and manage in order ensure growth and success: Safeguarding Compliance, Seamless Collaboration, Avoiding Perfect Storms and Data Breach Remediation and Prevention.

Audit is our fifth topic in this series. Any definition of GRC is incomplete without understanding the role, value and unique attributes of audit. In particular it is important to understand that while audit needs to be considered as an integrated element of GRC, it also needs to be understood to sit alongside your GRC initiatives.

The audit function will touch every aspect of the GRC landscape as the Audit team seeks to validate, support and enhance the various activities that are underway within your enterprise.

So what is the benefit to your audit program of a shared GRC Platform? The answer lies in the data. This follows along the theme highlighted in Clark Abrahams’ Seamless Collaboration piece. The modern audit paradigm is really a collaboration with the business, not simply a review.

We have clients who have made significant strides toward lightening the burden of audit on the business. The reason they have been able to achieve this is that information on business processes, risks and controls are organized and managed in a consistent way.

The audit teams are able to access data through the GRC platform and in some cases, make determinations with almost no additional requests for information from the business. The data is there for them and they can see when an area of the business is being managed and controlled according to the policies and standards of the company, and when it is not.

In today’s regulated environment, the business is often asked for information – sometimes the same information – on an almost continuous basis. So any progress towards lightening this burden will create efficiencies and will also be greatly appreciated by the business process owners.

Some of our clients call this ‘self-audit’ and it is a significant reason why audit should be an integrated component of the overall GRC landscape.

Speaking of collaboration, this post was brought to you by:

Steve Taylor | CEO | BPS Resolver Inc.
Clark Abrahams| Chief Financial Architect |SAS Institute Inc.

It appears on both of our company’s blog spaces, so please feel free to post comments on either one of our sites — we want to hear from you!

Many customers already use GRC Cloud’s scoping framework feature to relate risks and controls to corporate financial statements or other methods for determining scope for business processes in their compliance and risk management programs. However, a number of sophisticated users are utilizing this feature as a corporate strategy framework that overlays a typical risk/control framework. This corporate strategy framework relates processes risks and controls to areas such as:

• Balanced Score Card
• Corporate Objectives
• Value Based Management
• Mission, Vision & Values
  and others

Companies can set up any number of overlaying structures to provide a multi dimensional analysis of business issues and measures.

Having built out these strategic frameworks, companies are now able to understand the impact their controls, risks, and most critically gaps have on their key corporate objectives.  Or in other words, the things the Board cares about. One this is established, a company can move into tracking how those seemingly independent compliance objectives, risks and controls change over time, and hence how they affect performance.

From a corporate performance perspective, only part of the information is contained within the GRC system. A recent integration project illustrated a capacity not just to build KRIs and KPIs in GRC Cloud, but also integrate them with other software as a service (SaaS) business applications.

Many customers define quantitative thresholds for KPIs and KRIs and use GRC Cloud’s mathematical functions to measure deviation from these objectives for their risk management and performance management programs. In a recent project we built on this capability to integrate GRC Cloud, via its open API, with Microsoft Dynamics CRM to enable tracking within GRC Cloud based on the number and severity of customer service issues entered into Microsoft Dynamics. Having created KPI/KRI items that were in turn attached to risks related to the quality of customer service in GRC Cloud, we gave users the capability to associate these factors with information such as reports from the CRM system. This provides risk and performance managers visibility into detailed data direct from their risk/performance dashboard. Although in this case we worked with a CRM system, the same integration could have been done with systems used by manufacturing departments, quality assurance, sales, customer service or any other business area.

We would be pleased to demonstrate these capabilities to any organizations who are recognize the value of integration of GRC with strategy and performance management. Please contact your Account Director or our sales team to arrange a meeting.

GRC Cloud 5.4 builds on and expands many key features in response to feedback from BPS Resolver’s customers, many of whom are leading companies in their industries. These enhancements include:

• Greater capabilities for non-Administrative users with new advanced permissions to add items and edit items within the framework from their normal working screens
• More flexibility in determining how users access and interact with reports in the home page dashboard.
• Enhanced abilities to efficiently remove or purge external documents from the application
• Capability to determine the display order of mathematical  functions and include function results in more chart types

“This release of GRC Cloud brings to fruition ideas generated both by our own product team and our customers, and allows companies to assign greater responsibility for maintenance of the GRC framework to qualified users across their organization.” said Steve Taylor, CEO,  BPS Resolver Inc.

“These customer-driven features complement some major development that is close to completion and that will significantly change the way customers manage GRC in their organization. Our new approaches will enable more users to participate in GRC activities in a very intuitive experience, while giving administrators a detailed view of the progress of their compliance, audit or risk management activities.” stated James Patterson, Chief Technology Officer, BPS Resolver Inc., adding “Customers will be able to take advantage of this new approach in Q3.”

About BPS Resolver

BPS Resolver products are purchased by companies that have material exposure to failures in legislative compliance, shareholder assurance and long term sustainability. BPS Resolver makes it simple for companies to effectively mobilize their people to address issues proactively and to demonstrate and document these efforts to third parties. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt and easy to use solutions. We proudly support over 300 top brand companies in over 100 countries, with an approach that achieves the objectives of hundreds of risk management, audit and compliance groups, involving thousands of users. BPS Resolver applications were included in Gartner Inc.’s 2010 Magic Quadrant for Enterprise GRC Platforms.

Contact:
Phil Obendorf
Executive VP, Sales, BPS Resolver Inc.
+1 (416) 622-2299 ext 435
phil.obendorf@bpsresolver.com

Clark Abrahams, a colleague of mine at SAS, has authored an excellent Blog outlining the powerful additions SAS has made to their platform as well as the advantages of the integration with the BPS Resolver audit tool.

One of the thought provoking concepts in the piece is the idea that success in business is not only driven by what the business is trying to do, put equally by how it is trying to do it.

Measuring and managing the how is very much the business of GRC.  How refers to everything from the ethical manner in which a company conducts itself – the values of the company – right down to the monitoring of tactical controls that have been implemented to govern the company.

Plotting an effective course requires leadership to understand risk.  This is part of what makes SAS such a powerful partner for us.  Their tagline ‘The Power to Know’ is a great phrase for a company that is in the e-GRC space.  Getting access to data is critical.   This can be historic data on your company and your industry or it can be real time information delivered within seconds of a risk event or the breach of a control.  Great data allows for great decision making.

Strategy and GRC are completely intertwined.  They are two sides of the same coin.  This is why it is also significant that the SAS^® Enterprise GRC platform has been further integrated with the SAS^® Corporate Performance Management solution.

You very likely know what your business is trying to do.  The combined solutions of SAS and BPS Resolver will help you determine how to do it.

I urge you to read Clark’s Blog on the SAS website and learn more!

Steve Taylor, CEO, BPS Resolver Inc.

(c) Public Service Commission of Canada

The Public Service Commission (PSC) has been a BPS Resolver customer since 2009. The PSC’s is an independent agency reporting to the Parliament of Canada, mandated to safeguard the integrity of the public service staffing system and the political neutrality of the public service. The PSC is the first of a number of federal agencies assessing their ICFR activities using GRC Cloud.

Public sector bodies around the world use BPS Resolver software applications for risk management, compliance and audit activities because of their ease of use and the speed cost-effectiveness of deploying Software as a Service (SaaS), also known as Cloud computing.

The full report is available here.

Therefore, in the next release we intend to double the width of this box, to incorporate the longer names. It will look like this:

An issue we stumbled upon was that because this box is twice the width of all the others, it cannot remain as the last item on the page without leading to some strange spacing issues. In other words, if the last row of charts on your home page includes three pies, the My Reports box would need to wrap around to another row, leaving a “ragged” look. Therefore we are going to put the wider My Reports box at the very top of the home page going forward, starting with GRC Cloud Release 5.4.

We would be interested in your thoughts on this. Will the double width My Reports box help you, or do your report names fit fine in the current box? Does having My Reports at the top of your home page avoid you having to scroll down to reach it, or do you prefer seeing your pie charts front and centre?

By the way, we are also going to change how left clicking a report name in My Reports functions. Currently when you left-click on an item overview report, it goes straight to the report itself, whereas for summary and hierarchical report it goes to the report builder. In future, you will be able to set for your site whether the left click goes straight to the report or to the builder page and this setting will apply to all reports.

Please give us your thoughts using the form below or e-mail us anytime at productmanagement@bpsresolver.com.

BPS Resolver prides itself on providing the highest quality solution experience for clients, part of which includes server reliability and security. Ensuring a secure and certified hosting environment is of primary importance. BPS Resolver was one of the first GRC vendors to provide a completely SaaS option to their customers. The SaaS model is gaining increasing momentum due to the low cost of ownership and speed of implementation.

“As BPS Resolver is a GRC software solutions provider, it is very important that we ensure our clients enjoy the highest standard of security and reliability for their sites. CentriLogic allows us to do this with confidence. This also allows us to provide hosting options in both Canada and the United States.” said Steve Taylor, CEO & Co-founder, BPS Resolver Inc.

“After careful consideration of several providers, BPS Resolver has chosen to move our software applications to CentriLogic’s hosting facilities. This decision was based on a number of criteria, including state-of-the-art data centers, proven cross-border experience, level of service, technical qualifications, leading technology platform, end-to-end hosting and managed services,” said James Patterson, CTO, BPS Resolver Inc.

CentriLogic’s cloud infrastructure gives BPS Resolver a flexible platform to deploy its solutions, while still maintaining the security and integrity of the environment. CentriLogic provides a cross-border Infrastructure-as-a-Service cloud platform that can scale with BPS Resolver’s client demands.

“As a forward thinking provider of a comprehensive software and SaaS solutions around the globe, BPS Resolver required a flexible and scalable data center solution to address fluctuating resource needs, while continuing to satisfy country-specific compliance and information privacy requirements,” said Jim Latimer, VP Client Solutions, CentriLogic Inc. “The multi-facility, cross-border managed hosting solution we designed addresses these needs while providing a capability for considerable growth. Our success is linked; the better we manage the hosting platform, the more BPS Resolver can focus on their customers.”

“As our business continues to grow, CentriLogic’s Cloud environment will give us the flexibility to scale our SaaS environment in a cost effective manner. We will only pay for the resources we need when we need them and we didn’t require a large initial hardware investment,” said James Patterson, CTO, BPS Resolver Inc.

About CentriLogic

CentriLogic is a trusted provider of global data center solutions that delivers enterprise-class hosting, cloud computing, and managed services to organizations that gain advantage by outsourcing their hosting requirements. CentriLogic utilizes world class facilities, industry best practices, experienced technical resources, and a customer-first philosophy, to deliver agile and elastic solutions designed to meet evolving customer outsourcing needs. CentriLogic is a privately held company, headquartered in Toronto, Canada with facilities in Southern Ontario and Western New York. For more information, visit www.centrilogic.com.

About BPS Resolver Inc.

Over the past 10 years, BPS Resolver Inc.’s GRC Suite of software solutions has provided organizations with Governance, Risk and Compliance solutions that create efficiencies and simplify results. We make it simple for companies to effectively mobilize people to address Business, Risk and Compliance issues proactively and to demonstrate and document these efforts to internal and external stakeholders. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt and easy to use solutions. Our software solutions proudly support over 300 top brand companies in over 100 countries where we provide expert systems to ensure that boards and executives meet their oversight and assurance goals.

For further information, please contact:

Melanie Ferrara
Communications, BPS Resolver Inc.
Tel: (416) 622-2299 x 221
E-mail: melanie.ferrara@bpsresolver.com
Website: www.bpsresolver.com

Caroline McGrath
CMM Communications Group (for CentriLogic)
Tel: (416) 972-1642
E-mail: caroline@cmm-communications.com

The webinar was a great success and we have had many requests for the recording. It is available here: Webinar Recording

Webinar Summary:

In each organization, a host of critical IT projects, processes and services are in constant motion, and few organizations understand the ways that these activities impact the company overall and which are the most critical.

For years, organizations have spoken about linking IT to the business. While some have done this effectively, few CIOs can directly demonstrate the risk in how their behavior specifically links to the business and the CEO’s top objectives and priorities.

BPS Resolver and Encore Consulting will show how companies can use a few simple software tools to assess and link activities to the CEO’s business drivers such as: Cash Flow, Operational Efficiency, and ROI.

For more information about BPS Resolver or Encore Consulting please follow the links below:

www.bpsresolver.com

www.Encore-c.com

Click here for the article at arabnews.com.