Internal Controls Design
consulting and research for internal control with risk management
"Intelligent Internal Control and Risk Management": The story behind the book
This book exists because Jonathan Norman of Gower Publications challenged me to write it, so thanks Jonathan.
The initial idea was to rewrite material from my various websites and string it together as a book, but as I wrote I began to see more exciting possibilities and so the book became something much more sophisticated and original than I had planned.
Part 1 began as some general introductory material but gradually grew into a series of chapters, each important in itself. For example, Chapter 3 integrates risk management and internal control in an original and helpful way. This was influenced by the effort I have made over the years to learn about as many different perspectives on risk control as I can. In particular, in 2006 I joined a committee at the British Standards Institute that was trying to write a new standard (a Code of Practice) for risk management. This experience brought home strongly just how many different views are held by people working with risk in different fields.
The gist of the integrated perspective is that most of risk control is a matter of design choices. That includes the concepts and language as well as the formats, tools, and so on. However, there are certain things that are true whatever your design preferences, and I think I've captured them in this chapter. The rest of the book, particularly in Part 2, expands massively on the design options.
Part 2 is also far better than I imagined at the start. The original intention was to write about my favourite internal control mechanisms. However, the main objective of doing this was to pump up my reader's ability to design good risk control systems quickly and to do that I really wanted to organise the material in a way that would shorten the gap between written word and usable design knowledge.
The format I chose for this is called a 'pattern language', an idea from Christopher Alexander, the architect and design theorist. Alexander's goal was to empower the users of buildings to participate in their design rather than just leaving everything to professional architects. To make that possible he decided to provide a professional architect's knowledge in a book, organized to make design easier for non-professionals. The result is fantastic and I followed Alexander's layout and style as closely as I could.
Part 3 is about getting useful things to happen - which is often a problem in large organizations in particular. At first my drafts tended to be rather negative, reflecting the fact that there are many reasons why good risk control initiatives can be hindered by problems that shouldn't be there. I was also aware of a lot of narrow thinking in the field that has blocked creative progress for a long time.
However, at about that time an interesting theme began to emerge from research projects that I was doing. I noticed that when people are asked simple questions about risk and control they generally give sensible answers, even when these conflict with the received theoretical wisdom in internal control and risk management text books and guides. I realised that, with most people, it isn't necessary to correct misconceptions. It is only necessary to make contact with their good sense.
From that point on things began to sort themselves out and now Part 3 offers ground-breaking suggestions for making positive change happen, with minimal conflict.
All things considered, this is a far better book than I set out the write, and took far more effort.
The best place to buy it from is Gower's website, HERE because the discounts are about the same as anywhere else and I get slightly more money when you buy direct. However, if you want to be billed in something other than sterling or USD then I suggest Amazon.
If you just want to buy the book then please do so from Gower's website HERE.