Many years ago, I read a description of the "perfect internal auditor." It was so great I kept it. 

This morning, I read a piece in ComputerWeekly that made me cheer.

Risk and audit professionals, as a rule, have never seen an (adverse) risk they didn’t want to stamp on and kill. 

In case you missed them, these were the most popular posts on this site (see here for the top posts on my personal blog), based on the number of views. 

QFinance recently published an article of mine on Continuous Auditing: Putting Theory into Practice. When I shared this news, a couple of people commented that internal audit should not be doing this kind of work, because it is a detective control, management's responsibility, and management may rely on it instead of taking ownership themselves. (I should point out that they reacted to the idea of continuous auditing, without reading the article.)

Let me tell you a story. It applies whether you are a risk officer, internal auditor, compliance professional, or even a manager of people.

A couple of months ago, I wrote a couple of pieces about mobile technology. 

My congratulations go to Professor Larry Rittenberg and Frank Martens of PwC on the Thought Leadership PaperUnderstanding and Communicating Risk Appetite, released today by COSO. 

I recently wrote an article on this topic for CFO.com, which you can read here. I listed a few of the more significant expectations (explained in the article) 

The following article (by me) first appeared in the June 2010 issue of Internal Auditor. I will comment in a separate post about how I see IT governance changing as a result of advances in technology. 

In another post, I have shared an article of mine from 2010 on IT governance and internal audit. But, has IT governance changed in the meantime?