Today, we’ll be cleaning out the metaphorical “auditor’s closet.” The auditor’s closet comes stashed with a variety of documents that identify, document, record, and communicate specific controls for both you and whoever needs to review these controls in the future.
Latest Content From MISTI
In this exclusive video interview with Internal Audit Insights, MISTI's Dr. Murdock offers up key steps that internal auditors should take to remain relevant and continue to add value to the business.
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organisation.
Just like each area of a jungle gym needs solid attention (lest there be risks), so do the right areas of an audit require attention to maintain the health of a company.
Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.
Fraud and corruption are all around us. As internal auditors, if we're so heavy handed with the few “sinners” we catch, won’t the large majority who didn't get caught breath a huge sigh of relief and just try even harder to stay hidden?
Between varied audiences and modern communication standards (dense information in few words), internal auditors must make sure they’re writing to their end audience.
Few things can derail the audit committee’s perception, confidence, and trust of internal audit faster and more profoundly than ineffective communications to and from the internal audit function.
People talk about a risk event as if it is obvious what it is and what it means. But that's certainly not always the case.
The Five Whys is one of the simplest tools for cause analysis. It is easy to use, and the approach consists of asking “why” multiple items, each of which probes further into the source of the problem.
Whether the organisation as a whole is onboard or not, corporate audit needs to develop and embrace programs designed to meet the needs of a changing workforce if they are to attract and retain top talent.
As an internal auditor, there's nothing wrong with having passion for what you do. Passion supports the search of truth and ensures objective momentum to a conclusion. But it's important to know that emotion, on the other hand, is not passion.
As SOX turns 15 this fall, let’s widen the lens to capture what SOX is really about: its history, its goals, and the most important points to remember for an effective SOX compliance experience.
Whether you are creating an audit team, adding new auditors to your existing team, or flat-out enjoying audit like we do, read on for tips to creating an internal audit team with all the right flavors.
Believe it or not, some orchestral tunes offer up important bits of wisdom that can easily apply to the internal audit function. In part one of this two-part series, Dan Clark describes what internal auditors can learn from Joseph-Maurice Revel's "Bolero".
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
Where companies may do some variation of a rotational program, perhaps using rotational auditors is an untapped resource in your company. If rotational auditing sounds like something you’d like to try – do it. We put together a few steps to get going in that direction.
To have a successful audit outcome, it’s imperative to understand the objective of your audit. Keeping your focus on the end result is imperative.
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
Internal auditors would fare well-taking inspiration from these iconic Seinfeldisms and keeping the following five ideas in mind to better structure their meetings and help them be more efficient.
Most people think their driving is above average. That’s a statistical impossibility, of course, otherwise it wouldn’t be an average. Still, it’s what they believe and in one study, no fewer than 93% of Americans placed themselves in the top 50% of drivers.
Study after study has shown that data analytics is effective and efficient at detecting risk and identifying control weaknesses, non-compliance, and inefficient business processes. So why have some internal audit departments still not embraced it?
When Woodforest National Bank wanted to test whether employees were properly destroying physical data, it hit on an idea that would require internal auditors to roll up their sleeves and get messy.
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
Internal auditor spotlight with Tony Redlinger of IHS Markit: We recently sat down with Tony to talk about the challenges of being an IT auditor, what's next for cybersecurity, integrated auditing, and more.
I went to a client the other day to run a 'Report Writing' course and we discussed “House Style”, including the font choice for audit reports. They were, like many large organisations, very clear on what was and what was not acceptable.
Internal audit leaders continue to fret about hanging on to their top talent. In a recent survey, they ranked staffing concerns, including retention, as among their greatest worries.
I was reading an interesting article the other day about Artificial Intelligence (AI) and cognitive computing. I thought it might be worth sharing some of the thoughts with you in case you had ever contemplated using automation in the compilation of one of your reports.
BP paid more than $25 billion; Volkswagen shelled out $19 billion; Anadarko Petroleum, $5.1 billion; and GlaxoSmithKline ponied up $3.75 billion. No, these aren't prices paid for major acquisitions, they are the penalties these companies paid to resolve environmental, health, and safety issues during the last seven years with a raft of U.S. federal agencies.
One telling sign of a maturing internal audit department is when the CAE proposes audit topics that are organizationally-focused around key projects and initiatives (e.g. evaluating the make-or-buy decision for a material for a key part or performing an assessment of a recent new product introduction) versus a generic audit topic (e.g. payroll or procurement cards).