Amer Morgan

The Numbers That Should Wake Every Board Up

Thu, 16 Apr 2026 04:34:56 -0700

The 2025 North American Pulse of Internal Audit

Thu, 18 Sep 2025 04:43:20 -0700

Navigating the Perfect Storm: Middle East Tensions Meet Global Economic Headwinds

Thu, 18 Sep 2025 04:40:25 -0700

Introduction

As I write this analysis, we're witnessing one of the most complex convergences of geopolitical risks in recent memory.

The Middle East, long a source of global concern, has entered a new phase of volatility that demands immediate attention from corporate leaders worldwide.

But this isn't just another regional crisis – it's a symptom of a broader systemic shift in the global order that will reshape how businesses operate for years to come.

In my years analyzing geopolitical risk, I've rarely seen such a dangerous alignment of factors: escalating regional conflicts, strained international institutions, economic fragmentation, and technological disruption all occurring simultaneously. Today, I want to walk you through not just what's happening, but more importantly, what it means for your organization and how you can prepare.

Part I: The Middle East Powder Keg – Understanding the Current Crisis

The Israel-Palestine Conflict: A Fundamental Shift

Let me be clear: what we're seeing now is not just another cycle in the decades-old Israel-Palestine conflict. The October 7th attacks and subsequent Gaza operations have fundamentally altered the regional security architecture. The rules and assumptions that have governed business operations in the region for decades no longer apply.

What makes this different? First, the scale and nature of the initial attacks shattered long-standing deterrence calculations. Second, the response has been unprecedented in its scope and duration. Third, and perhaps most importantly for our analysis, the conflict has drawn in regional and global powers in ways we haven't seen before.

For businesses, this means that the traditional approach of "waiting out" Middle East tensions is no longer viable. The structural...Read More

Internal Audit of Artificial Intelligence

Thu, 13 Mar 2025 01:41:47 -0700

Introduction: Why AI Needs Internal Audit?

Artificial Intelligence (AI) is revolutionizing business processes, but with great power comes great responsibility. As AI becomes embedded in decision-making, compliance, ethics, and data security risks rise. The Internal Audit of Artificial Intelligence Applied to Business Processes report by The Thought Factory (IIA Spain) offers a structured framework to audit AI systems, ensuring transparency, accountability, and compliance.

This blog explores key aspects of AI governance, risk assessment, regulatory challenges, and internal audit methodologies to help organizations ensure AI compliance while driving innovation.

1. The Growing Role of AI in Business & Its Risks

AI adoption is accelerating across industries, from finance and healthcare to retail and cybersecurity. However, its rapid expansion introduces several risks:

✅ Algorithmic Bias – AI models may inherit biases, leading to unethical or discriminatory outcomes.
✅ Regulatory Compliance – Laws like the EU AI Act impose strict guidelines for AI governance.
✅ Data Privacy Risks – AI processes vast amounts of personal data, requiring GDPR, CCPA, and cybersecurity compliance.
✅ Model Transparency – The "Black Box" problem in AI makes decision-making difficult to explain.
✅ Ethical Implications – Misuse of AI (e.g., surveillance, misinformation, fraud) raises ethical dilemmas.

2. AI Governance & Regulatory Landscape: What Boards Should Know

The European Union's AI Act (2024) establishes a legal framework for AI systems, classifying them based on risk:

🛑...Read More

Board Guidelines on Risk Management 2025

Tue, 11 Mar 2025 06:59:06 -0700

Introduction

In today’s volatile business environment, risk management is no longer a reactive measure but a strategic necessity. The Board Guidelines on Risk Management 2025, developed by IIA Norway, serve as a vital roadmap for board members, executives, and risk professionals. These guidelines offer a structured approach to understanding, managing, and mitigating risks while ensuring compliance and value creation.

This comprehensive blog will break down the core aspects of the guidelines, helping organizations implement best practices in Enterprise Risk Management (ERM).

1. The Foundation of Risk Management Governance

Governance is the backbone of risk management, integrating structures and processes that drive effective decision-making. The board plays a crucial role in setting the tone, ensuring accountability, and maintaining oversight.

Key Components of Governance:

Board’s Role: Defining and overseeing the organization’s risk management framework.

Compliance & Regulations: Adhering to legal and regulatory standards.

Internal Auditing: Ensuring risk processes align with organizational objectives.

Risk Identification & Assessment: Recognizing and categorizing risks to anticipate and mitigate threats.

A strong governance framework enhances transparency, accountability, and overall corporate resilience.

2. Enterprise Risk Management (ERM): A Strategic Perspective

The traditional approach to risk management focuses on avoiding negative outcomes. However, Enterprise Risk Management (ERM), as outlined in the COSO ERM (2017) framework, takes a more holistic and proactive approach.

Key Differences Between ERM and Traditional Risk...Read More

Week 5: GIAS Implementation Plan

Mon, 03 Feb 2025 02:20:56 -0800

Welcome to Week 5 of our "GIAS in Action: Transforming Internal Auditing with the GIAS Framework"! Over the past four weeks, we have established governance structures, executed audit engagements, enhanced stakeholder engagement, and developed strategies for long-term sustainability. Now, we shift our focus to embedding a culture of continuous improvement, ensuring that the internal audit function remains agile, value-driven, and fully aligned with the Global Internal Audit Standards (GIAS).
Focus for Week 5:
Strengthening the internal audit function through self-assessments and external evaluations.
Enhancing quality assurance and driving operational excellence.
Leveraging technology for efficiency and continuous monitoring.
Promoting an agile audit mindset and adaptability to emerging risks.
Day 21: Conducting a Self-Assessment for GIAS Conformance
Perform an internal evaluation of the audit function’s alignment with GIAS.
Identify areas for improvement in governance, risk assessment, audit execution, and reporting.
Develop a corrective action plan based on findings from the self-assessment.
✅ Deliverables: Internal audit self-assessment report and action plan for identified gaps.
Day 22: Preparing for an External Quality Assessment (EQA)
Understand the requirements of an external quality assessment as per GIAS and IIA standards.
Identify external reviewers and plan for an independent evaluation of the internal audit function.
Address key areas of improvement in preparation for the EQA.
✅ Deliverables: External quality assessment preparation checklist and timeline.
Day 23: Strengthening Quality...Read More

Week 4: GIAS Implementation Plan – Advancing Internal Audit Governance and Strategy

Thu, 30 Jan 2025 21:12:58 -0800

Welcome to Week 4 of our "GIAS in Action: Transforming Internal Auditing with the GIAS Framework"! Over the past three weeks, we have established a solid foundation, executed key audit engagements, and implemented continuous improvement processes. Now, it’s time to strengthen governance, enhance risk-based auditing, and align internal audit strategy with long-term organizational success.
This week, we focus on elevating the governance structure, refining risk-based strategies, and ensuring long-term audit effectiveness in alignment with the Global Internal Audit Standards (GIAS).
Focus for Week 4:
Strengthening internal audit governance and oversight.
Enhancing risk-based audit strategies to align with evolving risks.
Driving audit efficiency through improved reporting and stakeholder engagement.
Establishing long-term sustainability in internal audit operations.
Day 16: Strengthening Audit Governance
Assess the effectiveness of the current audit governance framework.
Ensure proper reporting lines, independence, and alignment with GIAS principles.
Improve engagement between internal audit, senior management, and the board.
✅ Deliverables: Governance assessment report, updated governance policies, and key governance KPIs.
Day 17: Enhancing Risk-Based Audit Strategies
Reassess and refine the risk-based audit plan, incorporating emerging risks.
Strengthen risk monitoring, reporting, and prioritization methodologies.
Foster collaboration between internal audit, risk management, and compliance teams.
✅ Deliverables: Updated risk-based audit plan, refined risk prioritization methodology, and improved risk reporting...Read More

Week 3: GIAS Implementation Plan – Driving Execution and Building

Thu, 23 Jan 2025 01:31:59 -0800

Welcome to Week 3 of our "GIAS in Action: Transforming Internal Auditing with the GIAS Framework"! After two weeks of preparation, planning, and building a strong foundation for your internal audit function, it’s now time to execute your plans, refine your processes, and ensure alignment with the Global Internal Audit Standards (GIAS).
This week is all about turning strategies into action. It focuses on initiating engagements, enhancing audit reporting, gathering stakeholder feedback, and establishing a system for continuous improvement.
Focus for Week 3
Initiating audit engagements and adhering to GIAS principles during execution.
Delivering actionable insights through effective audit reporting.
Building a feedback loop to refine processes and ensure sustainable improvement.
Day 11: Initiating Audit Engagements
The first step in driving execution is launching the internal audit engagements based on the risk-based audit plan created in previous weeks.
Key Actions:
Begin the initial set of internal audits, focusing on high-priority risks identified in the risk assessment.
Ensure audit teams follow GIAS-compliant methodologies for planning, execution, and reporting.
Conduct kick-off meetings for each engagement to align the team on objectives and scope.
Deliverables:
Initial audit engagement reports and documented findings.
A progress tracker for audit engagement milestones.
Pro Tip:
Communicate clearly with stakeholders during the initiation phase to ensure expectations are managed effectively and deliverables are aligned with organizational...Read More

Week 2: GIAS Implementation Plan

Tue, 14 Jan 2025 01:27:54 -0800

🌟 Week 2: GIAS Implementation Plan – Strengthening the Framework 🌟
Welcome to Week 2 of our "GIAS in Action: Transforming Internal Auditing with the GIAS Framework"! After a successful Week 1, where we established the foundation, strategy, policies, and technology, Week 2 focuses on strengthening the internal audit framework, embedding quality, and preparing for execution.
🎯 Focus for Week 2:
Enhancing readiness for GIAS compliance through stakeholder collaboration, detailed planning, and resource optimization.
Day 6: Stakeholder Collaboration – Defining Roles and Expectations
Key Actions:
Facilitate a stakeholder workshop to clearly define roles, responsibilities, and expectations for the internal audit function.
Establish a communication framework for ongoing engagement with key stakeholders.
Identify resource needs (financial, human, and technological) and align them with GIAS requirements.
✅ Deliverables:
Documented roles and responsibilities.
Approved stakeholder communication plan.
Day 7: Deep Dive into Risk Management – Refining the Audit Scope
Key Actions:
Revisit the risk assessment conducted in Week 1 and refine the audit scope based on emerging risks or feedback.
Conduct a focused workshop on risk prioritization techniques, including scenario analysis and risk impact mapping.
Develop a comprehensive risk register aligned with GIAS principles.
✅ Deliverables:
Updated risk assessment and risk register.
Refined audit scope.
Day 8: Execution Readiness – Preparing for Initial Audits
Key...Read More

Introduction to the Global Internal Audit Standards (GIAS)

Tue, 07 Jan 2025 01:43:58 -0800

Introduction to the Global Internal Audit Standards (GIAS)
Overview
The Global Internal Audit Standards (GIAS), published by the Institute of Internal Auditors (IIA), provide a comprehensive framework to guide the worldwide professional practice of internal auditing. These standards serve as a benchmark for evaluating and elevating the quality of internal audit functions, ensuring consistency, professionalism, and excellence across diverse organizations and industries.
Purpose of GIAS
The primary aim of GIAS is to strengthen internal auditing as a discipline, enabling organizations to enhance governance, improve risk management, and refine internal control processes. By adhering to GIAS, internal auditors can deliver risk-based, objective assurance and advisory services, thereby adding value and contributing to the achievement of organizational goals.
Structure and Key Elements
The GIAS are organized into five domains:
Purpose of Internal Auditing – Articulates the value internal auditing provides to organizations.
Ethics and Professionalism – Defines the expected ethical behaviors and professionalism for internal auditors.
Governing the Internal Audit Function – Focuses on the framework and oversight needed for effective internal audit governance.
Managing the Internal Audit Function – Addresses the operational and strategic management of the internal audit function.
Performing Internal Audit Services – Details the execution of audit engagements, from planning to reporting.
Each domain contains:
Guiding Principles: Foundational ideals for effective internal auditing.
Standards: Mandatory requirements for...Read More

Amer Morgan

The Numbers That Should Wake Every Board Up

The 2025 North American Pulse of Internal Audit

Navigating the Perfect Storm: Middle East Tensions Meet Global Economic Headwinds

As I write this analysis, we're witnessing one of the most complex convergences of geopolitical risks in recent memory.

The Middle East, long a source of global concern, has entered a new phase of volatility that demands immediate attention from corporate leaders worldwide.

But this isn't just another regional crisis – it's a symptom of a broader systemic shift in the global order that will reshape how businesses operate for years to come.

The Israel-Palestine Conflict: A Fundamental Shift

Internal Audit of Artificial Intelligence

AI adoption is accelerating across industries, from finance and healthcare to retail and cybersecurity. However, its rapid expansion introduces several risks:

The European Union's AI Act (2024) establishes a legal framework for AI systems, classifying them based on risk:

Board Guidelines on Risk Management 2025

Governance is the backbone of risk management, integrating structures and processes that drive effective decision-making. The board plays a crucial role in setting the tone, ensuring accountability, and maintaining oversight.

Board’s Role: Defining and overseeing the organization’s risk management framework.

The traditional approach to risk management focuses on avoiding negative outcomes. However, Enterprise Risk Management (ERM), as outlined in the COSO ERM (2017) framework, takes a more holistic and proactive approach.

Week 5: GIAS Implementation Plan

Day 22: Preparing for an External Quality Assessment (EQA)

Day 23: Strengthening Quality...Read More

Week 4: GIAS Implementation Plan – Advancing Internal Audit Governance and Strategy

Day 17: Enhancing Risk-Based Audit Strategies

Week 3: GIAS Implementation Plan – Driving Execution and Building

Initiating audit engagements and adhering to GIAS principles during execution.

The first step in driving execution is launching the internal audit engagements based on the risk-based audit plan created in previous weeks.

Begin the initial set of internal audits, focusing on high-priority risks identified in the risk assessment.

Deliverables:

Pro Tip:

Week 2: GIAS Implementation Plan

Day 6: Stakeholder Collaboration – Defining Roles and Expectations

Day 7: Deep Dive into Risk Management – Refining the Audit Scope

Day 8: Execution Readiness – Preparing for Initial Audits

Introduction to the Global Internal Audit Standards (GIAS)

Introduction to the Global Internal Audit Standards (GIAS)