Kiko's World No Description Blogo Thu, 21 Aug 2014 02:20:39 GMT en-us door handles door handles ]]> Thu, 14 Aug 2014 14:19:27 GMT Renato Sun, 19 Aug 2012 05:43:51 GMT Gerhard Fri, 17 Aug 2012 18:39:46 GMT Tara Tue, 31 Jul 2012 10:37:15 GMT Estefano Thu, 19 Apr 2012 09:07:24 GMT Ramesh Wed, 18 Apr 2012 19:42:57 GMT Michael Corcoran I agree with Kiko that IA should understand where value is planned to be created and where value needs to be preserved.  I call this value intelligence and is a far more powerful business person approach to watching out for shareholders/stakeholders than mostly talking about risk.  Alignment of the audit plan to value creation and preservation is critical  to being viewed as a trusted advisor by the BOD, CSuite and line management.

More than ever, IA audit should keep abreast of technology that helps the organization with governance, risk and compliance, ERM or higher risk areas like security. While IA may not be the end buyer/user they can be a good team member to evaluate possibilities/solutions.

Glad the comment box has reappeared.



]]> Thu, 16 Feb 2012 15:14:00 GMT
NRB It all boils down to getting the message across, and being effective. 

]]> Thu, 02 Feb 2012 16:15:25 GMT
Rajen Kumar Shah Hello Kiko,

Wow! Excellent! Superb!

I appreciate the way you have interpreted Audit Universe. My two cents:

- While mapping the Audit Universe, as an Internal Auditor, I do take a stock of various Risks;

- Audit Universe mostly comprises of "auditable" areas, while I do agree that external factors are equally important but because of contingency in nature, these are not given priority.

Your views please.



]]> Fri, 27 Jan 2012 10:33:25 GMT
Muhammad Ali Is the purpose of Jargon is to confuse the already confused audience so that they trap in deciphering the jargons and effectively not get to the real message. Is this a result of deliberate attempt by palying with words so that when audience feel that they can't get what we are upto so we could say we need you to achieve some level of understanding in order to understand our process and than you would be in a position to comment. We often heard the statement to explain in plain English and I wonder why it so. Is it necessary for person to acheive the level of sophistication we as an audit professional possessed in order to be on same wave length. Effective delivery of message lies in explaining your message in a way that your audience understand and get the message and after all you need to relate your self with the audience.

Our audit report is full of jargons which only audit nerds could understand and yet we claim we address our report to audience which we believe not possess the competency to understand the jargons.

]]> Sat, 24 Dec 2011 07:34:08 GMT
Jean Mon, 05 Dec 2011 13:19:40 GMT William Baugh  

Auditor Audit Thy Self…
I agree with the previous commenter’s but I believe Kiko’s point is that we are sometimes so familiar with our own (control) language we sometimes fail to realize our own communications lapses. As an audit consultant (vs. IAPPP – Internal Audit Professional Practice Provider), I often find myself in audit/management meetings translating for management. And, while management may be familiar with our language, they are often not fluent enough match our delivery. We have all talked with non-native English speakers and experience times where our message was not effectively received. This often occurs when our careless jargon is either misunderstood or we leave the listener behind as they process unfamiliar terminology.
It is the messenger’s responsibility to ensure messages are being effectively received. An argued point that is clearly understood is deemed more creditable than the same point delivered with less clarity (If this is not obvious there are several supporting studies I can provide). We can ensure the clarity of our message by focusing on terms common to both parties in the conversation. And while management may be able to translate the term “meeting the objectives of adequate controls” I find they respond better to “process strength.”
]]> Thu, 17 Nov 2011 16:55:35 GMT
Thomas R. Holland Completely agree with Horatio. If you know your audience well enough to know that the industry-specific terminology you use is the prevailing language, then it has an efficiency in communication you can lean on. However, outside of the community, and without sufficiently clear explanation in plain English reinforced with appropriate anecdotes and accurate analogies, this is just looked at as so much male bovine fecal matter. There is enough of that in the world without adding to the pile.

]]> Thu, 03 Nov 2011 13:05:00 GMT
Horatio Naidoo To me it is entirely dependant on the audience. For example in the executive summary section of our reports we never use jargon or abbreviations without clarifying it. But, in the detailed report we sometimes do as quite often line management are aware of the terms being used.

In instances where the term is not commonly used within the clients evironment (e.g. acronyms to legislation, frameworks etc) we also provide definitions of acronyms and terms.

I don't think there is a perfect fit but it is much rather a case of writing with your audience in mind.

]]> Tue, 25 Oct 2011 11:16:46 GMT
Zahid Aziz Kiko is the best blogger ever.

]]> Sun, 23 Oct 2011 11:22:57 GMT
hene I think your ideas of knowledge sharing information is great regarding the internal audits,staffing strategy, fruad auditing. We at admire you.

]]> Tue, 18 Oct 2011 08:00:07 GMT
Chris Horton The Denver Auditor's Office completed an audit last year of the City's ethics and compliance program and found several issues, including: lack of a centralized hotline; no comprehensive reporting function, which led to an inability to identify the universe of ethics complaints; weak protections for anonymous whistleblowers; multiple "codes" (such as the ethics code and a code of conduct); inadequate ethics training; and poor funding for the ethics oversight function.

We also tested and confirmed the applicability of the Federal Sentencing Guidelines for Organizations to the public sector. This is a relatively new application of the FSG in the public sector and was surprising to a number of city officials.

I encourage you to take a look at our report, which can be found at: I welcome any feedback, either through this forum or at


]]> Mon, 19 Sep 2011 14:49:23 GMT
Kiko Harvey If your internal audit group performs a governance audit of hotline procedures and is independent of this area - you may want to focus on the following:  1) Timeliness of matter resolution 2)  Reports of conflict of interest involving senior management  3) Measuring service levels of outsourced service providers taking hotling calls 4) Accuracy of coding of calls 5) Sufficiency of documentation supporting call investigation and 6) Hotline reporting and call summaries.  SOX processes may not be sufficiently detailed enough to evaluate the operational areas of hotline calls.

]]> Tue, 06 Sep 2011 15:04:45 GMT
Nyvaeh Tue, 06 Sep 2011 13:47:31 GMT Tanya Robbins At IP, IA participates in hotline investigations concerning book keeping improprieties, fraud, theft, kickbacks/bribes, embezzlement, etc.  But we do not audit the hotline procedures from a governance perspective. Our external audit performs that role. 

]]> Sat, 03 Sep 2011 21:27:28 GMT