![Sample our Information Science journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5940/TOC-Subject-Sample-2021-Communication-Studies.jpg"})
Abstract
The problem is revealed in post-mortems of control failures. After a decade of rushing to create more internal controls over financial reporting and applying these concepts to other business areas, organizations are struck by high cost and how often controls do not catch problems as intended. Efficiency and effectiveness questions arise despite efforts by dedicated professionals to align with business and follow professional guidance. In explaining causes of control failures, the observations are made that: (1) Assumptions that are necessary for efficient and effective individual controls and control approaches rarely hold true; (2) Objectives are often framed only in terms of cost or error avoidance, rather than quality and revenue growth (3) The right tool for the job is often not used. To assist audit, control, and compliance professionals in personal professional development and providing more business benefit, this article suggests: (1) Simplifying controls in function and flow—a light switch is an example of a control that actually controls—electricity, light bulb, and ability to see more clearly to achieve a task; (2) Testing assumptions in individual controls with the Controls Chain of Fitness; (3) Testing assumptions in control approach; (4) Designing controls to avoid the 4Cs of control complications.
Notes
i. Richard Shay, “Creating Usable Policies for Stronger Passwords with MTurk,” February 2015, Institute for Software Research, School of Computer Science, Carnegie Mellon University. http://cups.cs.cmu.edu/rshay/pubs/RichThesis.pdf (accessed March 14, 2015).
ii. “Auditing Low-Hanging Fruit—IT Leasing,: Internal Auditor, February 2015. https://iaonline.theiia.org/2015/auditing-low-hanging-fruit (accessed March 14, 2015).
iii. Dylan Love, “Here’s The Burger-Flipping Robot That Could Put Fast-Food Workers Out of a Job,” Business Insider, http://www.businessinsider.com/momentum-machines-burger-robot-2014-8 (accessed March 14, 2015).
iv. Described in The Operational Risk Handbook (Petersfield, Great Britain: Harriman House, 2011).
v. Rob Sidorsky, personal communication, March 10, 2015.
Additional information
Notes on contributors
Brian Barnier
Brian Barnier is a principal/member at ValueBridge Advisors helping leaders manage risk to company growth. He has served on ISACA bodies that created Risk IT and COBIT5, as co-chair of the OCEG Steering Committee, editorial panel member of EDPACS, the ISACA Journal, and Association of Financial Professionals Risk! newsletter. He has been a non-profit audit committee chair. In prior roles, he was at IBM, Lucent, and Ameritech (once and again part of AT&T), across which he led teams to nine patents. He is a frequent keynote speaker and workshop teacher. He is the author of The Operational Risk Handbook (Harriman House, Great Britain, 2011), contributor to Risk Management in Finance (Wiley, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley, 2014), and author of over 100 articles. He can be reached at [email protected]