Internal Controls Design
consulting and research for internal control with risk management
...to a website that's packed to bursting with information and fresh ideas about internal control and risk management (what I now prefer to call risk control). It will help you expand your thinking and get better results more easily.
If you'd like to be kept informed of new materials added to this site please click on this button:
My name is Matthew Leitch and I help people improve the way they manage risk and uncertainty - or the way their organization does it. I am in business to help and thanks to my experience and huge research effort it is almost certain that I can help you or your organization in some worthwhile way, but not unless you are free to engage me and open to ideas. If you are in this position please click this button:
The next worthwhile improvement varies a lot from one case to the next so I don't have a fixed prescription and I'm always on the lookout for things that are easy to do but have a profound beneficial effect.
This website is read by many people around the world and feedback shows that it is the experts who appreciate it most. My consulting clients over the last few years have included experts at BP, BT, Land Securities (who won an award for work I helped with), a leading Swiss bank, BDO Stoy Hayward, and the United States Army flew me to Arizona to give a presentation to 400 people on "Risk Management with Impact".
I don't have much time for sales and marketing, so please get in touch by e-mail at firstname.lastname@example.org or call on 01372 815 856. I work from my office at home in Epsom, near London, UK.
I look forward to hearing from you.
ArticlesOverview of risk control / internal control
- This website summarised
- A simple introduction to risk management and internal control in organisations
- Seven frontiers of internal control and risk management
- 7 frontiers audio version
Tools to download and use (free)
- Risk-Control Matrix for a process
- Simple Risk-Control Matrix
- General Risk-Control Matrix
- Risk register format generator
- Probability-Impact grid analysis tool
- Efficient sampling spreadsheet
Productive, creative risk control projects
- The Natural Method of designing internal control systems
- Natural project risk management
- Fixing a process and controls mess
- Matrix Mapping: the easiest and best way to map internal controls
- Diagrams for controls work
- Reengineering internal controls for efficiency
- Controls for e-business processes
- Risk modeling alternatives for risk registers
- Internal control and leaking profits
Risk control processes and human behaviour
- Making sense of risk appetite, tolerance, and acceptance (2nd edition)
- Risk appetite definitions
- Straighten out your thinking on 'risk aversion', 'risk appetite', 'risk tolerance', 'risk limits', and all that
- The real reasons we avoid risk
- What circumstances are relevant to decision making under uncertainty?
- How to be positive about risk
- What happens when you say "uncertainty" instead of "risk"
- Results of an experiment in risk and uncertainty management
- Practical word choices for risk managers
- An introduction to the Risk Register Studies
- Risk register study 1: Impact Spread
- Risk register study 2: Causal links within and between risk register items
- Measuring and managing risk register quality
- Alternative risk lists
- Favourite ways to characterise risks
- Risk Meters: A better way to make and show rough, subjective risk ratings
- Everyday Risk Management
- "So embedded it's disappeared"
- Embedded risk management should be easier
- The psychology of devising internal controls
- The Risk Manager people want to work with
Personal skills to manage risk & uncertainty
- Open and honest about risk and uncertainty
- Individual differences in risk and uncertainty management
- Writing about flexible plans (A challenge of the new OFR)
- Results of an experiment in risk and uncertainty communication
- Overconfidence and strategic mistakes
- Participation and Key Performance Indicators (KPIs)
- Giving ideas
Risk management reform
- A comparative overview of risk management and internal control guidance
- What's good about BS31100?
- Defining 'risk'
- Results of a survey of alternative risk phrases
- Problem areas for current risk management standards (speech at BSI)
- A first step towards successful risk management standards
- Requirements of Risk Management processes
- The crisis in management control and corporate governance (questionnaire)
- What's on your risk registers?
- Uncertainty quantification
- Clear thinking and “risk appetite”
- Time to put numbers on internal controls
- Innovating in the face of internal control regulations
Efficient audit & reviews
- What can auditors do when they have read 'A pocket guide to risk mathematics'?
- Sarbanes-Oxley Act section 404 and 302: efficient compliance (updated)
- Evidence for an efficient approach to evaluating controls effectiveness
- When is a good time to talk about saving money on SOX 404 compliance?
- How to test fewer “key controls” in a Sarbanes-Oxley s404 project
- Controls design for efficient compliance with Sarbanes-Oxley’s section 404
- How to cut Sarbanes-Oxley s404/302 compliance costs
- A new focus for Turnbull compliance
- Easier Turnbull compliance
- Efficient samples for internal control and audit testing
- Efficient reviews of documentation of internal control systems and audit testing
- Why the COSO frameworks need improvement
- COSO’s new guidance for smaller organisations: a Trojan Horse?
- Risk management versus internal control
- Embedded risk management: the auditors’ contribution
- Embedding risk management: easier, faster, better
Intelligent risk controls
- Designing intelligent internal control systems
- Results of a survey on internal control and risk management recommendations
- Why is Evolutionary Project Management so effective?
- What is attractive about embedded risk management? (survey results)
- Success with innovative projects
- Post-implementation project failure
- Promoting good management of risk and uncertainty
Integrated risk & performance management
- Progressive risk control integrated with strategy and performance management (Interactive article)
- Risk Management and Beyond Budgeting
- Control without budgets
- Results of a performance management survey
- How to embed risk management into performance management and strategy making
- Managing risk and uncertainty in Beyond Budgeting implementations
- Design ideas for Beyond Budgeting management information reports
- Research on risk management within performance management
- How the United Kingdom Accreditation Service improved its financial forecasting
- Better management of large scale financial and business processes using predictive statistics
- Visualizing an uncertain sales pipeline at Z/Yen
Other food for thought
- The Campaign for Plain Maths starts here
- Auditors and risk management
Author and services
Other websites by Matthew Leitch