Welcome to CCI Magazine_March
and soft controls — are review controls. MK: What do you mean by that? �ʝ� That’s where somebody, some individual, has the responsibility to look at the performance of a hard control — a report or something like that, for example — to make sure that the outcomes are what the company is expecting. So you have a hard control producing a result, or a person performing a control, and you also have somebody else reviewing and making sure that those controls work appropriately. That can be someone responsible for tone at the top,
compliance professionals learn êİĔČ�ɿɽ�ŘÕ²İĴ�Ĕê�²İʲčÕĴʴ Oxley compliance? To explore that question, I talked with Brian Tremblay, who is a managing director at CFGI, a ËĔčĴŁĆļõčë�ţİČ�ļñ²ļ�ŖĔİăĴ�Ĕč� audit and compliance issues (among many other things). Tremblay previously held jobs as a corporate internal audit executive, compliance practice ĆÕ²ÑÕİ�²ļ�²�ËŘÊÕİĴÕËŁİõļŘ�ţİČ� ²čÑ��õë�ʁ�²ŁÑõļ�²ĴĴĔËõ²ļÕʣ�\ĔĴļ� importantly, he has plenty to say about effective internal controls. Matt Kelly: Ethics and ËĔČĭĆõ²čËÕ�ĔêţËÕİĴ�ĔêļÕč�ļñõčă�õč� terms of “hard controls,” such as ERP systems blocking payments
to third parties that haven’t been properly onboarded, and “soft controls,” such as tone at the top, policies, codes of conduct and so forth. Do you, coming from the audit side, see internal controls in the same way? �İõ²č�İÕČÊĆ²Řʝ� I agree with the concept of hard controls and soft controls, although I might say that “hard” controls are “technical” controls, where technology enforces them, and “soft” controls are tone at the top and whistleblower hotlines and all those things that most companies have. The other thing that came to mind, however — the thing that sits between hard controls
Matt Kelly + Brian Tremblay
corporatecomplianceinsights.com | 21
Made with FlippingBook Ebook Creator