Accounting Control Assessment Standards: The Missing Piece in the Restatement Puzzle
COSO: Is "it" fit for purpose?
Better Board Oversight: A guide to where boards of directors can look for useful insight, Tim J. Leech, Ethical Boardroom, Winter 2020
Synopsis: Board risk oversight expectations continue to escalate. In a global world, where directors have limited time for professional development, where can/should directors look for practical information, advice and guidance?
Board Oversight of Strategy and Risk, Tim J. Leech, Ethical Boardroom, Autumn 2019
Synopsis: Directors need better information to meet rapidly escalating expectations. This article provides a summary of escalating expectations and how to respond.
Board Oversight of Long Term Value Creation and Preservation: What Needs to Change? Tim J. Leech, Conference Board Director Notes, July 2017
Synopsis: Institutional investors are calling on CEOs to focus on long term value creation and strategy, including risks that create uncertainty. This article proposes practical steps boards can take.
Building Businesses for the Long Term: Focusing ERM and Internal Audit on What Really Matters – Long term value creation and preservation, Tim J. Leech, Ethical Boardroom, Spring 2017
Synopsis: Investors, particularly institutional investors, representing in excess of a billion future pensioners, are flexing their muscles and calling on companies around the globe to significantly change their approach to value creation. This article provides specific strategies to meet these expectations.
The Next Frontier for Boards: Oversight of Risk Culture, Parveen Gupta and Tim Leech, Conference Board Director Notes, June 2015
Synopsis: Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success.1 This article provides a primer on the next frontier for boards: oversight of “risk culture.”
Overseeing Risk Appetite and Tolerance: Roadblocks that Need to Be Overcome, Parveen Gupta and Tim Leech, Ethical Boardroom, Winter 2014
Synopsis: In the aftermath of the 2008 global financial crisis post mortems were convened in countries around the world to identify what went wrong. A unanimous conclusion was that boards of directors of public companies in general, and financial institutions in particular, need to do more to oversee ‘management’s risk appetite and tolerance’ if future crises are to be avoided.
What Knowledge and Skills Do Directors Need? Today’s board risk oversight require new tools and ideas, Parveen Gupta and Tim Leech, Ethical Boardroom, Summer 2015
Synopsis: This article provides an overview of the risk oversight knowledge and skills required to equip directors to better drive value creation, prevent significant corporate value erosion and, perhaps most importantly, help directors protect their personal reputations as guardians of stakeholder interests.
Control and Risk Self-Assessment: The Dawn of a New Era in Corporate Governance Tim J. Leech, Multiple publication journals 1990
Synopsis: this is an article Tim Leech authored in 1990 that received global recognition and acclaim. It was published in multiple professional journals and used in hundreds of workshops presented to tens of thousands interested internal auditors. An opening paragraph reads: In this article I set out my reasons for concluding that boards of directors, officers, managers, and auditors that use the "historical/traditional approach" to control and risk management should be dissatisfied and actively searching for a more effective replacement. The author hasn't changed his mind 30 years later.
Are we using weak first line risk governance? The single most important question CEOs and boards should be asking internal
auditors and risk officers
Synopsis: In 2003 the IIA produced guidance titled "THREE LINES OF DEFENSE MODEL". It tried to define roles for management, second line functions including risk management and internal audit. Regulators embraced it and encouraged even legislated companies, particularly financial sector companies use it. Three Lines of Defense is a weak first line model that does not expect management to assess and report on the state of risk linked to top objectives. In 2020 the IIA released updated guidance "IIA THREE LINES MODEL". The word "defense" is gone and emphasis is on achieving objectives. This article targeted at CEOs and board members analyses these developments and proposes that the way forward is strong 1st line objective centric risk management.
The High Cost of Herd Mentality
Synopsis: This article appeared in the London School of Economics Centre for Risk & Regulation Winter 2012 issue - Tim Leech analyses the current approaches used by regulators to prevent the next wave of corporate malfeasance. He suggests that more than a few approaches to regulatory reforms suffer from what he calls “herd mentality” and a lack of serious research to determine if the benefits to stakeholders are worth the massive costs imposed on public companies.
Clarity on Board Tim J. Leech Ethical Boardroom Fall 2021
Synopsis: Most Boards do not disclose with much clarity what their PURPOSE is. This article calls on Boards to clarify Board PURPOSE. Clarifying Board PURPOSE immediately leads to greater clarity on the PURPOSE of Internal Audit and Risk Management functions that serve Boards.
U.S. Board Practices Under the Spotlight in the U.S. Tim J. Leech Ethical Boardroom Spring 2022
Synopsis: The National Association of Corporate Directors has convened a commission with a mandate to study the question "Are Board practices outdated". In this article Leech says the answer is a strong YES and provides his prescription re what needs to change.
CertaintyStatusline – the foundation building block of Objective Centric Risk & Certainty Management
CertaintyStatusline MS Word assessment template
CertaintyStatusline Owner/Sponsor Guide
CertaintyStatusline Risk Treatment Principles and Elements
Objective Centric ERM and Internal Audit Five Step Overview
Sample Risk & Certainty Management Corporate Policy Including Role Definitions
COSO ERM 2017 Principles and ROS Objective Centric Risk Management Enablers
Culture Diagnostic Tool and Implementation Method Guide
Objective Centric Risk Management Software Concepts/Specifications
Tim Leech Linked In posts 2021 - A primer on business case for Strategy/Objective Centric ERM/Internal Audit
Tim Leech Linked In posts 2022 - A primer on business case for Strategy/Objective Centric ERM/Internal Audit
Linkages between FSB Principles for Effective Risk Appetite Frameworks and ORCM Enablers
10 Main Assurance Methods, Including Best and Next Best
Inventory Assurance Methods Tool
10 Primary Assurance Methods Visual
Using objective centric risk assessment for SOX 404 and similar ICFR requirements
Article: Reinventing Internal Audit: Recent governance-related developments require the profession to revisit some of its long-held paradigms, Tim J. Leech, Internal Auditor, April 2015
Case Study: Objective Centric Risk & Certainty Management: A Case Study – SVG Capital, 2012-2016, Tim J. Leech, London U.K.
Presentation: Reinventing Internal Audit & ERM: It’s time for revolutionary not incremental change, Tim J. Leech, training presentation to IIA Miami, Jan 2017
Presentation: Paradigm Paralysis in ERM and Internal Audit: A Big Risk To Better Governance, Conference Board of Canada presentation, Tim J. Leech December 2016
Presentation: Honorably Retire “Controls” Promote “Risk Treatments: It’s Time, Tim J. Leech, IIA GRC Conference, August 2012
Presentation: Three Lines of Defense vs Five Lines of Assurance: Elevating the Role of the Board and CEO in Risk Governance, Lauren Hanlon and Tim Leech, Infonex GRC Conference, Toronto, June 2016
ROS Primer: 10 Primary Assurance Methods: Objective Centric, Risk Centric, Process Centric, Control Centric and Compliance Centric, Updated 2019
Tim Leech/Risk Oversight Solutions response to the March 2021 UK request for comments "Restoring Trust in Audit and Corporate Governance"
Presentation: In Search of Utopia: What should an audit committee want from internal audit?, Training workshop presented to audit committee members of Alberta Crown Corporations by Tim Leech, March 2006