![Sample our Information Science journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5940/TOC-Subject-Sample-2021-Communication-Studies.jpg"})
Abstract
Failures, errors, mistakes, and exploits are problems if an audit found no significant problem and yet the cause was present. Improved audits do not mean more testing of more “controls.” Instead, it means audits that fully recognize what is new in the external environment, or internal activities or capabilities. Errors are largely preventable by better understanding what is new and what has changed. It’s about better auditing the “new thing.” Avoiding errors starts by: (a) realizing the “new thing” is often old—structural blindness just prevents auditors from seeing it and (b) understanding “how it works”—the machinery of business and information technology (IT). Avoiding structural blindness comes from improving audit and learning processes to proactively overcome the blindness—improving our personal awareness of change. Learning “how it works” comes from improving the process by which we learned about the mechanics of business and IT. It helps to practice this skill by fixing anything from toys to household appliances. Automation not only reshapes what is being audited but also audit activities. Improvement in process, awareness, skill, “how it works” and automation can be faster and easier through outcomes acceleration workshops—these workshops are so efficient because of how they integrate substantive learning and organizational improvement.
Acknowledgment
This article was written specifically for EDPACS readers, adapted from several objectives-acceleration workshops of ValueBridge Advisors, LLC and content originally included in The Operational Risk Handbook.
Notes
1. Developed by Edward de Bono, http://www.debonogroup.com/six_thinking_hats.php
2. Michael Cangemi writing at http://canco.us/about-us/michael-p-cangemi/
3. Brian Barnier, “Why Controls Have Become Wasteful, False Sense of Security, and Dangerously Distracting—and How to Fix It,” EDPACS (May 2015), http://www.tandfonline.com/doi/full/10.1080/07366981.2015.1041815#abstract
4. M. P. Cangemi and T. Singleton, Managing the Audit Function: A Corporate Audit Department Procedures Guide, Third Edition (New York: Wiley, 2003), http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471281190.html
5. M. P. Cangemi, “Views on Internal Audit, Internal Controls, and Internal Audit’s Use of Technology,” EDPACS (January 2016).
6. Jim Collins, How the Mighty Fall: And Why Some Companies Never Give In (2009), http://www.jimcollins.com/books/how-the-mighty-fall.html
7. Michele Wucker, The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore (New York, NY: St. Martin’s Press, 2016), http://us.macmillan.com/thegrayrhino/michelewucker/9781250053824/
8. Brian Barnier, “Why Controls Have Become Wasteful, False Sense of Security, and Dangerously Distracting—and How to Fix it,” EDPACS, May 2015, http://www.tandfonline.com/doi/full/10.1080/07366981.2015.1041815#abstract
9. Brian Barnier, “A Barista, a Shot and Better Security,” EDPACS, December 2015 http://www.tandfonline.com/doi/abs/10.1080/07366981.2015.1113810
10. Brian Barnier, The Operational Risk Handbook (Great Britain: Harriman House, 2011). For more on The Handbook, see http://www.brianbarnier.com/op-risk-handbook-order/
Additional information
Notes on contributors
Brian Barnier
Brian Barnier is a director/member at ValueBridge Advisors, helping leaders manage risk to growth. He has served on ISACA bodies that created Risk IT and COBIT5, co-chair of the OCEG Steering Committee, and an editorial panel member of EDPACS, ISACA Journal, and the Association of Financial Professionals Risk! newsletter. He has been a non-profit audit committee chair. In prior roles, he was at IBM, Lucent, and Ameritech (once and again part of AT&T), across which he led teams to nine patents. He is a frequent keynote speaker and workshop teacher. He is the author of The Operational Risk Handbook (Harriman House, Great Britain, 2011), contributor to Risk Management in Finance (Wiley, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley, 2014), and author of over 100 articles. He can be reached at [email protected].