RSS Feed
Thursday, March 12, 2026
Iratxe Gurpegui

6 internal control mistakes to avoid to stay audit-ready all year

Internal control is the set of governance, processes, and activities an organization uses to provide reasonable assurance that it will achieve objectives such as compliance, reliable reporting, and operational effectiveness.

Thursday, February 26, 2026
Iratxe Gurpegui

Policy management that auditors can test and trust

Most policy libraries fail in the same moment: when an auditor asks, “show me which version applied on that date, who approved it, who it applied to, who acknowledged it, and how you know it changed behavior.

Tuesday, January 6, 2026
Iratxe Gurpegui

Risk assessment vs management: what's the difference?

In compliance, people often use “risk assessment” and “risk management” as if they were interchangeable.

Saturday, December 27, 2025
Iratxe Gurpegui

Corruption risks of interaction with public officials

Interactions with public officials are where anti‑corruption programs are most often tested. The combination of discretionary power, time pressure for permits or customs, and the use of intermediaries creates an elevated risk environment.

Friday, December 26, 2025
Iratxe Gurpegui

Subcontractors risk assessment.

Subcontractors extend your operations beyond your walls, which is why they extend your risk profile too.