‘Writing Great Risks and Controls’ is a project that I did to support my team at work. It’s an informal guide to how to write risks and controls if you are an internal auditor (or similar, although YMMV if your role is different). It started out as a small set of bullets that became a presentation and then morphed into a comic book as I realised that I didn’t want to do yet another PowerPoint.
The guide is available as a downloadable PDF. There are two versions of the PDF. The only difference between them is that one has been minifed to reduce the file size. This has a marginal impact of the quality of the file. If you’re reading the file on a screen, this probably won’t matter. If however, you want to print it, the larger file will look a little nicer.
Anyway, here’s the links to the PDFs:
Oh. OK. Well, there were three main drivers for doing it this way:
The feedback from the team at work has been pretty positive, so I thought I would share it more widely in case it was useful for other audit teams.
Short answer: don’t. Read the guide and decide for yourself whether you think it has merit. The approach here has worked for me, and I’ve been auditing for over 25 years. I’ve worked in some of the biggest banks in the UK and audited everything from large IT operations processes to a project that sought to build an entire bank from scratch. If the approach here doesn’t work for your organisation or doesn’t fit within the bounds of your methodology, so be it.
Yes, go ahead. The guide is covered by a Creative Commons licence that lets you freely make copies. All that is required is attribution (the cover page has the necessary details to cover this angle) and that you respect the terms of the licence. The details of the licence are as follows:
Writing Great Risks & Controls © 2024 by Matt Hodges is licensed under CC BY-ND 4.0
Yes, of course - I’m happy to answer any questions I can and would love to hear any feedback you have. As I have a day-job, please don’t expect an immediate answer. My email address for questions is wgrc@ho.dges.online
Whilst this is flattering, I don’t think of this as a commercial project. The guide is published under a licence that does not require any form of payment, and its my hope that this encourages people to read and share the guide.
If you really have a burning desire to spend your money in connection with this guide, feel free to donate to one of the following charities that are close to my heart:
The character is not me - I’m so good-looking that even a comic-book character version of me would be too distracting. :-)
Seriously, the character doesn’t really look like me and his appearance was really a quirk of my limited drawing skills when I started this project.
The character’s name is obvious - he is, after all the star of the show.
That’s cool. I don’t claim that this is the definitive and only way to do what we do. You should consider writing a guide to how you do things in case others find it useful. If you do, send me a copy. If you just want to rant about how your way is better, please feel free to not get in touch.
Possibly. This guide was originally written with a particular audience in mind (the team I work with) and was intended to address their needs. The nature of the firm we work for and the quirks of the individual team members mean that I have selected certain topics and left out others. If that means that this guide doesn’t hit the spot for you, that’s a shame but I probably won’t be be doing anything about it. Please don’t email me to tell me.