Audit and accountancy institutes

Institute of Internal Auditors (U.S.)

This site (www.theiia.org) has a wealth of information – though it’s not always easy to find (click “Guidance” on the top menu).

Direct links:

Code of ethics

Standards  

Setting up an audit department

Institute of Internal Auditors (U.K.)

This site (www.iia.org.uk) has a useful “Knowledge Centre” plus links to U.K. documents.

An Approach to Implementing Risk Based Internal Auditing

Bulletin – Independence and objectivity

Position statement on the role of internal audit in enterprise-wide risk management

Position statement on risk based internal auditing

Deloitte & Touche and the Institute of Internal Auditors – UK and Ireland (IIA)  “The value agenda’

Embedding risk management into the culture of your organisation (details of how to obtain the briefing note)

The Institute of Chartered Accountants in England and Wales (ICAEW)

The institute (www.icaew.co.uk) has several useful documents. From the home page, select “Policy” on the left index and then “Risk management and reporting”.

Direct links:

Implementing Turnbull – a boardroom briefing

Official standard setting organisations (US)

Public Company Accounts Oversight Board

Their standards for the audit of internal control over financial reporting are here. Auditing standard No.2 is probably most relevant to internal auditors.

COSO

This organisation published a framework for internal control which is not available on the web and a publication on ERM. They have recently published an exposure draft on 'Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting'. 

Official standard setting organisations (UK)

LSE Combined Code

The London Stock Exchange Combined Code, which includes the Turnbull and Smith guidance notes can be downloaded from the Financial Reporting Council website. 

UK government

The Treasury website has issued:

Management of risk – principles and concepts (Known as the “Orange book)

Risk Management

The Association of Insurance and Risk Managers (AIRMIC)

This site has a free newsletter.

The Institute of Risk Management

The “Risk Management Standard” can be downloaded from this site.

 Australia and New Zealand standards

They published one of the first reports on risk management  which has now been updated (AS/NZS 4360:2004). It’s not available on the net, but can be purchased. Search for 'Risk Management'.

Risk Doctor

This is a good site (www.risk-doctor.com) for links and information on risk management. Check out the "publications" section.

Risk Management information

Matthew Leitch has written three interesting sites around internal control and risk:

Managed Luck – which provides practical methods for managing uncertainty at work

Internal Controls Design – which provides new ideas for internal control and risk management

Dynamic management for an uncertain world – a discussion and ideas site

Other sites

PricewaterhouseCoopers

2007 State of the internal audit profession study: Pressures build for continual focus on risk - PwC

Deloitte

ERM done right - Deloitte

Working Council for Chief Financial Officers

This site has articles on internal audit. You will need to register, but it is free.

US Corporate Governance

The Conference Board Commission on Public Trust and Private Enterprise was formed in the U.S. to address widespread abuses which led to corporate scandals and declining public trust in companies, their leaders and America's capital markets. It has published a report on, “Corporate governance, accounting and auditing”.

Sites with internal audit links

AuditNet® An extensive site with many resources for internal auditors

Internal Audit Scotland Check out the briefing notes and extensive links

Will Yancies' site has good links

Sites offering software and/or consultancy

The following sites offer software, and consultancy, for implementing risk-based auditing. (No endorsement is implied).

Software and consultancy:

My excel database is very rudimentary. If you require a more sophisticated product for managing risks and controls, take a look at the following plus other, similar, software on the market.

Paisley Consulting

Methodware

Magique

Pentana

Risk Governance

There are many software solutions, some based on Lotus Notes or Microsoft Access databases. My experience is to look at the reports they can produce and make sure you are happy with them, or can amend them easily.

Consultancy

Mc²  Management Consulting (website may be off-line)

This is the site of David McNamee, one of the pioneers of risk-based auditing. In 1997, he published a book, “Risk-based auditing”, most of which is still relevant. Part of the structure of my audit database is the same as a table that he suggested for audit testing, so I must have got something right!  David has written books and articles, which are also available on CD. Details are on his site, which also has useful articles.

Business Risk Management Ltd.

GEB Solutions

Wayside Network

MindGrove – specialists in risk, audit, information technology security and control

Books

Risk based auditing, Phil Griffiths (no relation), link

The non-designers design book (2nd edition), Robin Williams, Peachpit Press, ISBN 0321193857. Not an internal audit book but one which is very important when much of our final product is “written” – even if this is a “Word” document, “PowerPoint” presentation, or web page. Do the reports from your department look boring? Then get reading.

You want to manage information?

You might like to look at my other site, which considers the management of information (www.managing-information.org.uk)