Risk Insights Blog


    Looking for Something?

    Search for posts and comments here.

    Yusuf Moolla

    Wed, Dec 4 2019 6 min

    Do auditors need a specific data governance and management approach?

    Why you, as an auditor, need to think a bit differently to the rest of the organization, and specifically govern the management of data that you collect and the analytics that you conduct. Read More

    Yusuf Moolla

    Thu, Nov 21 2019 7 min

    Using complaints and customer feedback data for assurance / audits

    Why are auditors increasingly using complaints data and customer feedback Read More

    Yusuf Moolla

    Mon, Oct 14 2019 8 min

    Audit analytics - reducing noise, false positives

    In adopting analytics, one of the main challenges faced by internal auditors is the volume of exceptions generated. How can we overcome this? Read More

    Conor McGarrity

    Wed, Oct 9 2019 7 min

    Performance Audits - creating and sustaining Public Value

    This article is for (1) Performance Auditors, to help explore their critical role in sustaining Public Value, and (2) Internal Auditors, in conducting performance audits i.e., assessing economy and efficiency within their organisations. Read More

    Yusuf Moolla

    Wed, Oct 2 2019 6 min

    SAS70 Certification and other common SOC report myths

    If you use or plan to use a cloud/SaaS/hosted solution, how do you ensure that the service provider is protecting your systems and data? Rely on their SAS70 reports, right? Not quite. In this article, we explain why this is not the right answer and explore a few other common myths. Read More

    Yusuf Moolla

    Wed, Sep 25 2019 7 min

    Supply chain risks - brand damage & financial loss

    This post has been updated to reflect a prevalent, but often missed risk. Original: how Contingent Resourcing and SEO could damage brands. Updated: Does being listed as a client on a supplier's website create risk? What about listing your suppliers on your website? Read More

    Yusuf Moolla

    Tue, Sep 10 2019 7 min

    Is "risk management" creating more risk in how you manage & use data?

    We previously spoke about a PIA (privacy impact assessment) that did not consider all the risks. The resulting breach occurred, in part, because of the false sense of security created by the PIA. In another article we outlined how a flaw in risk thinking can increase risk, by reducing efficiency and effectiveness. Those articles might appear to conflict - but are the messages contradictory? Not quite - they relate to two very different contexts and scenarios. In the first case, data was shared externally. In the second, the situation related to internal data access. Read More

    Yusuf Moolla

    Tue, Sep 3 2019 7 min

    Protect against inadvertent privacy breaches

    There has been a raft of data breaches over the past few months. Some of those were due to poor controls and/or significant effort by hackers. However, a number of recent breaches have been rather inadvertent - occurring despite some controls put in place, with no significant effort by evil actors and with the risk of breach not that easy to identify at the outset. Read More

    Yusuf Moolla

    Tue, Aug 27 2019 7 min

    Going beyond the initial remedial action

    Management action flowing from an internal audit finding often focuses on the specific sample or the specific weakness that was identified. Sometimes this is called "remedial action" - but is it really remediation? Does the action minimise the risk? Importantly, if a customer knew about it, would they be satisfied with the fix? Read More

    Linh Nguyen

    Fri, Apr 5 2019 4 min

    More access to data to reduce risk & enable better decisions

    You know that there is untapped value within your systems and the data that they contain. But user access limitations - because of audit, risk and compliance expectations – mean that it is increasingly difficult to get access to the data that you need. Read More

    Recent Posts

    See All