Cover -- Contents -- List of Tables -- List of Figures -- Introduction -- PART I: THE BIGGER PICTURE -- 1 How Much Improvement is Possible? -- Example 1: Sarbanes-Oxley versus Revenue Assurance -- Example 2: Bureaucratic controls versus intelligent controls -- What this book does and does not provide -- How this book is organized -- 2 Risk Management and Internal Control: Poised for Progress -- The origins of internal control -- The long war with quality management -- An opportunity for progress -- The origins of risk management -- Conceptual differences between risk management traditions -- Another opportunity for progress -- Internal control and risk management collide -- 3 Integrated Risk Control is Simpler -- A mental picture of risk control -- Other observations on risk control today -- 4 Goals from People and Behaviour -- Guidance from the psychology of risk and control -- Cases of uncertainty suppression -- The big message for risk control -- PART II: HIGH VALUE CONTROL MECHANISMS -- 5 A Summary of Control Patterns for More Value -- How to benefit from this collection -- Format of presentation -- A summary of the ideas -- 6 Controls that Generate Other Controls -- 1 Self-generating control system -- 2 Controls development resource direction -- 3 Controls generation applications -- 4 Double loop design -- 5 Top-down design with schemes -- 6 Post-implementation refinement -- 7 Factor-driven design -- 8 Cause-effect intervention -- 9 Evolving uncertainty lists -- 10 Risk registers -- 11 Matrix mapping of risks and controls -- 12 Process step analysis -- 13 Causal models -- 14 Monte Carlo simulation -- 15 Fault and event tree analysis -- 16 Story-telling about the future -- 17 Generic control design library -- 18 Control patterns -- 19 Process control framework -- 20 Project control framework -- 7 Audits, Reviews and Efficient Monitoring.

21 Controls supervision hierarchy -- 22 Process management control -- 23 Process stats pack -- 24 Personal comparatives -- 25 Statistical process control -- 26 Risk-factor monitoring -- 27 Healthy conversations about control performance -- 28 Control interview questions -- 29 Reporting with uncertainty -- 30 Explanation first analytics -- 31 Graphical business analytics -- 32 Random fraud audits -- 33 Adaptive audit -- 34 Audit against controls designed -- 35 All evidence audit -- 36 Agile documentation reviews -- 8 Learning and Adapting -- An overview of learning and adapting -- Qualities of adaptive control systems -- Beyond Budgeting cases -- Control patterns for management under uncertainty -- 37 Flexible requirements -- 38 Risk weighting -- 39 Flexible agreements -- 40 Flexible plans -- 41 The critical chain method -- 42 Evolutionary project management -- 43 Portfolio management -- 44 Negative feedback control loops -- 45 Accelerated targets -- 46 Reforecasting to completion -- 47 Forecasting with statistical extrapolation -- 9 Protection and Inherent Reliability -- 48 Multi-layered access restriction -- 49 Segregation rules on roles -- 50 Cognitive ergonomics -- 10 Checking and Correcting -- 51 Spreadsheet tightening or replacement -- 52 Computer supported authorizations -- 53 Extended edit checks -- 54 Shift from pre to post -- 55 Recovery/cleansing project -- 56 Discrepancy searching -- 57 Anomaly searching -- 58 End-to-end reconciliation -- 59 Mass correction tool -- 60 Error file reduction by cluster -- PART III: MAKING GOOD CHANGE HAPPEN -- 11 Triggering Good Behaviours -- Beyond coercion -- Using triggers for pervasive behaviour change -- Sources of real-time triggers -- Some examples of implementation steps -- Implementing REPORTING WITH UNCERTAINTY -- Implementing RISK WEIGHTING -- Implementing FORECASTING WITH STATISTICAL EXTRAPOLATION.

Measurement and motivation -- 12 Personal Education and Assessments -- Risk and Uncertainty Management Assessment (RUMA) -- What RUMA studies have shown -- Applying scenario-based testing and teaching -- 13 Understanding Barriers to Improvement -- Low expertise and expectations -- Uncertainty suppression -- Gridlock -- Audit and regulation focus -- Weak or undeveloped techniques treated as proven -- Unhelpful, limiting ideas -- 14 Key Roles and How Each Can Increase Value from Risk Control -- The roles of key players -- Senior executives -- Senior non-executives -- Internal audit managers including the head of internal audit -- Line managers -- IT managers -- Everyone else -- 15 Innovation and the Friendly Expansion Strategy -- What to expect -- Who will succeed? -- Useful techniques -- How to sabotage innovative projects -- The Friendly Expansion strategy -- 16 Helpful Alternatives to Unhelpful Ideas -- Contrasting practices -- Six strategies to promote better practices -- Common problem areas -- 17 The Seven Frontiers -- Frontier 1: More controls design and less audit and remediation -- Frontier 2: Corporate risk management getting closer to internal control -- Frontier 3: Better quantification -- Frontier 4: Behaviour change beyond risk registers -- Frontier 5: Risk management that targets psychological factors -- Frontier 6: Risk and performance management merging through a causal model -- Frontier 7: Technical risk register reforms -- Finally -- Index -- A -- B -- C -- D -- E -- F -- G -- H -- I -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V -- W.