- Home
- Internal Audit Insights
Internal Audit
ft: f: 2000-01-01t: 3000-01-02c: 2019-09-23
asdf
Featured Article:
Drawing the Lines: What’s Wrong with the Three Lines of Defense Model?
By By Joseph McCafferty
September 15, 2019
Where, exactly, does responsibility lie in a modern corporation for ensuring that risks are being identified and managed?
How Internal Audit Can Better Convey Risks Using a Heat Map
By Joseph McCafferty
September 12, 2019
A definitive guide to producing, using, and improving a risk heat map at your organization.
A Discussion on the Three Lines of Defense Model
By Marcos Colon
September 05, 2019
In this Internal Audit Insights interview, MISTI's Dr. Hernan Murdock discusses how the internal audit function can benefit from the Three Lines of Defense Model.
Cybersecurity Progress: Where Does Internal Audit Stand Today?
By Marcos Colon
August 27, 2019
In the full video interview below, MISTI's Director of Instructional Technologies and Innovation, Shawna Flanders, discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions.
Stop Telling Professionals How to Do Their Jobs
By Hernan Murdock
August 20, 2019
In this video interview with MISTI's Dr. Hernan Murdock, he explains why micro-managing is a big problem in internal audit and offers up advice on how audit leaders can overcome it.
Regulations That Beef Up Security in 2019
By Marcos Colon
August 13, 2019
It's not only the information security department that needs to stay on top of cybersecurity regulations. Internal audit also plays a big role. In this interview with MISTI's Shawna Flanders, she discusses the regulations internal audit should keep top of mind.
Five Reasons that Explain Why Internal Audit Matters
By Hernan Murdock
August 06, 2019
People choose a line of work for a variety of reasons. Sometimes it is because it pays very well, or it is what our parents steered us towards. It could be because it is the only job in town or because it is glamorous. Regardless of the circumstances and career path that brought you to internal audit, an important question begging for an answer is: Why do you stay?
Adding Value by Using a More Proactive Approach to Internal Auditing
By Hernan Murdock
July 30, 2019
Traditionally, internal auditing was done retroactively. While our methodology has relied on this practice and it has been used widely for a long time, one of the issues with this after-the-event approach is that the actions have already occurred. It is based on auditors focusing on issue detection.
How Internal Auditors Can Give and Receive Feedback
By Hernan Murdock
July 23, 2019
Receiving feedback is an essential element in every internal auditors’ development. In this feature article, MISTI's Dr. Hernan Murdock provides seven key practices that should be part of this process to make it most effective.
More Dynamic Presentations: Internal Audit Delivery Skills
By Jill Schiefelbein
July 09, 2019
There’s a big difference between a few butterflies and paralysing fear when it comes to public speaking. When it comes to giving a great presentation, it’s not just what you say, it’s not just how you say it, but it’s the combination of those two things along with the experience you provide and the feeling you leave your audience with that creates results.
Nine Essential Skills for Internal Audit Success
By Hernan Murdock
July 02, 2019
Those entering the internal audit and compliance professions often wonder what they need to do to succeed in their new careers. There is a lot to learn. In fact, the general advice is to become lifelong learners. But there is also the constant pressure from within the department. Here, MISTI's Dr. Hernan Murdock lists nine skills and actions essential for success.
Seven Key Internal Audit Actions for Success
By Hernan Murdock
July 02, 2019
The work of internal auditors and compliance professionals is filled with frameworks, regulations, and policies and procedures documents that define the path for operational effectiveness. Follow those guidelines, manage risk effectively and the likelihood of success increases. But what about our own success?
Building the Audit Function of 2020
By Dawn Papandrea
June 25, 2019
Your organisation has decided to take the important step of creating an internal audit function, and you’ve been tasked to build it. Building out teams from scratch is always a challenge, but internal audit departments have an especially important role.
Audit Writer’s Hub: Mentoring Better Writers
By Sarah Swanson
June 21, 2019
Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.
2019 Internal Audit Priorities: Cybersecurity (Part 4)
By Marcos Colon
June 11, 2019
In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.
2019 Internal Audit Priorities: Skills & Competencies (Part 3)
By Marcos Colon
June 04, 2019
In part three of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Patti Puccinelli, vice president of audit advisory services at ManpowerGroup, who discussed why it’s so important for internal audit leaders to continually keep pace with the latest skills and competencies required for the function to achieve its objectives.
2019 Internal Audit Priorities: Resources (Part 2)
By Marcos Colon
May 28, 2019
In part two of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Holland, director of internal audit at Modine Manufacturing, who shared his thoughts on the state of resources for the modern-day internal auditor.
How to Stand Together Against Fraud and Corruption
By Nigel Iyer
May 21, 2019
If the famous English dramatist Oscar Wilde was alive today writing farces about fraud, he might have said: “There is only one thing worse than finding fraud and corruption, and that is not finding it". So, what is the problem? Why does no one seem to discover fraud until really late in the game? Why is there always so much shock when it is located?
2019 Internal Audit Priorities: Workforce Development (Part 1)
By Marcos Colon
May 21, 2019
In part one of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Cook, managing director of internal audit at Robert W. Baird, who shared his thoughts and advice on how audit leaders today can realign their resources effectively.
Audit Writer’s Hub: 5 Editing Mistakes You Can Fix Right Now
By Sarah Swanson
May 01, 2019
It’s easy to overlook your own grammar errors. But you’ll be a better writer if you become mindful of your writing and correct your own editing mistakes. Here are five common editing mistakes we all make or might have questions about. Maybe a couple will resonate with you.
How to Beat Robots When Performing COSO-Based Reviews
By Hernan Murdock
April 23, 2019
Robots are having a growing influence on organisational practices and this dynamic is of great interest to internal auditors and compliance professionals who examine the impact of these technologies on organisational objectives, risks and controls. But they also present a growing concern as the work performed by internal auditors may be replaced by machines.
Micro-Managing in Internal Audit: Stop Telling Professionals How to do Their Jobs
By Hernan Murdock
April 16, 2019
The work of internal auditors and compliance professionals is complex, challenging and often, unfortunately, under-appreciated by their clients. What makes matters even more stressful for these professionals is that their managers sometimes micro-manage them.
9 Critical InfoSec Tips That Every Internal Auditor Should Master
By Karen Kroll
April 09, 2019
Cybersecurity is top of mind for most executives and board members, as well as to internal audit. While the information security team may be in charge of measurably reducing cyber risk within the business, internal audit has an important role to play too.
Using High-Quality Evidence to Provide Reasonable Assurance
By Hernan Murdock
April 04, 2019
Evidence is something that provides proof and it proves or disproves something. It is presented as verification of the facts at issue and generally includes the testimony of witnesses, and the examination of records, documents, and objects. This feature by MISTI's Dr. Hernan Murdock, examines the qualitative elements to consider when it comes to leveraging high-quality evidence.
An Expanded View of the Performance Audit Scope
By Hernan Murdock
April 02, 2019
Performance auditing is the review of a program or process, and the systems supporting it, to determine whether it is achieving the primary goals of efficiency, effectiveness, and economy in its use of available resources. These reviews are often done in government and non-profit entities, but they are equally important in the for-profit sector.
How to Quantify the Economic Costs and Benefits of Controls
By Hernan Murdock
March 28, 2019
To become trusted advisors to management it would help if we spoke the same language they do. While auditors and compliance professionals often talk in terms of controls, and increasingly in terms of risk, managers and business leaders often talk in terms of costs, benefits, revenue, reputation, and market share.
Boosting Your Internal Audit Career Through Coaching and Mentoring Programs
By Hernan Murdock
March 26, 2019
Internal auditing is a complex field of work that is undergoing significant changes. Today's internal auditors are tasked with managing their careers, so they remain relevant in the short and longer terms. Given this complex environment, it is not surprising that mentoring and coaching have emerged as essential tools to help auditors grow professionally.
Give your Readers a Boost: 5 Tips to Using the Right Transition
By Sarah Swanson
March 21, 2019
Transitions are those juicy, bite-size gourmet words that connect ideas, sentences, paragraphs, and even sections. Too often, we can misuse, overuse, or omit transitions. This article covers how to use transitions to improve clarity in your reports.
Strategic Messaging and Influencing Skills: A Framework for Internal Auditors
By Jill Schiefelbein
March 19, 2019
Last month in an article about setting the stage for better decision-making we learned about four elements that you should be considering before you even form the words you want to say. This month it’s all about the messaging.
Co-Establishing the Need: Internal Audit’s Role in Getting Buy-in at the Client Level
By Jill Schiefelbein
March 14, 2019
One of the most overlooked, but essential, elements of the persuasive process is establishing a definite need in your to-be-persuaded-audience’s mind. In other words, how does the client know that they need what you have to offer? Here, we explore the topic.
The Many Benefits of Rotation Programs
By Hernan Murdock
March 12, 2019
As business processes become more complex, information more widely dispersed, and the risk environment more complicated, the need for internal auditors to adapt to this new environment becomes imperative. This is where rotation programs can really save the day.
How to Approach Internal Audit Recruitment
By Karen Kroll
March 07, 2019
The search for qualified, competent internal auditors remains a challenge for many audit departments. As internal audit leaders continue to struggle qualified additions to their teams, what areas should they be focusing on and what steps can they take? This feature story answers those questions.
Interested in Becoming an IT Auditor? Here’s What to Know and Do
By Heather Dean Bennington
March 05, 2019
So, what exactly does an IT auditor do? In this article, we provide a broad breakdown of an IT auditor's responsibilities, the necessary skills to become one, how an IT auditor interacts with other roles throughout their organisation, and more.
Why Symposiums Promote Collaborative Learning in Internal Audit
By Hernan Murdock
March 05, 2019
Internal auditors must engage in lifelong learning. They are increasingly participating in webinars, consuming online content, and listening to podcasts. While all of these actions are conducive to learning, there is another learning opportunity that many internal auditors and compliance professionals may not be familiar with: Symposiums.
Communication Skills for Junior Auditors: What to Know and Why
By Jill Schiefelbein
February 26, 2019
There are some common communication mistakes that junior auditors make. Lucky for you, this article is going to point these foibles out and show you how you can change the trajectory of your communication to show confidence, not self-consciousness.
7 Things to Know About IT GRC in the Cloud
By Heather Bennington
February 19, 2019
In migrating to the cloud, many challenges are present, and perhaps one of the largest challenges is updating an organisation’s overall GRC program. Here, we've gathered a number of things that IT auditors should know about IT GRC in the cloud.
Auditing The Supply Chain in 2019: What to Know and Why
By Karen Kroll
February 19, 2019
Much internal audit work has focused on financial transactions and controls. Now, many auditors are adding supply chain audits to their responsibilities. In this feature article, we've broken down some of the common risks associated with supply chains.
How Internal Audit Can Benefit From the Three Lines of Defence Model
By Hernan Murdock
February 12, 2019
The Three Lines of Defence Model provides a framework to clarify the involvement and alignment of multiple assurance providers acting on behalf of their client organisations. It has become increasingly common to have various risk and control professionals working side by side to help their organisations manage risk and increase the likelihood of achieving strategic and operational goals.
Cybersecurity and Regulatory Changes in 2019
By Heather Bennington
February 07, 2019
As we work toward the thick of the year, we've compiled a list of which cybersecurity regulations could be impactful this year, some of the challenges that they could present, and the reasons behind some of the changes we've highlighted below.
Fraud Investigation Reports vs. Audit Reports: What’s the difference?
By Sarah Swanson
February 05, 2019
As fraud investigations get folded into the internal audit department, some audit shops are tempted to frame a fraud report in the same format and tone as the audit report. The idea couldn’t be more wrong. Read on for ways to present a full and succinct fraud investigation report using report design, content, and tone.
How Internal Audit Can Get Innovative
By Hernan Murdock
January 31, 2019
In internal audit, the methodologies of the past may have made the organization successful, but there is no guarantee that those same procedures will lead to success in the future. In this featured article, MISTI's Dr. Hernan Murdock highlights some examples of ways that innovation can help internal auditors, but most importantly, outlines how they can get started.
Audit Writer’s Hub: Does Your Report Format Fit Your Needs?
By Sarah Swanson
January 29, 2019
Every company has a different way to communicate and a different report format to use. Well, there is no best way – each format has its pros and cons and you have to weigh the benefits of each format for your audience.
How People Decide: Setting the Stage for Optimal Decision Making
By Jill Schiefelbein
January 24, 2019
Most advice people have regarding decision making is along the line of, “weigh your options”, “get outside advice from a trusted source”, or “look at the cost-benefit or ROI”. That advice is fine and dandy, but it ignores one key fact: If the stage on which the decision is made isn’t set appropriately, the decision may not be the best. Here are four steps to set the stage for productive conversations and more efficient decisions.
Privacy in the Age of Big Brother: What It Means for IT Audit
By Marcos Colón
January 22, 2019
Technology has impacted quite a lot, but privacy is likely what hits closest to home for everyone. Internal Audit Insights catches up with IHS Markit Internal Audit Director Tony Redlinger, who discusses what the state of privacy is today, and more importantly, what impact it has on the modern-day IT auditor.
Integrating Fraud Testing Into Your Audit Program: A Guide for Chief Auditors
By Leonard Vona
January 17, 2019
Fraud costs organisations millions of dollars each year. Simply Google the phrase “fraud scheme,” and you will discover more news stories than you have time to read. If auditors do not detect and stop a fraud scheme, they have cost their organisation real money. So, another question for you: Do you want to explain to your audit committee why your department did not detect a $63 million fraud?
Becoming a Risk Assessment Unicorn
By Steve DeSantis
January 15, 2019
You’ve read a bazillion articles on data analytics theory (ho-hum) in auditing. And we'll be the first to say that we've written a variety on this site. But this time around, let’s focus on how to actually use those data analytics in a single audit area: risk assessments.
Women in Internal Audit: Opportunities, Challenges, and More in 2019
By Marcos Colón
January 10, 2019
Internal Audit Insights catches up with Nancy Luquette, senior vice president and chief risk and audit executive at S&P Global, who shares her take on the state of women in internal audit in 2019 and the challenges many female practitioners face, but more importantly, how they can overcome them.
How Your Organisation Can Benefit from Internal Audit Rotation Programs
By Hernan Murdock
January 08, 2019
As business processes become more complex, information more widely dispersed, and the risk environment more complicated, the need for internal auditors to adapt to this new environment becomes imperative.
How Non-Technical Auditors Can Tackle IT Risks
By Marcos Colón
January 03, 2019
Internal Audit Insights caught up with Jami Shine, corporate and IT audit manager at Quiktrip Corp, who shared some proven advice on how non-technical auditors can overcome some of the challenges associated with IT risks.
Internal Audit Insights Top 10 in 2018
By Marcos Colón
December 27, 2018
And just like that, another year has gone by. We've had a blast providing you with insights all throughout the year, covering audit report writing, project management, and coverage on emerging technology. Here we've compiled a list of the most read articles.
The Dos and Dont’s of Navigating Touchy Audit Interviews Through Language
By Marcos Colón
December 21, 2018
Communication's expert Jill Schiefelbein chats with Internal Audit Insights and offers up her take on what makes audit interviews so difficult for the modern-day internal auditor, and also offers up specific advise you can use during your next audit interview to ensure you're navigating those encounters effectively.
The Three-Part Approach to Closing the Audit Plan
By Ernest Anunciacion
December 21, 2018
Effectively closing the audit plan and landing on specific action items to pursue can be a challenge. In this contributed article, Workiva's Ernest Anunciacion provides three steps to close this year's audit plan and prepare for next year.
Implementing Your Audit Department’s Top Technological Audit Practices
By Marcos Colón
December 18, 2018
Data analytics is being leveraged more than ever by internal audit departments, but for those that haven't jumped on the bandwagon yet, this interview with CVS Health's head of data analytics explains the benefits, challenges, and misconceptions tied to the technology.
How Internal Audit Can Improve the Organisation's Tone and Culture
By Hernan Murdock
December 18, 2018
The concept of “tone” plays a key role in the control environment of the organisation. While it is set at the top, it should cascade without distortion or gaps throughout the entire organisation.
Audit Writer’s Hub: Delete the Nothings and Get to Something
By Sarah Swanson
December 11, 2018
In this edition of the Audit Writer's Hub, we specifically tackle some of the pesky nothings – unimportant sentences, filler phrases, and negative phrasing – that creep into our writing and how to get rid of them.
High-Impact Skills for Developing and Leading Your Audit Team
By Marcos Colón
December 06, 2018
MISTI’s Dr. Murdock shares what the status of the internal auditor is today, in addition providing some key audit leadership techniques that many up-and-coming audit leaders are commonly unaware of.
The Impact Selective Language Can Have on Your Audit Interviews
By Jill Schiefelbein
December 04, 2018
With increased access to cost-effective and user-efficient digital communication technologies that allow people to intentionally or spontaneously connect from any place, at any time, we have opportunities to collaborate like never before.
The Three Key Elements of Professional Scepticism
By Hernan Murdock
December 04, 2018
Professional scepticism is a critical component of an internal auditor's duty of care that applies throughout any engagement. It's an attitude that includes a questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence. Here are the three key elements of scepticism you should know
.
The Low Down on Integrated Auditing
By Marcos Colón
November 29, 2018
In this video interview with Internal Audit Insights, Constance Snelling, director of IT risk at Jackson National Life, offers up the essential skills that are needed to be a successful IT auditor today and how this ties into performing an integrated audit.
Preparing for Robotic Process Automation: What Internal Auditors Need to Know
By Ed Williams & Venkatesh Krishnamoorthy
November 27, 2018
RPA, robotics, robots, bots … as internal auditors you have undoubtedly been hearing this terminology tossed around more and more. What exactly is it? Why is it such a hot topic? Here we answer those questions.
GRC at the Speed of Business
By Marcos Colón
November 22, 2018
Internal Audit Insights catches up with Ford Winslow, CEO of ICE Cybersecurity, to discuss what the “speed of business” has had on GRC controls, and what IT auditors should prepare for.
How to Use Balanced Scorecards to Measure the Performance of Internal Audit Departments
By Hernan Murdock
November 19, 2018
The balanced scorecard is a system used to make sure business operations are aligned with the organization’s mission, vision, and strategy. Since it uses several measures to determine success, it helps those involved to balance what is achieved with how it is achieved. Here's how.
How to Create a Fraud Risk Statement for Your Fraud Audit Program
By Leonard Vona
November 15, 2018
There tends to be a fair amount of confusion when it comes to a fraud risk identification approach versus an experience-based approach but here we set out to create a list of universal definitions intended to clarify how and why you might use this approach.
Do DevOps and Compliance Go Hand in Hand?
By Marcos Colón
November 13, 2018
IT audit is only beginning to familiarize itself with DevOps as more organizations begin to deploy successful programs. But is it fair to say that DevOps and compliance go hand in hand? In this video interview with Atlassian Risk Futurist Guy Herbert, he gives his take on the topic.
4 Strategies to Head up Risk Management in your Company
By Sarah Swanson
November 13, 2018
As auditors, we all know that internal audit is uniquely positioned to understand where risks lay within an organization. But sometimes audit doesn’t get the opportunity to communicate the company’s risks to a broader audience. Here, we share a few ideas to help internal audit build bridges between knowing, communicating, and fixing risk in a company.
Leveraging Virtual Team Meetings as Part of the Internal Audit Process
By Jill Schiefelbein
November 06, 2018
Many internal audit teams are not using video conferencing and virtual meetings to their advantage. When they're set up for success, research shows that virtual teams can be more effective in solving quick, simple problems than face-to-face teams.
Common Visual Cues that Could Send Your Audit Client the Wrong Message
By Jill Schiefelbein
November 01, 2018
As an internal auditor, it’s not just your words, it’s the absence of words or untimely words that could still convey a message to an audit client. It’s not only your actions, but it’s also the lack of action. All of these aspects result in communication. Communications expert Jill Schiefelbein explains more.
What Internal Auditors Should Know About Dirty Money Centres
By Veronica Morino, Asia Chernova, and Nigel Iyer
November 01, 2018
As Dirty Money Constellations continue to move from the “Islands of Shame” to the re-emerging epicentres of power, should we just be passive observers or is there something we can do?
Balancing the Risks of Today with an Eye on the Risks of Tomorrow
By Alec Arons
October 29, 2018
A great deal has changed over the years when it comes to risk, including the willingness and interest of CAE’s, Audit Committees and Boards to talk about risk. As part of the increase in dialogue relating to risk and risks on the horizon much has been written and discussed. Here, Experis's Alec Arons consolidates that information.
The IT Audit Checklist for Emerging Risks
By Sarah Swanson
October 22, 2018
Many organisations are still failing to effectively audit areas such as cloud security or even social media. So what areas should you be covering and why? This article answers questions tied to that topic. Here you'll find the top IT risks that consistently vex companies and protect your assets.
Using Histograms to Better Understand Data
By Hernan Murdock
October 22, 2018
Histograms are a very powerful tool to analyze data because they show the distribution of a continuous variable in a diagram and their appearance is similar to bar graphs. In this feature article, MISTI's Dr. Hernan Murdock explains how internal auditors can leverage them.
How to Make Findings and Recommendations More Persuasive
By Hernan Murdock
October 16, 2018
Persuasion is an important aspect of internal auditing that doesn’t receive enough attention or coverage. Internal auditing is done to verify that conditions and practices are as expected, and to identify opportunities for improvement within organizations.
Can Internal Auditors Perform Advisory Reviews While Remaining Independent?
By Nancy Luquette
October 11, 2018
Is serving as an advisor and maintaining internal audit’s essential responsibility of objectivity, free of management influence, possible? Spoiler alert: Yes. And it’s both necessary and crucial to the internal audit profession’s standing in any organization.
How Internal Auditors Can Change How Audit Clients Listen to Them
By Jill Schiefelbein
October 09, 2018
In a perfect world, the client is receptive, understands each recommendation, and takes immediate corrective action. But we all know that perfect world doesn’t exist. In this informative feature, communications expert Jill Schiefelbein explains what internal auditors can do to make audit clients more receptive to their communication.
Complex Fraud Scheme: Vendor Overbilling Part 2
By Leonard Vona
October 04, 2018
In this second installment of our two-part series on vendor overbilling, we look at how to use fraud data analytics designed to uncover a complex fraud scheme and the fraud audit procedures designed to provide credible evidence.
Complex Fraud Scheme: Vendor Overbilling Part 1
By Leonard Vona
October 02, 2018
Fraud expert and MISTI instructor, Leonard Vona, selected a complex corruption scheme and a complex overbilling scheme to illustrate how fraud auditing can detect even the most complex schemes.
Common Audit Committee Questions on Cybersecurity
By Marcos Colón
October 01, 2018
Internal Audit Insights catches up with Yulia Gurman, Director of Internal Audit and Corporate Security at the Packaging Corporation of America on the common questions that audit committee members have tied to cybersecurity, and what IT auditors should prepare for.
Assessing Cyber Risk: What You Don’t Know Can Hurt You
By Stephen Head
September 26, 2018
Measurably reducing cyber risk in the business is an obstacle nearly all organizations face today. Needless to say, it's critical for businesses to conduct cyber risk assessments. In this contributed article by Experis' Stephen Head, he dives into the topic.
GRC at the Speed of Business
By Marcos Colón
September 20, 2018
Internal Audit Insights catches up with Ford Winslow, CEO of ICE Cybersecurity, to discuss what the “speed of business” has had on GRC controls, and what IT auditors should prepare for.
Using Cause and Effect Diagrams to Find the Root Cause of Issues
By Hernan Murdock
September 20, 2018
One of the challenges internal auditors encounter when analyzing a finding is identifying the root cause of the problem. This is where the Cause and Effect Diagram can help. In this featured post, MISTI's Dr. Hernan Murdock explains how and why.
A Call to Internal Audit: Don't Just Write, Tell a Story!
By Ross E. Wescott MA CISA CIA CCP CUERME
September 11, 2018
Internal auditors do not always come into the profession knowing how to write well. That's why there's so much material available on writing clearly. But what if there was an alternative perceptive that would transform an internal auditor's written and spoken communication?
Adapting to the New Normal of Internal Audit
By Imran Zia
September 06, 2018
Rapidly accelerating pressures are fueling the need for the internal audit profession to transform its thinking from being financial controls-centric to shareholder value-centric. Here's how internal auditors can adapt to this "new normal."
The Pareto Diagram: A Tool for Internal Audit to Focus on What Matters Most
By Hernan Murdock
August 30, 2018
As internal auditors increase their use of data analytics to better understand process characteristics, isolate issues and perform more accurate root cause analysis, the Pareto Diagram continues to grow as a useful tool for them.
The Dos and Don'ts of IT GRC in the Cloud
By Marcos Colón
August 23, 2018
IT audit expert Mark Thomas, president of Escoute Consulting, chats with Internal Audit Insights on the impact that cloud migration has had on the business, and shares the major Dos and Don'ts that IT auditors should know about GRC in the cloud.
How Internal Auditors Can Leverage the Balanced Scorecard
By Hernan Murdock
August 21, 2018
The balanced scorecard is a system used for planning and management to make sure business operations are aligned with the organization’s mission, vision, and strategy. In this featured article, MISTI's Dr. Hernan Murdock explains how you can use it to your advantage.
Training the Internal Auditors of Tomorrow
By Karen Kroll
August 14, 2018
As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge.
Innovation: The New Imperative for Internal Audit
By Terry Hatherell, Deloitte Global Internal Audit Leader
August 14, 2018
As organizations continue to evolve and innovate, new risks arise. Meanwhile, the larger business environment continues to change, often rapidly and in unexpected ways. This places new demands on the internal audit function.
Internal Audit Data Analysis Using Benford’s Law
By Hernan Murdock
August 09, 2018
Organizations are accumulating large amounts of data and internal auditors are rapidly increasing their mining for, and use of, these sizable data sets. This proliferation of data raises the question of how to extract meaning from it all.
Leveraging Virtual Team Meetings: Four Tips for Success
By Jill Schiefelbein
August 07, 2018
With distributed workforces and flexible workstyles, virtual team meetings are becoming commonplace in the internal audit function. Many times, though, virtual meetings aren’t taken with the same level of seriousness as in-person meetings are.
What Risks Do Blockchain Present the Enterprise?
By Karen Kroll
August 02, 2018
As the number of blockchain implementations continues to grow, internal auditors will need to learn about both the promise and risk this technology offers. So what exactly is blockchain technology and what does it mean to you as an internal auditor? This article answers that question.
Audit Writer’s Hub: 3 Steps to Improve Risk Statements
By Sarah Swanson
July 31, 2018
If you’ve ever read or written a sentence along the lines of “Financial misstatement could lead to financial loss,” or “Non-compliance with policies” (what does that even mean anyway?), then read on for some tips to improve the risk statement.
How to Develop a Strong 'Tone at the Top'
By Karen Kroll
July 29, 2018
The value of a strong "tone at the top" cannot be underestimated as it can improve a company's performance. The benefits of a strong tone at the top should be of interest to leaders in all departments within every organization. Here's what you can do to evaluate it.
Using Scatter Diagrams to Understand Numerical Relationships
By Hernan Murdock
July 24, 2018
Scatter diagrams can help find the answer to many questions. Internal auditors can leverage them to analyze pairs of numerical data and show the relationship between two variables. In this feature write-up, MISTI's Dr. Hernan Murdock highlights their benefits.
Privacy in 2023: What Internal Audit Can Expect
By Heather Dean Bennington
July 19, 2018
The European Union’s GDPR is officially in effect, but that’s likely not the last regulation that will be implemented that has an impact on the internal audit function. Here’s what you should consider five years from now.
The Internal Auditor’s Guide to Masterfully Speaking to Boards and Committees
By Jill Schiefelbein
July 18, 2018
The presentation skills that you were likely taught in high school and college in no way prepared you for the reality of delivering reports in front of boards and audit committees. This article is your crash-course in small group presentations and gives you two key areas to consider.
Being Creative While Conducting Internal Audits
By Hernan Murdock
July 17, 2018
Creativity is the use of imagination or original ideas, but it's not that important for internal auditing. Given that reporting rules and regulations are non-negotiable, there is little room for creativity and original ideas, right? Wrong! Here's what you can do to be creative while conducting audits.
Rotational Auditing and Fishing
By Sarah Swanson
July 10, 2018
Rotational auditing has been a fishing hole for years. The pros and cons have been fished around too. And then fished around some more. Auditors have a way of fishing. But paddling deeper into audit's consulting water, rotational auditing could provide a venue for teaching risk awareness.
IT Audit Should Consider These Third-Party Risk Traps
By Marcos Colón
July 05, 2018
TalaTek’s Baan Alsinawi provides an update on the state of third-party risk management as it relates to IT auditors and sheds light on the hidden traps they should look out for as it relates to trusted business partners.
How IT Audit Can Break Down Communication Silos
By Marcos Colón
June 28, 2018
Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.
Using Key Performance and Key Risk Indicators to Provide Timely Assurance
By Hernan Murdock
June 26, 2018
Information drives modern organizations, so it is imperative that metrics be used that give management objective information. In this instructive article by MISTI's Dr. Hernan Murdock, he advises on how internal auditors can do just that.
Who Owns Risk at the End of the Day?
By Marcos Colón
June 21, 2018
Fastpath’s Keith Goldschmidt discusses who the real owners of risk are within the enterprise, but also offers up insight on what IT audit can do to help streamline communication and do their part in creating a “risk culture” within the business.
Developing Continuous Control Monitoring Procedures Without Losing Independence
By Hernan Murdock
June 19, 2018
When designing continuous auditing procedures, auditors and management must think through what the metrics are, and what thresholds would trigger the auditors’ desire to gain a better understanding of operational issues.
DevOps: What IT Audit Needs to Know
By Marcos Colón
June 18, 2018
XebiaLabs’ Robert Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.
Five Elements of an Effective Audit Planning Process
By Wade Brylow
June 17, 2018
After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.
Audit Writer’s Hub: Spicing Up Mumbling Dump Trucks
By Sarah Swanson
June 12, 2018
In the last Audit Writer’s Hub, we talked about crafting gourmet audit issues, instead of mass-produced, dollar-menu issues. This week, we focus on mumbling words and long-winded sentences.
How Technology Impacts the Internal Auditor of Today
By Marcos Colón
June 07, 2018
Onspring’s Jason Rohlf discusses how technology has impacted the internal auditor of today, but also offers tips on how auditors can stay ahead of the curve, rather than play catchup.
Closing the Internal Audit Talent Gap
By Karen Kroll
June 05, 2018
The internal audit function is not immune to the challenges that come with acquiring and retaining talented individuals in the department. In this article, we identify several strategies that can help you recruit talented internal audit candidates.
Finding IT Help for your Business
By Sarah Swanson
May 31, 2018
According to MISTI’s annual Internal Audit Priorities Report, internal audit leaders are in need of hiring outside assistance for challenges they face surrounding IT security. Here, we share a few tips to help you find the best IT consultant for your needs.
Why Words, Not Numbers, Are the Internal Auditor’s Most Valuable Currency
By Jill Schiefelbein
May 29, 2018
Numbers and fancy charts are only able to tell part of the story for internal auditors. If you want your reports and your data to come alive for your clients, you need to make your words matter. Words, when it comes to driving action, are your most valuable currency. Here's why.
From Corporate Cop to Trusted Advisor
By Hernan Murdock
May 24, 2018
Internal auditors have been working toward shedding the "corporate cop" label given to them within the enterprise. But what is a trusted advisor? What do they do and what behaviors are necessary to become a trusted advisor?
How to Audit Whistleblower Programs
By Hernan Murdock
May 22, 2018
The Sarbanes-Oxley Act of 2002 Section 301 requires publicly-traded companies to have a whistleblowing program. But, how do we know if the program is effective? This article should help get you on your way.
How to Keep Millennials in Internal Audit
By Sarah Swanson
May 17, 2018
When salary is fixed and the perks are what a Gen Xer would like but maybe not a millennial (i.e., catered lunches, unlimited paid time off, yoga hour), how does an audit shop change their philosophy to cater to the younger crew? Below we explore different ways to motivate a millennial auditor.
Looking to Improve Your Audit Cycle? Try This
By Karen Kroll
May 15, 2018
To continually operate more efficiently and add greater value to the business, internal audit has to boost its performance throughout each stage of the audit cycle. The guidelines below can help you improve the risk assessment, planning, execution, and reporting stages of the audit cycle.
How Internal Auditors Can Strategize for the Mundane, Part 2
By Sarah Swanson
May 14, 2018
We recently discussed the intersection of emotional intelligence and strategic intelligence. Here are some more common strategic areas to look at. One of these may be similar to your company, or maybe you have some additional strategic areas too. We’d love to hear about them.
When Emotional Intelligence Meets Strategic Intelligence for Internal Auditors, Part 1
By Sarah Swanson
May 08, 2018
Infusing an audit with strategic intelligence can be a little uncomfortable. But a little stretch does an auditor (and the company) good. Here, we've provided a few tips to articulate the big picture to your team and your auditee.
5 Ways to Continuously Audit Without Data Analytics
By Sarah Swanson
May 03, 2018
If continuous auditing doesn’t strictly mean automated data analytics or fancy software, then it means a larger group of internal audit shops can employ continuous auditing. This article highlights five ways you can continuously audit your business without all the software and by just using your brain.
Why Internal Auditors Should Lead with Their Relevancy and Value, Not Their Title
By Jill Schiefelbein
May 01, 2018
As an Internal Auditor what you do is NOT your title. It's NOT your longevity in the field. It's NOT a credential. However, as an internal auditor the question "What do you do?" typically doesn't receive a straightforward answer. Here we provide you with an activity that will get you thinking about what you DO, and help you communicate it effectively.
How to Develop a Stronger Relationship with the Second Line of Defense
By Karen Kroll
April 26, 2018
In this feature article, we caught up with some top subject matter experts that shared their best advice on how internal auditors can develop stronger relationships with their colleagues in the functions that make up the second line of defense.
Audit Writer’s Hub: Dollar-Menu Burgers and Grammar Passive Voice and 3 Steps to Fix Your Sentence
By Sarah Swanson
April 24, 2018
Even if you’re a dollar-menu writer now, that does not mean you always will be. Anyone can become a gourmet audit report writer. Over the next few weeks, Audit Writer’s Hub articles will focus on specific writing tips to help you begin crafting your gourmet issues. This week, we look at passive voice.
7 Areas to Focus on to Improve Your Relationship with Audit Clients
By Karen Kroll
April 19, 2018
Developing a strong working relationship with audit clients goes a long way, but that can be a lot easier said than done. In this post, we examine 7 areas that internal auditors can focus on that will help them improve their relationships with audit clients.
Essential Steps to Tackling Vendor Risk Management
By Sarah Swanson
April 16, 2018
Internal audit is positioned to help evaluate risk that arises from working with vendors. Here we outline steps for determining which vendors to audit and what to focus on during the audit.
How Internal Audit Can Benefit from Force Field Analysis
By Hernan Murdock
April 05, 2018
Auditors in search of a great decision-making tool to identify the forces for and against a course of action should look no further than Force Field Analysis. In this feature by MISTI's own Dr. Hernan Murdock, he details how internal audit can leverage this technique.
5 Skills Internal Auditors Can Use to Refine Their Emotional Intelligence
By Sarah Swanson
April 03, 2018
If internal auditors are auditing people, then they need to have a humane approach. And to audit humanely, they need to show a degree of emotional intelligence. Here are five skills that can get you on your way.
5 Tips that Make Your Audit Budget Go Further
By Sarah Swanson
March 27, 2018
Small internal audit team, small budget. Large internal audit team, still small budget. What do you do to make sure you get the most out of your internal audit dollars? Here are some ideas to consider when making every dollar count.
The Fundamental Components of Evaluating Your Audit Team
By Jill Schiefelbein
March 22, 2018
Performance reviews are often viewed as arduous, time-consuming tasks. But they don’t have to be. Business communication expert Jill Schiefelbein dissects the two different aspects of evaluating one's audit team.
Are You Committing Blunders with Your Audit Committee?
By Sarah Swanson
March 13, 2018
If you're an internal auditor and are in the midst of creating a quarterly summary right now, we have people here who have created and delivered plenty of quarterly summaries to audit committees. Here are some of the ideas they shared that you should follow.
Why Auditing Social Media is Becoming Increasingly Important
By Marcos Colón
March 08, 2018
In this recent video shot at MISTI’s ITAC Conference, INARMA's Jason Claycomb gives his take on the state of auditing social media in the enterprise, and what steps internal auditors can take to monitor the risks associated with the technology.
5 Signs You Have a World-Class Audit Team
By Sarah Swanson
March 06, 2018
In this feature article, we catch up with one subject matter expert that discusses the qualities that world-class audit teams possess. Perhaps all these qualities are alive and spinning on your team right now. Or maybe the following will touch upon qualities worth recommitting to on your audit team.
How to Leverage Surveys in Internal Audit
By Hernan Murdock
March 01, 2018
Surveys can benefit internal audit when it comes to reviewing intangible topics such as corporate culture, entity-level controls, and an ethical environment. In this feature article, we highlight the critical stages of conducting and designing effective surveys.
How Audit Can Support the Incident Response Plan
By Sarah Swanson
February 27, 2018
Response plans vary somewhat. But here we'll focus on giving you the best insight on how the internal audit function can provide support for the business's incident response plan. Here's a look at some proven tips that can help you get started.
Preparing for the Future Class of Internal Auditors
By Marcos Colón
February 22, 2018
In this video interview with Glenn Sumners, Director of LSU's Center for Internal Auditing, he discusses what attracts his students to the internal audit program at LSU, what you can expect from the next crop of internal auditors, and how you can help them adjust to the internal audit department of today.
Why Speaking Cybersecurity Goes a Long Way for Internal Audit
By Sarah Swanson
February 20, 2018
Most auditors learn about IT but don’t come from IT backgrounds. Whereas auditing financial accounting is pretty straightforward, both IT and finance auditors tend to struggle in this brave new world of auditing cybersecurity.
Audit Writer's Hub: 7 Steps to Writing Better Root Causes Part 2
By Sarah Swanson
February 15, 2018
Picking up where we left off in part one of this two-part series, here we discuss strategies to determine if findings really need RCA and tips for discussing RCA with the audit client.
Audit Writer's Hub: 7 Steps to Writing Better Root Causes Part 1
By Sarah Swanson
February 13, 2018
If done well and communicated properly, reporting the root cause can be the glue your report needs to tie findings to the overall health of the company and create significant change for the business. This article provides some strategies to use in writing and communicating root cause in audit findings.
Is the "Data Asset" Really Different?
By Christopher Bradley
February 12, 2018
We hear copious amounts said that “Data is an asset”, “It's got to be managed”, “Few people in the business understand us”, and so on. This article is not trying to cast any doubt on the importance of data as an asset, but rather raise the level of debate from a subliminal nod to a conscious examination of the characteristics of different "assets" and to compare them with the “Data asset".
How Internal Audit Can Get More Information From Flowcharts
By Hernan Murdock
February 08, 2018
Drawing flowcharts can be time-consuming, but internal auditors can gain a wealth of information during and after preparing them. By following these suggestions the benefits will far exceed the costs.
What COSO’s Revised ERM Framework Means for Internal Audit
By Marcos Colón
February 06, 2018
In this interview featuring Bob Hirth, Chairman at COSO, he sheds light on the recent updates made to the COSO ERM framework, discusses what those changes mean for internal auditors, and advises on how to best leverage the framework.
Speed Up Your Audit Team's Performance with Data Analytics
By Sarah Swanson
January 31, 2018
Given the talents and skills that auditors possess (analyzing data, spotting trends, forming conclusions), auditors are in a perfect position in a company to be part of data analytic innovation. This article proposes a plan to fill in the gaps and implement data analytics in the business.
An Internal Auditor's Guide to Social Media
By Sarah Swanson
January 30, 2018
Within a communications group, chances are that someone is performing a level of auditing of weekly or monthly online analytics already. But it doesn’t hurt to talk to these people and fill in any gaps you discover. How effective is your social media presence and how do you audit it? This article should get you started on auditing social media within a larger audit.
Effective Inclusion: 3 Strategies for Seeking Talented Auditors
By Sarah Swanson
January 24, 2018
Historically, the Internal Audit profession has not been a leader on the topics of diversity and inclusion. Internal Audit Insights recently caught up with Adam Rutan of Cardinal Health who shared his audit team's experience of how they redefined diversity and improved their audit function along the way.
The Benefits of Leveraging the CIS Critical Security Controls
By Marcos Colón
January 23, 2018
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Five Signs Your Compliance Department Needs an Overhaul
By Marcos Colón
January 22, 2018
Data reveals that compliance modernization seems to be eluding most companies due to a host of reasons, and internal audit can play an important role in identifying areas of improvement. Here are five signs the compliance function needs fixing.
The Secret to Driving Value Through Artificial Intelligence
By Sarah Swanson
January 17, 2018
Rather than robotic humanoids or machines who have become “self-aware,” artificial intelligence might be better described as computer systems that can predict human behavior. For internal audit, it can be a handy tool for specific processes within audit and analyzing overall sets of data with greater accuracy and even predict risk.
What to Expect from the Next Crop of Internal Auditors
By Sarah Swanson
January 11, 2018
Because of technology and godlike accessibility, the new crop of auditors has a completely different paradigm, and previous generations must learn to connect with this generation to accomplish audit goals. With a widening skills gap between the top and the bottom students, we’ve compiled some ways to look for the worthwhile candidates for your company.
Audit Writer's Hub: 7 Steps to Overhaul Your Audit Report
By Sarah Swanson
January 04, 2018
This article won’t show you exactly how the report should look, but will you give you some of the basics to expunge elements of the old audit report so you can make room for the new audit report.
Readers Choice: Top 5 Articles of 2017
By Marcos Colón
January 03, 2018
You picked them! Here's a look at the most read articles published in The Audit Report in 2017. From building great audit teams to writing an audit report that gets results, you'll find a unique mix of some engaging content that answers some of your pressing questions.
Audit Writer’s Hub: Tone and the Chicken Little Dilemma
By Sarah Swanson
January 02, 2018
By improving the tone of the audit report, auditors maintained – if not, increased – the integrity of findings and developed better relationships with their clients. Rather than brutal honesty, auditors became humanely honest. Here are four strategies to improve tone in your audit reports.
How to Manage Outside Audits Performed on Your Organization
By Marcos Colón
December 21, 2017
Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.
How to Manage Outside Audits Performed on Your Organisation
By Marcos Colón
December 20, 2017
Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.
Stayin’ Alive with Integrated Auditing
By Sarah Swanson
December 19, 2017
For those that do integrated audits, the concept is a no-brainer. Integrated audits are an efficient, holistic approach to the business. But, if the idea of integrated auditing is untapped, then it’s a brave new world to check out. Below are some points to get the conversation started in your company.
The IT Auditors Role in Today’s Complex, Evolving Enterprise
By Marcos Colón
December 18, 2017
Forrester Research's Robert Stroud discusses the current state of the enterprise as it relates to IT auditors and why it’s important to bridge the gaps between audit, IT audit, compliance, and security within organizations.
Audit Writer’s Hub: The Art of Tidying Up Narratives
By Sarah Swanson
December 12, 2017
Today, we’ll be cleaning out the metaphorical “auditor’s closet.” The auditor’s closet comes stashed with a variety of documents that identify, document, record, and communicate specific controls for both you and whoever needs to review these controls in the future.
Remain Relevant as an Internal Auditor by Doing This
By Marcos Colón
December 11, 2017
In this exclusive video interview with Internal Audit Insights, MISTI's Dr. Murdock offers up key steps that internal auditors should take to remain relevant and continue to add value to the business.
5 Critical Social Media Tips for Internal Auditors
By Sarah Swanson
December 04, 2017
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organisation.
Knocking Your SOX off with COSO
By Sarah Swanson
December 03, 2017
Just like each area of a jungle gym needs solid attention (lest there be risks), so do the right areas of an audit require attention to maintain the health of a company.
What Every Audit Customer is Thinking, But Won't Ever Say
By Sarah Swanson
November 28, 2017
Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.
Investigate, Understand and Forgive: A Realistic Alternative to Zero Tolerance
By Nigel Iyer
November 27, 2017
Fraud and corruption are all around us. As internal auditors, if we're so heavy handed with the few “sinners” we catch, won’t the large majority who didn't get caught breath a huge sigh of relief and just try even harder to stay hidden?
Audit Writer’s Hub: Is Your Audit Report written to a flock of Wild Turkeys?
By Sarah Swanson
November 21, 2017
Between varied audiences and modern communication standards (dense information in few words), internal auditors must make sure they’re writing to their end audience.
Effective Audit Committee Communication: Keys to Success for Internal Auditors
By Ed Williams
November 15, 2017
Few things can derail the audit committee’s perception, confidence, and trust of internal audit faster and more profoundly than ineffective communications to and from the internal audit function.
Do We Understand What a Risk Event Is?
By Norman Marks
November 13, 2017
People talk about a risk event as if it is obvious what it is and what it means. But that's certainly not always the case.
Why Internal Auditors Should Use the 5 Whys Method for Root Cause Analysis
By Dr. Hernan Murdock
November 10, 2017
The Five Whys is one of the simplest tools for cause analysis. It is easy to use, and the approach consists of asking “why” multiple items, each of which probes further into the source of the problem.
How to Attract and Retain High-Impact Internal Auditors
By Alec Arons
November 06, 2017
Whether the organisation as a whole is onboard or not, corporate audit needs to develop and embrace programs designed to meet the needs of a changing workforce if they are to attract and retain top talent.
Taking Your Audit Career to the Next Level: How to Separate Passion from Emotion
By Daniel A. Clark
November 05, 2017
As an internal auditor, there's nothing wrong with having passion for what you do. Passion supports the search of truth and ensures objective momentum to a conclusion. But it's important to know that emotion, on the other hand, is not passion.
Eight Things Every Internal Auditor Should Know About Sarbanes Oxley
By Matt Kelly
November 04, 2017
As SOX turns 15 this fall, let’s widen the lens to capture what SOX is really about: its history, its goals, and the most important points to remember for an effective SOX compliance experience.
Strategies for Building Killer Audit Teams
By Sarah Swanson
October 30, 2017
Whether you are creating an audit team, adding new auditors to your existing team, or flat-out enjoying audit like we do, read on for tips to creating an internal audit team with all the right flavors.
Taking Your Internal Audit Career to the Next Level: Quick Tips to Express Your Team Support
By Daniel A. Clark
October 24, 2017
Believe it or not, some orchestral tunes offer up important bits of wisdom that can easily apply to the internal audit function. In part one of this two-part series, Dan Clark describes what internal auditors can learn from Joseph-Maurice Revel's "Bolero".
You Are What the Search Engine Finds!: Tips to Ensure Online Privacy
By Shawna Flanders
October 22, 2017
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
5 Tips to Ride the Wave of Rotational Auditing
By Sarah Swanson
October 17, 2017
Where companies may do some variation of a rotational program, perhaps using rotational auditors is an untapped resource in your company. If rotational auditing sounds like something you’d like to try – do it. We put together a few steps to get going in that direction.
Understand the Objective of Your Audit, Or Fail
By William Nealon
October 10, 2017
To have a successful audit outcome, it’s imperative to understand the objective of your audit. Keeping your focus on the end result is imperative.
Internal Audit’s Role in Third Party Data Protection
By Tom O'Reilly
October 09, 2017
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
Don’t George Costanza Your Next Internal Audit Meeting
By Michael McShea
October 07, 2017
Internal auditors would fare well-taking inspiration from these iconic Seinfeldisms and keeping the following five ideas in mind to better structure their meetings and help them be more efficient.
It’s Time to Put a Little More Management in Your Risk Management
By Richard Archer
September 26, 2017
Just because a company has a robust risk management system in place doesn't guarantee that it will actually manage risk well. An ineffective manager will mismanage risks, no matter how strong the risk management system is.
Communication Tips to Increase Auditor Effectiveness
By Chris Hollands
July 14, 2017
Most people think their driving is above average. That’s a statistical impossibility, of course, otherwise it wouldn’t be an average. Still, it’s what they believe and in one study, no fewer than 93% of Americans placed themselves in the top 50% of drivers.
So, Why Are You Still Not Using Data Analytics?
By Dave Coderre
June 29, 2017
Study after study has shown that data analytics is effective and efficient at detecting risk and identifying control weaknesses, non-compliance, and inefficient business processes. So why have some internal audit departments still not embraced it?
These Internal Auditors Aren’t Afraid to Get a Little Dirty
By Joe McCafferty
June 20, 2017
When Woodforest National Bank wanted to test whether employees were properly destroying physical data, it hit on an idea that would require internal auditors to roll up their sleeves and get messy.
Internal Auditors Say Their Departments Lack Some Important Skills
By Joe McCafferty
June 15, 2017
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
A Day in the Life of an IT Auditor: Tony Redlinger
By Joe McCafferty
June 15, 2017
Internal auditor spotlight with Tony Redlinger of IHS Markit: We recently sat down with Tony to talk about the challenges of being an IT auditor, what's next for cybersecurity, integrated auditing, and more.
Arial or Times New Roman – What’s Your Audit Report Font?
By Chris Hollands
June 13, 2017
I went to a client the other day to run a 'Report Writing' course and we discussed “House Style”, including the font choice for audit reports. They were, like many large organisations, very clear on what was and what was not acceptable.
Internal Audit Departments Struggle to Retain High Performers
By Joe McCafferty
June 08, 2017
Internal audit leaders continue to fret about hanging on to their top talent. In a recent survey, they ranked staffing concerns, including retention, as among their greatest worries.
2017: The Year of Computer-Generated Audit Reports?
By Chris Hollands
June 08, 2017
I was reading an interesting article the other day about Artificial Intelligence (AI) and cognitive computing. I thought it might be worth sharing some of the thoughts with you in case you had ever contemplated using automation in the compilation of one of your reports.
Is Internal Audit Neglecting Environmental, Health and Safety Risks?
By Joe McCafferty
June 01, 2017
BP paid more than $25 billion; Volkswagen shelled out $19 billion; Anadarko Petroleum, $5.1 billion; and GlaxoSmithKline ponied up $3.75 billion. No, these aren't prices paid for major acquisitions, they are the penalties these companies paid to resolve environmental, health, and safety issues during the last seven years with a raft of U.S. federal agencies.
Six Risk Resources You May Not Be Using, But Should
By Tom O'Reilly
June 01, 2017
One telling sign of a maturing internal audit department is when the CAE proposes audit topics that are organizationally-focused around key projects and initiatives (e.g. evaluating the make-or-buy decision for a material for a key part or performing an assessment of a recent new product introduction) versus a generic audit topic (e.g. payroll or procurement cards).
Is Social Media Killing Your Audit Reports?
By Chris Hollands
June 01, 2017
As regular readers will know, I run audit report writing courses for a living. For the past couple of years, I have included a small module I call "the hashtag generation". It was originally intended as a little light relief from the rigours of grammar but as time passes the subject has the potential to become a serious threat to the audit report.
Five Preventative Controls for Ransomware Attacks
By Joe McCafferty
May 24, 2017
The high-publicity WannaCry attack has many companies reviewing their protections against ransomware and other cybersecurity attacks. Here we provide five preventative controls that IT auditors should ensure are functioning properly.
The Oxford Comma - To Use in Audit Reports or Not?
By Chris Hollands
May 24, 2017
Being a Brit of a certain age and fortunate to have a very good English teacher in my early years I have always pushed back on the use of a comma before the word "and". Indeed. I spent the better part of 20 years working for American firms desperately trying to convince my betters in the US that they really shouldn't be there and removing them from audit reports.
While Internal Auditors Expect Budgets to Increase, It May Still Not Be Enough
By Joe McCafferty
May 18, 2017
After years of belt tightening and cost cutting, companies may finally be starting to increase budgets and staffing for internal audit. As part of our inaugural internal audit study on planning and staffing priorities, we asked internal auditors about the resources, including budget and staff, they are allocated and if they are sufficient to get the job done.
The Fight on Fraud
By Chris Hollands
May 18, 2017
I find myself reading a lot of information each week on the subject of fraud, in its many different forms, and it has started me thinking about what is the best way to address it. Everybody talks about putting controls in place to stop it, but do they really work?
What is 'Benford's Law'?
By Chris Hollands
May 11, 2017
Those of us who have been associated with audit and investigations in one form or another over the years will always be on the lookout for something that gives us the edge over the fraudster.
Six Best Practices of World Class CAEs
By Tom O'Reilly
May 11, 2017
It is not uncommon for CAEs to read thought leadership that highlights internal audit’s inability to meet stakeholder expectations and room for improvement (e.g. here, here, and here)...
Are You Ready for the New EU Data Privacy Protections?
By Joe McCafferty
May 03, 2017
In a little more than a year, U.S. companies that do business in Europe or have customers or employees there will need to comply with a new set of European Union data protection and privacy laws.
Four Communication Tips to Increase Internal Auditor Effectiveness
By Tom O'Reilly
May 03, 2017
Why do some internal auditors effectively prepare workpapers and write audit reports with ease, yet stumble when it comes to most other forms of communication?
FCA Says Reward Staff
By Chris Hollands
May 02, 2017
The FCA is encouraging firms to make cyber security training more interactive by introducing mock scams and rewarding sharp employees.
Four-Part Series: Creating a Customer Service Oriented Internal Audit Department
By Karen Kroll
April 25, 2017
More internal audit departments are calling the functions, units, and subsidiaries they audit by a new name—customers—and treating them as such.
To Reward or Not to Reward – The Very Important CAE Question
By Tom O'Reilly
April 25, 2017
The Apprentice, Top Chef, and Project Runway are three of the most successful reality TV competition shows in the United States. Each show highlights a cast of competitors trying to prove themselves to a panel of judges on how well they do their job.
What Internal Audit Leaders Can Do to Foster a Customer Service Approach
By Karen Kroll
April 20, 2017
Chief audit executives and directors are building teams that are out to change the perception of internal audit.
Auditing the Use of Open Source Software Code
By Joe McCafferty
March 29, 2017
If your organisation is developing applications, it's likely that some of the code is borrowed from open source software that can be found freely on the Internet. While such code makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that, if left unmanaged, could pose significant risks to the organisation.
Four Internal Audit Lessons from the United Airlines Viral Video Fiasco
By Joe McCafferty
March 29, 2017
United Airlines is no stranger to viral videos and social media kerfuffles that cast the company in a poor light. A video uploaded to YouTube in 2009 called "United Breaks Guitars" has more than 17 million views and its own Wikipedia page. And, of course, the now infamous, airline incident.
A Day in the Life of an Internal Audit Supervisor
By Joe McCafferty
March 29, 2017
Devin Potter is a Supervisor in the Risk Advisory Services business at RSM, where he has worked since 2014. We recently sat down with Devin to talk about the internal audit profession.
How to Make Sure Every Audit Focuses on What Matters Most
By Dr. Hernan Murdock
March 29, 2017
Internal auditors must focus their reviews, prioritize what to audit, and concentrate on what matters most to the business. Since there are often insufficient resources to cover the entire audit plan, internal auditors can no longer conduct sprawling or unclear audits looking under every rock hoping to find something somewhere.
Lines Blurring Between IT Audit and InfoSec Professionals
By Shawna Flanders
March 22, 2017
It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.
Trump’s Regulatory Rollback Could Include Changes to Sarbanes-Oxley
By Joe McCafferty
March 22, 2017
Less than two weeks after taking the oath of office, President Donald Trump set about fulfilling one of his more tangible and oft-repeated campaign promises: dismantling the Dodd-Frank Act.
Bridging Internal Audit's Talent Gap
By Joe McCafferty
March 22, 2017
Finding the right candidates to fill internal audit positions is getting more and more difficult. Which is why Thomas Sanglier, director of internal audit at Raytheon, has found a unique alternative.
Competition for Candidates Driving Internal Audit Pay Higher
By Joe McCafferty
March 15, 2017
The competition for internal audit talent remains fierce, pushing salaries for in-demand internal auditors ever so higher. Two new salary surveys out from recruiting and staffing companies find that salaries for internal auditors at all levels continue to grow at a brisk pace.
Understanding Risk-Based IT Audit Planning
By Fred Roth
March 08, 2017
Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization.
A Revolution in Risk Management
By Norman Marks
March 08, 2017
The management of risk, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives.
Tell Us How We Did: More Internal Audit Departments Surveying Auditees
By Karen Kroll
March 01, 2017
Over the past few years, more internal audit departments are seeking to shed their reputation as the company's monitors and provide more value and service to those they audit.
Five Reasons to Audit the Risk Management Function
By Joe Underwood
March 01, 2017
Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive.
A Novella Approach to Internal Audit
By Joe McCafferty
March 01, 2017
It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.
Help Wanted: Internal Audit Talent Gap Widening
By Joe McCafferty
February 22, 2017
A survey by the Big Four audit firm finds that a startling number of audit leaders are concerned about the skills and expertise their teams have to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support in the years ahead.
Do Millennials Really Require a Different Management Style?
By Joe McCafferty
February 22, 2017
Newsflash: Millennials don't stay in their jobs very long. They lack loyalty and focus. And they need oodles and oodles of positive reinforcement. Or so they say.
Where Bribery and Corruption Still Reign
By Joe McCafferty
February 22, 2017
The U.S. Department of Justice and the Securities and Exchange Commission (SEC) are on something of a roll lately in bringing corruption cases to fruition under the Foreign Corrupt Practices Act (FCPA).
Striving for Clear and Precise Language in Report Writing and Business Communications
By Joe McCafferty
February 15, 2017
We've all seen ambiguous and imprecise language in the business world, whether in standards and regulations, our own policies and requirements, or in everyday reports and memos.
The Customer Service Oriented Internal Audit Department(s)
By Karen Kroll
February 15, 2017
By now, we've probably all heard as much as we care to about the need for internal audit to move from acting as a policing function to that of a trusted business partner. Indeed, many have moved in this direction during the last several years.
Are You Building a Marketable Internal Audit Career? You Should Be!
By Daniel A. Clark
February 15, 2017
Whether we know it or not, as internal audit professionals, we all have a brand.
NIST Publishes Update to Its Cybersecurity Framework
By Joe McCafferty
February 08, 2017
The cybersecurity framework is used by many organizations for assessing and improving their systems to prevent, detect, and respond to cyber-attacks.
Study Finds Fractured Approach to Risk Management
By Joe McCafferty
February 08, 2017
A new report from the Ponemon Institute finds that many companies lack a cohesive approach to risk management..
Auditing Culture: Taking the Next Steps
By Joe McCafferty
February 01, 2017
Increasingly, fraud experts consider many high-profile cases of corporate wrongdoing not just to be a breakdown in the control structure of the organization, but also a failing of the company's culture.
Is the Backlash Against Non-GAAP Earnings Measures Receding?
By Joe McCafferty
February 01, 2017
The battle over the use of non-GAAP measures in financial reporting has been simmering for well over a year, but now it may be starting to cool off.
Ethics and the Internal Auditor
By Lynn Fountain
January 25, 2017
In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder and regulatory conversations.
Spotting Potentially Fraudulent Shell Companies During Audits
By Leonard W. Vona
January 25, 2017
In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder and regulatory conversations.
Audit Committees Expanding Audit Oversight Role
By Joe McCafferty
January 18, 2017
More than eight years removed from the start of the financial crisis that caused a full-on risk management freak-out across Corporate America, it appears that risk management programs are still not up to snuff.
What Internal Auditors Must Do To Remain Relevant
By Dr. Hernan Murdock
January 18, 2017
As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the board and senior management.
A Primer on Auditing The Internet of Things
By Shawna Flanders
January 18, 2017
As IT auditors, we've audited mainframes, servers, applications and many other IT devices/systems for years and have become proficient in determining the reasonable effectiveness of a company's suite of controls to safeguard them.
Four New Year's Resolutions for Every Internal Auditor
By Tom O'Reilly
January 11, 2017
As we say goodbye to 2016 and hello to 2017, it's a good time to reflect on last year's successes and missteps. The New Year provides a great chance to pause and consider some self-improvement opportunities and goals for the next 12 months.
Six IT Audit Hiring Mistakes Companies Make
By Joe McCafferty
January 11, 2017
IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.
The Problem with Most Audit Reports
By Norman Marks
January 11, 2017
How do our stakeholders on the board and in top management assess the value of internal audit? What do we give them? What do they have on which to base their assessment?
Survey Finds Directors Lack Understanding of Cyber-Risks
By Joe McCafferty
January 04, 2017
As board members look to set their agendas for 2017, many will include getting a better handle on cybersecurity among their top priorities.
Elevating Critical IT Risks to the Board and C-Suite
By Joe McCafferty
December 21, 2016
Communicating top risks to the board and C-suite is always tricky since it's such a critical area of involvement by the highest levels of the organization.
Finding and Retaining Top Internal Audit Job Candidates
By Joe McCafferty
December 21, 2016
Many companies are having a difficult time finding qualified staffers for the internal audit department or keeping their star performers from moving on to take other offers or to other departments.
SEC Sending a Message to Beef Up Whistleblower Protections
By Joe McCafferty
December 21, 2016
The SEC hit two separate companies with penalties for violating rules that prevent companies from asking outgoing employees in severance agreements to not bring concerns to regulators as a condition of the agreement.
Few Changes to Use of Non-GAAP Measures After SEC Warning
By Joe McCafferty
December 21, 2016
For more than a year, the SEC has been on something of a crusade against what it considers a swell in the misleading use of non-GAAP measures in financial reports.
MISTI on Audit: Auditing 'Tone at the Top'
By Joe McCafferty
December 14, 2016
Through their words and actions, the board and C-suite set the tone and shape the ethical culture that pervades the organization.
Who Should Evaluate the Performance of the Internal Audit Leader?
By Joe McCafferty
December 14, 2016
I wanted to call attention to an item that might have been a little lost in a recent report by the Institute of Internal Auditors Research Foundation. One survey in particular caught my eye.
Keeping Employees from Gaining Unauthorized Access to Inside Information
By Joe McCafferty
December 14, 2016
It's a nightmare scenario for any public company: An IT staffer gets a hold of senior executives' passwords and accesses sensitive non-public information like upcoming earnings reports, new products, etc. What next?
How Much Cyber-Risk Should We Take?
By Joe McCafferty
December 07, 2016
It's enough to make those responsible for information security at such companies want to throw up their hands and say, "we give up."
Pre-Implementation Audits: Waterfall vs Agile
By Joe McCafferty
December 07, 2016
Among the top responsibilities of IT auditors is auditing software and application development projects. As those projects have moved at some companies from a waterfall style, to agile, IT auditors have had to adapt.
MISTI on Audit: To Whom Should the CAE Report?
By Joe McCafferty
November 30, 2016
Reporting lines have always been complicated and tricky for chief audit executives and internal audit directors.
What Will the SEC Look Like Under Trump?
By Joe McCafferty
November 30, 2016
Like at most government agencies under the executive branch, change is coming to the Securities and Exchange Commission (SEC), as it prepares the transition to the Trump Administration.
Internal Audit Budgets May Finally Be Getting a Boost
By Joe McCafferty
November 30, 2016
Budgeting trends across Corporate America tend to look a lot like the undulating waistline of a yo-yo dieter.
Outside the Box, Out of the Comfort Zone and Right on Target
By Yves Froude
November 16, 2016
It's 4:00 p.m. on a Friday afternoon and you are already thinking about your weekend plans, when your manager walks into your office with "a simple request".
Too Much Data, Coming Too Fast?
By Joe McCafferty
November 16, 2016
Financial Executives are straining to keep up as the increasing volume and pace of data clouds and their ability to provide meaningful insights to boards quickly and accurately.
MISTI on Audit: The Benefits of Integrated Internal Auditing
By Joe McCafferty
November 16, 2016
Integrated auditing isn't a new idea. Organistions have tried to bring together specialized audit areas, such as finance, operations, and IT audit, and others for a long time.
How Silos Can Cause Risk-Management Headaches
By Joe McCafferty
November 09, 2016
Not all organizations are good at managing risk in a holistic way. It's easy for business units or functions that address risks to be guarded about their risk-management efforts or to reproduce what other parts of the company are already doing.
Who's the Boss? Chief Audit Executive Reporting Lines Still Blurred
By Joe McCafferty
November 09, 2016
To whom should the chief audit executive report? That question has perplexed companies for decades. Once an underling of the finance or legal departments, many companies have made the CAE a direct report to the CEO.
Focusing IT Audit on Machine Learning Algorithms
By Andrew T. Clark
November 09, 2016
Machine learning algorithms are permeating our world. With applications in banking, investing, social media, advertising, and crime prevention, to name a few, these 'little black boxes' are increasingly being used to inform and drive decisions about our lives and businesses.
Internal Auditors Under Pressure to Alter Reports
By Joe McCafferty
November 02, 2016
Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business.
MISTI on Audit: Internal Audit's Role in Detecting and Preventing Fraud
By Joe McCafferty
November 02, 2016
What is internal audit's role in finding fraud? One of the key activities of internal audit is to conduct a fraud risk assessment that identifies an organization's vulnerabilities to internal and external fraud.
Continuous Risk Assessment, Emerging Risks Top Priorities
By Joe McCafferty
October 12, 2016
As internal auditors begin the process of planning audits for 2017, they are also looking to refine that planning process, which, of course, depends a great deal on risk assessment.
Four Big Challenges Facing Internal Audit
By Joe McCafferty
October 06, 2016
There are several big challenges facing internal audit departments and still more facing the internal audit profession as a whole. Some of them represent opportunities as well as obstacles to overcome. The difficulty in filling internal audit positions with talented candidates, for example, has led to increases in pay for many internal auditors.
Time for More Reporting on Cybersecurity Efforts
By Joe McCafferty
October 06, 2016
There's a lot going around these days: viruses, malware, Trojans, ransomware, you name it. And if you're not careful, you could catch a nasty case of any of these inflictions.
As FCPA Cases Mount, Justice Department Offers a Path to Reprieve
By Thomas Fox
October 06, 2016
This year is sure to be one for the books for Foreign Corrupt Practices Act (FCPA) enforcement. By the end of June, there were more FCPA enforcement actions in 2016 than in all of 2015, and it doesn't appear that things will be slowing down anytime soon. The Fed's aggressive campaign against bribery and corruption rolls on.
How Technology Is Changing the Internal Audit Function
By Joe McCafferty
October 06, 2016
Whether it's data analytics; governance, risk, and compliance solutions; or planning and collaboration software packages, most internal audit departments are looking to improve their use of technology as they strive to do more with less.
Internal Audit Execs Fret Over Talent Gaps
By Joe McCafferty
September 29, 2016
One of the top challenges facing internal audit departments today is finding the right people with the right set of skills. Internal audit executives say that getting good job candidates is difficult and finding people with the complete set of talents for the modern internal audit department is even harder.
MISTI on Audit: Top Attributes of a World-Class Internal Audit Department
By Joe McCafferty
September 29, 2016
What are the characteristics that define a truly world-class audit department? Leading internal audit departments address emerging risks, embrace diversity of thought, communicate well, and are on the cutting edge of data analytics.
SEC Dings Weatherford $140 Million for Fraud Charge
By Joe McCafferty
September 29, 2016
The Securities and Exchange Commission (SEC) settled charges with oil services company, Weatherford International, that it inflated earnings by using deceptive income tax accounting. Two of the company's former senior accounting executives have also agreed to settle charges that they orchestrated the fraud.
Upping Your Fraud Detection Game
By Joe McCafferty
September 29, 2016
The Securities and Exchange Commission has taken action against several fraudsters over the past few days, including charges against a group of movie executives for making false claims about the construction of a movie studio and a man who is charged with registering several "blank check" companies.
FASB Proposes Changes to Hedge Accounting
By Joe McCafferty
September 15, 2016
The Financial Accounting Standards Board (FASB) has issued a new proposal that it says would make "targeted improvements" to the accounting guidance for hedging activities.
Bridging Internal Audit's Gender Gap
By Joe McCafferty
September 15, 2016
The road to equality for women in the internal audit profession has been a bumpy one. It's led to some higher plateaus, sure, but it also has left plenty of hills still to climb.
With Wells Fargo, It's Déjà Vu All Over Again
By Joe McCafferty
September 15, 2016
It's often said that the regulatory response to a large financial scandal or series of frauds will be swift and sweeping, and that it will do absolutely nothing to stop the next series of frauds or scandals.
Audit Once, Use Many: The Benefits of a HITRUST Certification
By Cathlynn Nigh
September 15, 2016
As you may have heard, healthcare organizations have been under attack during the last three-plus years by various types of malicious hackers.
How Internal Audit Can Be a Force for Good
By Joe McCafferty
September 08, 2016
It's not often that you hear about auditors and accountants in the same breath as aid workers, healthcare providers, or charity workers. Indeed, you won't find internal audit on Forbes' list of the 25 Most Meaningful Professions. And yet, internal audit can be a force for good.
Conducting Audits of Marketing and Media Programs
By Angela Saferite
September 08, 2016
Cash rebates, free media inventory rebates, mark ups from 30 to 90 percent, dual rate cards, and non-transparent business practices are all things that can keep senior audit managers and audit committee members of the board awake at night.
Internal Audit Pay Expected to Rise in 2017
By Joe McCafferty
September 08, 2016
Salaries of internal audit and IT audit professionals are expected to increase by an average of 3.9 percent in 2017, according to the latest annual salary guide from staffing firm Robert Half.
Making Culture into a Hard Science Tied to Risk Management
By Joe McCafferty
September 01, 2016
The Financial Crisis of 2008 cemented what many risk management experts have known for years: You can have an army of risk managers and all the sophisticated risk-management models and tools you like, but if there is something wrong with the culture of the organization and what we all now call the “tone at the top,” they won’t work.
Leveraging Diversity of Thought in Internal Audit
By Stefanie Diaz Thibeault
September 01, 2016
It's hard to justify recruiting great talent, investing in training, and passing on company knowledge, only to find that those recruits eventually leave for competitors because they didn't feel engaged. It's a story we've heard before.
Add 'Courage' to the List of Needed Internal Auditor Traits
By Joe McCafferty
September 01, 2016
For the last few years we've been hearing about the skills and traits needed for good internal auditors. The lists generally include things like communication skills, critical thinking, IT savvy, and business acumen. Add one more to the list: "courage."
SEC Pays $22 Million to Whistleblower Who Uncovered 'Well-Hidden' Fraud
By Joe McCafferty
September 01, 2016
The Securities and Exchange Commission (SEC) has awarded more than $22 million to a whistleblower this week, putting the agency over $100 million in total whistleblower bounties awarded since the program was established in February 2011 under the Dodd-Frank Act.
Kramer on Audit: Doing More with Less
By Joe McCafferty
August 25, 2016
Managing a small audit department is never easy. Covering a seemingly endless stream of risks with limited resources can be trying for any audit leader. Small audit department leaders must become experts in time management, stretching the budget, and focusing on what matters.
What Constitutes a Good Risk Culture?
By Joe McCafferty
August 25, 2016
Everyone knows that culture is set at the highest levels of the organization. We may all be tired of hearing about "tone at the top," but it's never been more important. Apart from influencing the culture of the organization as a whole, executives—especially the CEO—have a big role to play in setting the risk culture.
The Importance of Board Support to the Success of Internal Audit
By Jami Harris Shine
August 17, 2016
The role of internal audit in organizations is rapidly expanding as auditors move from being rule enforcers and compliance police to trusted advisors. Audit departments are being asked to audit culture, corporate strategy, and governance functions and are increasingly being consulted on key projects and business decisions.
Anti-Whistleblower Severance Agreement Lands Insurer in Hot Water
By Joe McCafferty
August 17, 2016
Companies might want to review their severance agreements and other employment contracts in light of a recent Securities and Exchange Commission (SEC) ruling. The SEC is taking issue with language that discourages employees or former employees from raising concerns about wrongdoing to its whistleblower office.
Data Analytics Still in Early Stages
By Joe McCafferty
August 11, 2016
Data analytics is supposed to be the great savior of the internal audit function. It has been heralded as the set of tools that will give organizations new insights into risk management, fraud, and corruption. It would free up internal auditors to use their skills on assessing non-traditional areas of the business and lower the cost of internal audit.
What's Next for Accounting Rulemaking?
By Joe McCafferty
August 11, 2016
The top U.S. accounting rulemaker is looking for more input on what projects it should tackle over the next few years as it moves into the post-convergence era of accounting rulemaking.
Positioning Internal Audit for the Future: A Global Perspective
By Joe McCafferty
August 11, 2016
One of the big themes of the Audit, Risk and Governance Africa conference held by MISTI in Accra last week was how to position internal audit for the future and how to ensure that the function continues to add value in the organization and remain relevant.
Big Challenges for Public Auditors in Africa
By Joe McCafferty
August 03, 2016
It's not easy to be an internal auditor at a public entity in Africa. "It takes a lot of bravery," said Graham Joscelyne, chair of the audit and ethics committee at the Global Fund to Fight Aids.
Add Internal Audit to Your List of Followers
By Karen Kroll
August 03, 2016
Social media sites are becoming a bigger part of most companies' plans to connect with customers and other stakeholders. And while sites like Twitter and Facebook can be powerful marketing tools, they are also fraught with risks.
Fraud Prevention Insights for Auditors
By H. David Kotz
August 03, 2016
In December 2007, I was appointed as the Inspector General of the Securities and Exchange Commission (SEC) and served in that capacity until January 2012. An IG is an internal watchdog for a governmental body with its primary purpose being to identify and reduce waste, fraud, and abuse in the agency. IGs supervise both internal audit and investigative units.
SEC Hits South American Airline with Bribery Charges
By Joe McCafferty
August 03, 2016
The Securities and Exchange Commission (SEC) has charged South American-based LAN Airlines with making illegal payments to attempt to settle a labor dispute, in violation of the Foreign Corrupt Practices Act.
Audit Leaders Uneasy About the Future of Internal Audit
By Joe McCafferty
July 27, 2016
A survey by the Big Four audit firm finds that a startling number of audit leaders are concerned about the skills and expertise their teams have to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support in the years ahead.
Auditing the Incident Response Plan
By Joe McCafferty
July 27, 2016
No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan.
FASB Wants Better Disclosure of Business Income Tax Information
By Joe McCafferty
July 27, 2016
The Financial Accounting Standards Board (FASB) issued a proposed Accounting Standards Update that is intended to enhance disclosure requirements on business income taxes.
Six Steps the Audit Committee Can Take To Empower Internal Audit
By Joe McCafferty
July 20, 2016
As Audit Committees work to strengthen how companies approach risk management, corporate reporting, cybersecurity, and other key areas, they are relying on internal audit to provide more value, greater oversight, and better communication about issues of concern.
Should Internal Audit Have A Bigger Cybersecurity Role?
By Joe McCafferty
July 20, 2016
There isn't a company out there, big or small, that doesn't have some concerns about cybersecurity. Some have called it the biggest problem of our time for companies. Given the potential for the types of disasters Target, Sony, and so many others have experienced, it's no surprise that internal audit has played an important role in ensuring that cybersecurity systems are in place and functioning.
The Factors That Contribute to Internal Audit 'Maturity'
By Joe McCafferty
July 20, 2016
A new research report from The IIA finds a wide variety of factors influence the maturity levels of internal audit functions around the world. The age and size of the internal audit function, industry type, organizational size, and other variables often influence how quickly internal audit functions can operate to deliver a high level of value.
Companies Woefully Unprepared for New Lease Accounting Standards
By Joe McCafferty
June 09, 2016
Just 10% of companies are prepared to adopt the new Financial Accounting Standards Board (FASB) lease accounting standards, according to a recent report by audit firm, Deloitte.
Audit Committees Expanding Audit Oversight Role
By Joe McCafferty
June 02, 2016
U.S. regulators have expanded the role of the Audit Committee in recent years to oversee the hiring and performance of the external auditor in the hopes of improving audit quality. In many ways, the U.S. was just catching up with audit governance practices that were already common in Europe.
Corruption's Toll on Companies Takes Many Forms
By Joe McCafferty
May 27, 2016
Companies are paying a huge price for worldwide corruption and bribery, even if they are adopting practices to fight against it. That's because the cost of corruption takes many forms, including loss of business to less scrupulous companies, regulatory requirements, and lost opportunities in regions where corruption risks are too high.
SEC Issues Guidance on Non-GAAP Reporting
By Joe McCafferty
May 27, 2016
The fury over the increasing use of non-GAAP accounting measures when companies report earnings is building, and now the Securities and Exchange Commission (SEC) is weighing in with some guidance on practices that are and aren’t acceptable.
Auditors, Beware the Ebbing Tide
By Joe McCafferty
May 27, 2016
Senior management and boards are asking internal audit to do a lot of things, and that is also a good thing. But financial reporting assurance can’t become an afterthought. If it does, you’ll likely get exposed. And when the tide goes out, that warm sunlight will be shining on places where it hasn't shined before.
Is the Non-GAAP Reporting Freak Out Justified?
By Joe McCafferty
May 12, 2016
Late last month, the New York Times proclaimed, "Fantasy Math Is Helping Companies Spin Losses into Profits." A headline on Yahoo! in March warned, "Companies haven't fudged their numbers this much since the financial crisis.
What Makes an IT Audit Shop World Class?
By Fred Roth
May 12, 2016
The massive cyber heist affecting more than 100 financial institutions in some 32 countries is only the latest in a spate of data security breaches worldwide.
SEC Pushes Along on Disclosure Reform
By Joe McCafferty
May 06, 2016
Earlier this month the Securities and Exchange Commission (SEC) took the next step in its year’s-long campaign to reform the vast dump of information we collectively call financial disclosure.
Class-Action Lawsuits Based on Accounting Woes Rising
By Joe McCafferty
May 06, 2016
While Valeant Pharmaceuticals continues to battle allegations of bookkeeping misdeeds, it's not the only company dealing with accounting problems. The number of class-action securities law suits based on allegations of accounting missteps increased for the third straight year in 2015, according to a new report from Cornerstone Research.
More Companies Are Outsourcing Internal Audit
By Joe McCafferty
April 29, 2016
Companies are increasingly turning to outside service providers to help out with their internal audit activities, especially when it comes to specialized work, according to a recent report. An annual survey of global internal audit professionals finds that, on average, one in three corporate internal audit departments worldwide outsource some of that work to third-party services.
What Audit Committees Really Want From Internal Audit
By Joe McCafferty
April 29, 2016
In this podcast, Joseph McCafferty, former head of audit content at MIS Training Institute, talks with Blythe McGarvie, an author, speaker and director on several corporate boards. She is also chair of the Audit Committee at Viacom.
Rethinking Basic Principles of Risk Oversight
By Matt Kelly
April 29, 2016
Risk assurance today is nothing like what it used to be. Gone are the early days of risk assurance, where the external audit firm inspected financial statements and corporate compliance officers (assuming your firm had one) worked strictly on regulatory filings. The board simply reviewed the accuracy of audit and regulatory filings, and then talked strategy with the CEO.
The Enforcement Discussion Doesn't Have To Be One-Sided
By Joe McCafferty
April 27, 2016
During the past several years that I have covered corporate compliance, auditing, accounting, and other functions that intersect with government regulation, the executives and company representatives I've talked to have always chosen their words very carefully. That is, when they choose to talk at all.
PCAOB Floats New Rules for Audits Involving Multiple Auditors
By Joe McCafferty
April 22, 2016
The Public Company Accounting Oversight Board has proposed changes to audit standards that would require lead auditors to provide better oversight and take more responsibility for audit work that they farm out to other audit firms.
In Search Of A New Data Security Model
By Joe McCafferty
April 21, 2016
Most information security experts aren't afraid to state bluntly: "We're losing the battle for information security." But then again, we already knew that. Near-daily headlines about the latest cyber-theft or data breach have made that pretty clear to most people
Audit Regulator Continues Push for Better Accounting
By Joe McCafferty
April 21, 2016
Last week the Securities and Exchange Commission approved a $258 million budget for the Public Company Accounting Oversight Board. The PCAOB acts as a check on accounting firms that conduct audits of public companies.
Auditing Corporate Culture: A New Imperative
By Jose Tabuena
April 21, 2016
The emerging flavor of the month in regulatory circles is the “culture of compliance” with recognition that corporate culture has a profound influence on how an organization conducts its business.
Five Steps to Planning an Effective IT Audit Programme
By Joe McCafferty
April 20, 2016
A new report finds that internal auditors increasingly directing risk-management efforts
Internal Auditors Assuming More Strategic Roles
By Joe McCafferty
April 14, 2016
Internal auditors are making progress at carving out a more strategic role for themselves and are gaining influence with management and the board at their organizations, according to a new report out earlier this month.
Corruption Risks Expected to Increase
By Joe McCafferty
April 14, 2016
Bad news for internal auditors, compliance executives, and risk managers who were hoping that bribery and corruption risks would start to subside after being on high alert for the last few years: they are actually increasing.
Four Common Contributors to Vendor Management Risk
By Joe McCafferty
April 07, 2016
When you outsource business processes you incur risk. And these days there are few companies that don't outsource at least some parts of their business. Getting a handle on these risks is vital, but not easily done.
Small Internal Audit Shops Struggle with Quality Reviews
By Joe McCafferty
April 07, 2016
No one doubts the value of conducting a Quality Assurance Review (QAR) to gauge how well the internal audit program is meeting its goals. Yet, for some companies a QAR is a luxury they cannot afford.
Cyber Security Becoming a Regular Part of Audit Plan
By Joe McCafferty
March 31, 2016
Discover the top 10 priorities for Internal Audit!
Dusting off Those Continuous Auditing Plans
By Fred Roth
March 31, 2016
Back in 1980, a popular accounting magazine asked: "Are we ready for continuous auditing?" That publication is no longer in circulation, but decades later, this question remains relevant.
What Audit Committees Want
By Joe McCafferty
March 31, 2016
Chief audit executives know the feeling of having to serve many masters. They have several constituencies they must answer to or advise—including management, business lines, regulators, and shareholders—all while retaining their independence to provide clear and objective views.
Protecting the Independence and Objectivity of CAEs
By Joe McCafferty
March 31, 2016
When The IIA proposed changes to its professional practice standards last month, it included new guidance for CAEs on measures they should take to safeguard their independence and objectivity when the job takes them outside the realm of traditional audit.
Hallmarks of a World-Class IT Audit Shop
By Fred Roth
March 24, 2016
As the use of information technology continues to proliferate, so do the associated risks organizations face. This article addresses the topic of what, specifically, constitutes a world-class IT audit department.
Survey Suggests Internal Audit Slow to Address Emerging Risks
By Joe McCafferty
March 24, 2016
A new survey from the Institute of Internal Auditors (IIA) suggests that internal audit departments are not changing fast enough to address emerging risks that lie outside the traditional purview of internal audit.
Expense Reporting Still a Common Place to Hide Bribery
By Joe McCafferty
March 17, 2016
This week the Securities and Exchange Commission settled a case with Mass.-based technology company PTC Inc. and its Chinese subsidiaries that could create new imperatives for internal audit practices and assurance of anti-bribery programs.
Internal Audit's Crucial Role in Anti-Bribery Programs
By Joe McCafferty
March 17, 2016
In this podcast, Joseph McCafferty, former head of audit content at MISTI, talks with Thomas Fox, an attorney who specializes in the Foreign Corrupt Practices Act and who edits the FCPA Compliance and Ethics blog.
High-Speed Growth Shouldn't Mean High Risk
By Joe McCafferty
March 17, 2016
Earlier this week, high-flying business software startup Zenefits got its wings clipped. The San Francisco-based company, which provides online tools to help small businesses manage their human resources and employee benefits functions, forced out its founder and CEO, Parker Conrad.
Changing Standards for a Changing Profession
By Joe McCafferty
March 10, 2016
How fast is the internal audit profession changing? So fast that its main professional association, the Institute of Internal Auditors (IIA), is planning to update its bedrock professional standards.
Internal Audit to Lean More on Outside Providers
By Joe McCafferty
March 02, 2016
Increasingly, companies are looking to third parties to provide internal audit services. A new study from the Institute of Internal Auditors finds that 56% of U.S. executives surveyed said their companies use third parties for some internal audit activity. That number is expected to climb, especially among large companies.
Don't Mute the Messenger
By Joe McCafferty
March 02, 2016
The buzz for the last few years now is that social media represents a unique risk that companies must manage, lest they leave their corporate reputations hanging out there for others to tweet all over them.
Bridging the Gap Between Enterprise Information Security and the Business
By Dave McPhee
February 25, 2016
Information security and the business need to be in a partnership, not a dictatorship with one party demanding the other follow certain rules and guidelines.
The Hallmarks of a Good (External) Audit
By Joe McCafferty
February 24, 2016
How can we tell if the external auditors are doing a good job? Often we can’t. Lots of companies have had large accounting and fraud issues blow up shortly after the external auditors issued a clean audit opinion.
Buyers Beware: Supply Chain Risks Intensifying
By Joe McCafferty
February 16, 2016
Can you be sure that your suppliers are on the up and up? Sounds like a job for internal audit. It’s every company’s worst nightmare: A call comes in to corporate communications from a reporter from 60 Minutes looking for a comment for a damaging piece they are airing in few weeks.
Integrating IT into the Internal Audit Process
By Fred Roth
February 10, 2016
Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing, an approach that can help them on both counts.
When Controls Do More Harm Than Good
By Joe McCafferty
February 10, 2016
In this podcast, Joseph McCafferty, head of audit content at MIS Training Institute, talks with Brian Barnier, a principal at ValueBridge Advisors and an OCEG fellow, about the role of controls in audit and risk management and their limitations.
Don't Lose Sight of the Basics
By Joe McCafferty
February 04, 2016
Think financial executives are most worried about cyber-security risks or the mounting new regulations they must navigate? Think again. While those are certainly big concerns, financial executives are, from a compliance and audit perspective, most worried about something much more mundane: internal controls over financial reporting.
Can You Audit Corporate Culture?
By Joe McCafferty
January 25, 2016
In this podcast, Joseph McCafferty, former head of audit content at the MIS Training Institute, sits down with Jose Tabuena, a former internal auditor and compliance executive at various companies including Orion Health and Texas Health Resources, to talk about the role of internal audit in influencing and shaping corporate culture.
Introducing the Good-Guy Stock Index
By Joe McCafferty
January 25, 2016
A group of global investors is hoping that convincing companies to adopt good governance standards—and avoid making decisions that provide a quick pop but don’t support long-term goals—can be a lucrative proposition.
The Whole World Is Watching - Are You?
By Joe McCafferty
January 22, 2016
Last Friday, the Securities and Exchange Commission’s whistleblower office announced an important first: It revealed the only award to date for aiding in the prosecution of securities fraud paid to an individual who had never worked at the company in question.
Beyond the Usual Suspects
By Joe McCafferty
January 20, 2016
Several studies have pointed recently to a shortage of skilled internal auditors. Some commentators have even referred to the difficulty organizations are having filling job openings and the competition for capable internal auditors as a “war for talent.”
Safety in Numbers - How Data Analytics Can Enable Internal Audits Ambitious Agenda
By Joe McCafferty
January 19, 2016
It’s no secret that internal audit is being pulled in several different directions these days and that the demands on the function are greater than they have ever been. A partial solution to the mounting workload has been available for years now, but audit shops have been slow to embrace it.
Are You Getting Value for Money Out of Your Employee Screening Programme?
By Jenny Reid
January 14, 2016
Hiring new employees is a delicate balance between finding someone that’s the right fit for the position as well as the right fit for the company itself.
Dispelling the Myth of the Introverted Internal Auditor
By Joe McCafferty
January 12, 2016
You’ve heard the jokes, I’m sure: “How do you tell an extroverted accountant? He’s the one that looks at your shoes when he’s talking to you.” The idea that accountants and, by association, auditors are introverts is, of course, a long-standing trope born in the days of the back-office bean counter.
Encouraging Stronger Adoption of PCI DSS Compliance
By Gill Woodcock
October 27, 2015
You want be to secure, you need to be PCI DSS compliant. Too many companies see these as two different goals, and maybe even have different departments and people looking at them. Or worse still, they treat PCI DSS compliance as a box to be ticked, involving the least amount of time, money and effort possible.
If Your Security Architecture Is Largely Based on Protective Measures, Think Again
By Dr. Martin Stemplinger
October 15, 2015
It seems that hardly a day goes by without news coverage of a high-profile data breach or successful attack. All these organisations employ security teams that do their best to secure their IT environment, although some organisations may lack the necessary focus on security or simply don't provide sufficient budget. Nevertheless, why do all these data breaches occur?
The Changing Face of Cybercrime
By Mark Johnson
October 02, 2015
The more things change, the more they stay the same, or so it seems. Naive users share their passwords with the world, senior managers expose printed confidential material to the gaze of the news media, systems stay unpatched and vulnerable to hackers for months or years, while more than half the population continues to visit dodgy websites that serve up all manner of malware infections.
(ISC)² Security Congress EMEA
By Chris Clarke
September 16, 2015
Building on the success of the first EMEA Congress and suggestions from our members/community, the second Annual (ISC)² Security Congress EMEA will offer attendees six tracks of member presentations, together with panel discussions, keynotes and interactive sessions to inform and update all those involved in IT and information security - whatever their skill level and specialism.
The newest feature from MISTI - our blog!
By Chris Clarke
September 16, 2015
We are very excited to introduce the newest feature of the MISTI website – the “MISTI blog”. Here you will gain insights into not just who MISTI is – but compelling, valuable resources and information for Internal Auditing, Risk Management, Fraud and Corruption and Information Security.