Internal Controls Design graphic Internal Controls Design
consulting and research for internal control with risk management

book main page

"Intelligent Internal Control and Risk Management": Content for different readers

Content for risk and internal control managers

Virtually every chapter offers something of particular interest to risk and internal control managers. Part 2, with its massive collection of high performance control mechanisms, including what is more usually called risk mangement processes, is perhaps the most valuable, but other chapters offer a refreshingly different perspective, details of interesting cases, and so on.

Content for auditors

Most auditors, internal and external, will find the material lively but also challenging. There's more information here than you need to know to do audit work, so why bother with it? Bother because this is the sort of thing you need to know to do great audit work.

Read it to learn the difference between 'adequate' control, otherwise known as mediocre control, and beautiful, empowering, efficient, enjoyable, profitable control. Learn to spot the deficiencies in controls you might otherwise never have noticed until it was too late.

Also notice that chapter 7 is specifically about monitoring controls, including audit. There are some control patterns specifically dedicated to audit work and the material on healthy conversations about controls and about questions to elicit risk and control information is particularly relevant to auditors, having been developed in that context.

Content for politicians and regulators

The bad press internal control has received over the last several years has been the result of politicians and regulators asking for things that add work but don't add much value.

Happily, there are plenty of alternatives. It's time to push for control that improves performance, not just by averting disaster, but also by lifting everyday efficiency, spurring innovation, and accelerating learning. This kind of 'intelligent' risk control is what organizations would prefer to be focused on, so please let's stop pushing them to gather ever more assurance. Instead, let's write regulations that require them to design risk controls well, and skillfully, and to use high performance control mechanisms.

My book explains most of the detail that makes this possible. If ideas within this book had been applied to the drafting of section 404 of the Sarbanes-Oxley act, and to guidance on how to comply with it, the savings internationally would surely have been enough to buy more than 1,000,000 copies of my book.

Content for theorists

This is a book that contains some big, fresh thinking. For example, it:

  • puts design ahead of compliance;

  • puts uncertainty at the heart of risk control and pinpoints the key psychological effects that risk control should focus on;

  • integrates risk management with internal control using the idea of self generating control systems (and offers several processes for generating control systems rather than the usual monolithic flow chart); and

  • makes sense of the history of internal control and risk management and points out where they are poised for progress.

If COSO published a document like this it would be the hottest, most exciting, most talked about revolution in the history of internal control and quite a shake up for risk management too. I'm not COSO but the book is still worth a read. As Jeremy Hope was kind enough to say in his review, "this book should be compulsory reading for all senior managers and professionals in the risk management business."



If you just want to buy the book then please do so from Gower's website HERE.

  © 2008 Matthew Leitch