Loading ...
Sorry, an error occurred while loading the content.

906REVIEW: "Intelligent Internal Control and Risk Management", Matthew Leitch

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    Jul 22, 2013
    • 0 Attachment
      BKIICARM.RVW 20121210

      "Intelligent Internal Control and Risk Management", Matthew Leitch,
      2008, 978-0-566-08799-8, U$144.95
      %A Matthew Leitch
      %C Gower House, Croft Rd, Aldershot, Hampshire, GU11 3HR, England
      %D 2008
      %G 978-0-566-08799-8 0-566-08799-5
      %I Gower Publishing Limited
      %O U$114.95 www.gowerpub.com
      %O http://www.amazon.com/exec/obidos/ASIN/0566087995/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0566087995/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0566087995/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 253 p.
      %T "Intelligent Internal Control and Risk Management"

      The introduction indicates that this book is written from the risk
      management perspective of the financial services industry, with a
      concentration on Sarbanes-Oxley, COSO, and related frameworks. There
      is an implication that the emphasis is on designing new controls.

      Part one, "The Bigger Picture," provides a history of risk management
      and internal controls. Chapter one asks how much improvement is
      possible through additional controls. The author's statement that
      "[w]hen an auditor, especially an external auditor, recommends an
      improvement control it is usually with little concern for the cost of
      implementing or operating that control [or improved value]. The
      auditor wants to feel `covered' by having recommended something in the
      face of a risk that exists, at least in theory" is one that is
      familiar to anyone in the security field. Leitch goes on to note that
      there is a disparity between providing real value and revenue
      assurance, and the intent of this work is increasing the value of
      business risk controls. The benefits of trying quality management
      techniques, as well as those of quantitative risk management, are
      promoted in chapter two. Chapter three appears to be a collection of
      somewhat random thoughts on risk. Psychological factors in assessing
      risk, and the fact that controls have to be stark enough to make
      people aware of upcoming dangers, are discussed in chapter four.

      Part two turns to a large set of controls, and examines when to use,
      and not to use, them. Chapter five introduces the list, arrangement,
      and structure. Controls that generate other controls (frequently
      management processes) are reviewed in chapter six. For each control
      there is a title, example, statement of need, opening thesis,
      discussion, closing recommendation, and summary relating to other
      controls. Most are one to three pages in length. Audit and
      monitoring controls are dealt with in chapter seven. Adaptation is
      the topic of chapter eight. (There is a longer lead-in discussion to
      these controls, since, inherently, they deal with change, to which
      people, business, and control processes are highly resistant.)
      Chapter nine notes issues of protection and reliability. The
      corrective controls in chapter ten are conceptually related to those
      in chapter seven.

      Part three looks at change for improvement, rather than just for the
      sake of change. Chapter eleven suggests means of promoting good
      behaviours. A Risk and Uncertainty Management Assessment (RUMA) tool
      is presented in chapter twelve, but, frankly, I can't see that it goes
      beyond thinking out alternative courses of action. Barriers to
      improvement are noted in chapter thirteen. Roles in the organization,
      and their relation to risk management, are outlined in chapter
      fourteen. Chapter fifteen examines the special needs for innovative
      projects. Ways to address restrictive ideology are mentioned in
      chapter sixteen. Seven areas that Leitch advises should be explored
      conclude the book in chapter seventeen.

      A number of interesting ideas are presented for consideration in
      regard to the choice and design of controls. However, the text is not
      a guidebook for producing actual control systems.

      copyright, Robert M. Slade 2013 BKIICARM.RVW 20121210


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      A computer lets you make more mistakes faster than any other
      invention in human history, with the possible exception of
      handguns and tequila. - Mitch Radcliffe
      victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
      http://blogs.securiteam.com/index.php/archives/author/p1/
      http://twitter.com/rslade