Internal Controls Design
consulting and research for internal control with risk management
"Intelligent Internal Control and Risk Management": Content for different readers
Content for risk and internal control managers
Virtually every chapter offers something of particular interest to risk and internal control managers. Part 2, with its massive collection of high performance control mechanisms, including what is more usually called risk mangement processes, is perhaps the most valuable, but other chapters offer a refreshingly different perspective, details of interesting cases, and so on.
Content for auditors
Most auditors, internal and external, will find the material lively but also challenging. There's more information here than you need to know to do audit work, so why bother with it? Bother because this is the sort of thing you need to know to do great audit work.
Read it to learn the difference between 'adequate' control, otherwise known as mediocre control, and beautiful, empowering, efficient, enjoyable, profitable control. Learn to spot the deficiencies in controls you might otherwise never have noticed until it was too late.
Also notice that chapter 7 is specifically about monitoring controls, including audit. There are some control patterns specifically dedicated to audit work and the material on healthy conversations about controls and about questions to elicit risk and control information is particularly relevant to auditors, having been developed in that context.
Content for politicians and regulators
The bad press internal control has received over the last several years has been the result of politicians and regulators asking for things that add work but don't add much value.
Happily, there are plenty of alternatives. It's time to push for control that improves performance, not just by averting disaster, but also by lifting everyday efficiency, spurring innovation, and accelerating learning. This kind of 'intelligent' risk control is what organizations would prefer to be focused on, so please let's stop pushing them to gather ever more assurance. Instead, let's write regulations that require them to design risk controls well, and skillfully, and to use high performance control mechanisms.
My book explains most of the detail that makes this possible. If ideas within this book had been applied to the drafting of section 404 of the Sarbanes-Oxley act, and to guidance on how to comply with it, the savings internationally would surely have been enough to buy more than 1,000,000 copies of my book.
Content for theorists
This is a book that contains some big, fresh thinking. For example, it:
If COSO published a document like this it would be the hottest, most exciting, most talked about revolution in the history of internal control and quite a shake up for risk management too. I'm not COSO but the book is still worth a read. As Jeremy Hope was kind enough to say in his review, "this book should be compulsory reading for all senior managers and professionals in the risk management business."
If you just want to buy the book then please do so from Gower's website HERE.