About Board and Fraud

Board and Fraud is a blog that aims to bring a practical approach to issues facing the board of directors and the audit committee specifically in the area of governance, risk management, compliance, and internal audit, with a strong focus on fraud, ethics, and internal controls.

SEC and its New Silent Whistleblower: Risk Based Data Analytics

The SEC just announced its first actions arising from investigations generated by the Enforcement Division’s EPS (Earnings Per Share) Initiative, which utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.

» Read More

Enterprise Resiliency Model Released

In July 2020, The Institute of Internal Auditors (“IIA”) updated its Three Lines of Defense Model (“Model”) to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function.  

Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes “to achieving objectives and creating value, as well as to matters of “defense” and protecting value.”

Learn why the Enterprise Risk Resilient Model might be a better choice.

» Read More

Internal Control Defined and Some Guidance

Compliance officers talk about controls constantly. Effective controls are the lifeblood of what makes a compliance program work. Most of us can rattle off examples of controls, or recognize a control when we see one.
So my fellow speaker asked the audience: What is a control?

Nobody dared answer. We all, me included, were suddenly uncertain that we could define a control correctly.

The speaker who posed this question is Jonathan T. Marks, partner at Baker Tilly and a prolific thinker on all things forensics, audit, and internal control. Lately Marks has been asking audit and compliance audiences to define a control — and to his dismay, most people can’t.

Read Marks’ definition of internal control.

» Read More
Skip to toolbar