Internal Audit Insights

How to Take Your Data Analytics Program to the Next Level

By Joseph McCafferty

November 14, 2019

Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do.

Cybersecurity, Data Governance Continue to Challenge IT Audit

By Joseph McCafferty

November 07, 2019

A slew of new studies and reports find that companies still struggle mightily to get a handle on IT-related risks, such as cybersecurity, data governance, and digital privacy.

The Evolution of HR Audits

By Ronald Adler

October 31, 2019

HR audits have evolved from a simple checklist of dos and don’ts or periodic affirmative action plans to a comprehensive, sustainable process that is an integral part of the organization’s internal controls, due diligence, and risk management function.

How Internal Audit Can Work with Compliance to Increase Value

By Sean Chen

October 24, 2019

Ten things that internal audit can do when working with compliance to leverage the qualities of both functions and create value for the organization.

How Internal Audit Can Leverage Resources to Gain Needed Skills

By Joseph McCafferty

October 15, 2019

Internal audit leaders must be more resourceful in acquiring needed skills and capabilities to conduct audits in areas of emerging risk and new technologies.

Applying Agile Principles to Internal Audit

By Imtiaz Hussain

October 07, 2019

Many internal audit shops are adopting Agile principles in an attempt to create a more flexible and customer-oriented audit function. And while the results have been promising, expect a few bumps along the way.

How Internal Audit Can Cultivate a Culture of Innovation

By Joseph McCafferty

October 03, 2019

Many internal audit departments are struggling to keep up with fast-moving technologies and widespread change in the profession. Staying on track will require more than adopting new technology, it will involve adopting a new mindset.

How Total Quality Auditing Can Help Internal Audit Achieve Excellence

By Amanda “Jo” Erven

September 26, 2019

Could a decades-old management strategy that helped U.S. and European companies respond to the gains in quality made by Japanese manufacturers in the 1980s somehow help internal audit shops improve their game?

Drawing the Lines: What’s Wrong with the Three Lines of Defense Model?

By By Joseph McCafferty

September 15, 2019

Where, exactly, does responsibility lie in a modern corporation for ensuring that risks are being identified and managed?

How Internal Audit Can Better Convey Risks Using a Heat Map

By Joseph McCafferty

September 12, 2019

A definitive guide to producing, using, and improving a risk heat map at your organization.

A Discussion on the Three Lines of Defense Model

By Marcos Colon

September 05, 2019

In this Internal Audit Insights interview, MISTI's Dr. Hernan Murdock discusses how the internal audit function can benefit from the Three Lines of Defense Model.

Cybersecurity Progress: Where Does Internal Audit Stand Today?

By Marcos Colon

August 27, 2019

In the full video interview below, MISTI's Director of Instructional Technologies and Innovation, Shawna Flanders, discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions.

Stop Telling Professionals How to Do Their Jobs

By Hernan Murdock

August 20, 2019

In this video interview with MISTI's Dr. Hernan Murdock, he explains why micro-managing is a big problem in internal audit and offers up advice on how audit leaders can overcome it.

Regulations That Beef Up Security in 2019

By Marcos Colon

August 13, 2019

It's not only the information security department that needs to stay on top of cybersecurity regulations. Internal audit also plays a big role. In this interview with MISTI's Shawna Flanders, she discusses the regulations internal audit should keep top of mind.

Five Reasons that Explain Why Internal Audit Matters

By Hernan Murdock

August 06, 2019

People choose a line of work for a variety of reasons. Sometimes it is because it pays very well, or it is what our parents steered us towards. It could be because it is the only job in town or because it is glamorous. Regardless of the circumstances and career path that brought you to internal audit, an important question begging for an answer is: Why do you stay?

Adding Value by Using a More Proactive Approach to Internal Auditing

By Hernan Murdock

July 30, 2019

Traditionally, internal auditing was done retroactively. While our methodology has relied on this practice and it has been used widely for a long time, one of the issues with this after-the-event approach is that the actions have already occurred. It is based on auditors focusing on issue detection.

How Internal Auditors Can Give and Receive Feedback

By Hernan Murdock

July 23, 2019

Receiving feedback is an essential element in every internal auditors’ development. In this feature article, MISTI's Dr. Hernan Murdock provides seven key practices that should be part of this process to make it most effective.

Nine Essential Skills for Internal Audit Success

By Hernan Murdock

July 02, 2019

Those entering the internal audit and compliance professions often wonder what they need to do to succeed in their new careers. There is a lot to learn. In fact, the general advice is to become lifelong learners. But there is also the constant pressure from within the department. Here, MISTI's Dr. Hernan Murdock lists nine skills and actions essential for success.

Seven Key Internal Audit Actions for Success

By Hernan Murdock

July 02, 2019

The work of internal auditors and compliance professionals is filled with frameworks, regulations, and policies and procedures documents that define the path for operational effectiveness. Follow those guidelines, manage risk effectively and the likelihood of success increases. But what about our own success?

Building the Audit Function of 2020

By Dawn Papandrea

June 25, 2019

Your organisation has decided to take the important step of creating an internal audit function, and you’ve been tasked to build it. Building out teams from scratch is always a challenge, but internal audit departments have an especially important role.

Audit Writer’s Hub: Mentoring Better Writers

By Sarah Swanson

June 21, 2019

Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.

2019 Internal Audit Priorities: Cybersecurity (Part 4)

By Marcos Colon

June 11, 2019

In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.

2019 Internal Audit Priorities: Skills & Competencies (Part 3)

By Marcos Colon

June 04, 2019

In part three of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Patti Puccinelli, vice president of audit advisory services at ManpowerGroup, who discussed why it’s so important for internal audit leaders to continually keep pace with the latest skills and competencies required for the function to achieve its objectives.

2019 Internal Audit Priorities: Resources (Part 2)

By Marcos Colon

May 28, 2019

In part two of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Holland, director of internal audit at Modine Manufacturing, who shared his thoughts on the state of resources for the modern-day internal auditor.

How to Stand Together Against Fraud and Corruption

By Nigel Iyer

May 21, 2019

If the famous English dramatist Oscar Wilde was alive today writing farces about fraud, he might have said: “There is only one thing worse than finding fraud and corruption, and that is not finding it". So, what is the problem? Why does no one seem to discover fraud until really late in the game? Why is there always so much shock when it is located?

2019 Internal Audit Priorities: Workforce Development (Part 1)

By Marcos Colon

May 21, 2019

In part one of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Cook, managing director of internal audit at Robert W. Baird, who shared his thoughts and advice on how audit leaders today can realign their resources effectively.

Audit Writer’s Hub: 5 Editing Mistakes You Can Fix Right Now

By Sarah Swanson

May 01, 2019

It’s easy to overlook your own grammar errors. But you’ll be a better writer if you become mindful of your writing and correct your own editing mistakes. Here are five common editing mistakes we all make or might have questions about. Maybe a couple will resonate with you.

How to Beat Robots When Performing COSO-Based Reviews

By Hernan Murdock

April 23, 2019

Robots are having a growing influence on organisational practices and this dynamic is of great interest to internal auditors and compliance professionals who examine the impact of these technologies on organisational objectives, risks and controls. But they also present a growing concern as the work performed by internal auditors may be replaced by machines.

Micro-Managing in Internal Audit: Stop Telling Professionals How to do Their Jobs

By Hernan Murdock

April 16, 2019

The work of internal auditors and compliance professionals is complex, challenging and often, unfortunately, under-appreciated by their clients. What makes matters even more stressful for these professionals is that their managers sometimes micro-manage them.

9 Critical InfoSec Tips That Every Internal Auditor Should Master

By Karen Kroll

April 09, 2019

Cybersecurity is top of mind for most executives and board members, as well as to internal audit. While the information security team may be in charge of measurably reducing cyber risk within the business, internal audit has an important role to play too.

Using High-Quality Evidence to Provide Reasonable Assurance

By Hernan Murdock

April 04, 2019

Evidence is something that provides proof and it proves or disproves something. It is presented as verification of the facts at issue and generally includes the testimony of witnesses, and the examination of records, documents, and objects. This feature by MISTI's Dr. Hernan Murdock, examines the qualitative elements to consider when it comes to leveraging high-quality evidence.

An Expanded View of the Performance Audit Scope

By Hernan Murdock

April 02, 2019

Performance auditing is the review of a program or process, and the systems supporting it, to determine whether it is achieving the primary goals of efficiency, effectiveness, and economy in its use of available resources. These reviews are often done in government and non-profit entities, but they are equally important in the for-profit sector.

How to Quantify the Economic Costs and Benefits of Controls

By Hernan Murdock

March 28, 2019

To become trusted advisors to management it would help if we spoke the same language they do. While auditors and compliance professionals often talk in terms of controls, and increasingly in terms of risk, managers and business leaders often talk in terms of costs, benefits, revenue, reputation, and market share.

Boosting Your Internal Audit Career Through Coaching and Mentoring Programs

By Hernan Murdock

March 26, 2019

Internal auditing is a complex field of work that is undergoing significant changes. Today's internal auditors are tasked with managing their careers, so they remain relevant in the short and longer terms. Given this complex environment, it is not surprising that mentoring and coaching have emerged as essential tools to help auditors grow professionally.

Give your Readers a Boost: 5 Tips to Using the Right Transition

By Sarah Swanson

March 21, 2019

Transitions are those juicy, bite-size gourmet words that connect ideas, sentences, paragraphs, and even sections. Too often, we can misuse, overuse, or omit transitions. This article covers how to use transitions to improve clarity in your reports.

Strategic Messaging and Influencing Skills: A Framework for Internal Auditors

By Jill Schiefelbein

March 19, 2019

Last month in an article about setting the stage for better decision-making we learned about four elements that you should be considering before you even form the words you want to say. This month it’s all about the messaging.

Co-Establishing the Need: Internal Audit’s Role in Getting Buy-in at the Client Level

By Jill Schiefelbein

March 14, 2019

One of the most overlooked, but essential, elements of the persuasive process is establishing a definite need in your to-be-persuaded-audience’s mind. In other words, how does the client know that they need what you have to offer? Here, we explore the topic.

The Many Benefits of Rotation Programs

By Hernan Murdock

March 12, 2019

As business processes become more complex, information more widely dispersed, and the risk environment more complicated, the need for internal auditors to adapt to this new environment becomes imperative. This is where rotation programs can really save the day.

How to Approach Internal Audit Recruitment

By Karen Kroll

March 07, 2019

The search for qualified, competent internal auditors remains a challenge for many audit departments. As internal audit leaders continue to struggle qualified additions to their teams, what areas should they be focusing on and what steps can they take? This feature story answers those questions.

Interested in Becoming an IT Auditor? Here’s What to Know and Do

By Heather Dean Bennington

March 05, 2019

So, what exactly does an IT auditor do? In this article, we provide a broad breakdown of an IT auditor's responsibilities, the necessary skills to become one, how an IT auditor interacts with other roles throughout their organisation, and more.

Why Symposiums Promote Collaborative Learning in Internal Audit

By Hernan Murdock

March 05, 2019

Internal auditors must engage in lifelong learning. They are increasingly participating in webinars, consuming online content, and listening to podcasts. While all of these actions are conducive to learning, there is another learning opportunity that many internal auditors and compliance professionals may not be familiar with: Symposiums.

Communication Skills for Junior Auditors: What to Know and Why

By Jill Schiefelbein

February 26, 2019

There are some common communication mistakes that junior auditors make. Lucky for you, this article is going to point these foibles out and show you how you can change the trajectory of your communication to show confidence, not self-consciousness.

7 Things to Know About IT GRC in the Cloud

By Heather Bennington

February 19, 2019

In migrating to the cloud, many challenges are present, and perhaps one of the largest challenges is updating an organisation’s overall GRC program. Here, we've gathered a number of things that IT auditors should know about IT GRC in the cloud.

Auditing The Supply Chain in 2019: What to Know and Why

By Karen Kroll

February 19, 2019

Much internal audit work has focused on financial transactions and controls. Now, many auditors are adding supply chain audits to their responsibilities. In this feature article, we've broken down some of the common risks associated with supply chains.

How Internal Audit Can Benefit From the Three Lines of Defence Model

By Hernan Murdock

February 12, 2019

The Three Lines of Defence Model provides a framework to clarify the involvement and alignment of multiple assurance providers acting on behalf of their client organisations. It has become increasingly common to have various risk and control professionals working side by side to help their organisations manage risk and increase the likelihood of achieving strategic and operational goals.

Cybersecurity and Regulatory Changes in 2019

By Heather Bennington

February 07, 2019

As we work toward the thick of the year, we've compiled a list of which cybersecurity regulations could be impactful this year, some of the challenges that they could present, and the reasons behind some of the changes we've highlighted below.

Fraud Investigation Reports vs. Audit Reports: What’s the difference?

By Sarah Swanson

February 05, 2019

As fraud investigations get folded into the internal audit department, some audit shops are tempted to frame a fraud report in the same format and tone as the audit report. The idea couldn’t be more wrong. Read on for ways to present a full and succinct fraud investigation report using report design, content, and tone.

How Internal Audit Can Get Innovative

By Hernan Murdock

January 31, 2019

In internal audit, the methodologies of the past may have made the organization successful, but there is no guarantee that those same procedures will lead to success in the future. In this featured article, MISTI's Dr. Hernan Murdock highlights some examples of ways that innovation can help internal auditors, but most importantly, outlines how they can get started.

Audit Writer’s Hub: Does Your Report Format Fit Your Needs?

By Sarah Swanson

January 29, 2019

Every company has a different way to communicate and a different report format to use. Well, there is no best way – each format has its pros and cons and you have to weigh the benefits of each format for your audience.

How People Decide: Setting the Stage for Optimal Decision Making

By Jill Schiefelbein

January 24, 2019

Most advice people have regarding decision making is along the line of, “weigh your options”, “get outside advice from a trusted source”, or “look at the cost-benefit or ROI”. That advice is fine and dandy, but it ignores one key fact: If the stage on which the decision is made isn’t set appropriately, the decision may not be the best. Here are four steps to set the stage for productive conversations and more efficient decisions.

Privacy in the Age of Big Brother: What It Means for IT Audit

By Marcos Colón

January 22, 2019

Technology has impacted quite a lot, but privacy is likely what hits closest to home for everyone. Internal Audit Insights catches up with IHS Markit Internal Audit Director Tony Redlinger, who discusses what the state of privacy is today, and more importantly, what impact it has on the modern-day IT auditor.

Integrating Fraud Testing Into Your Audit Program: A Guide for Chief Auditors

By Leonard Vona

January 17, 2019

Fraud costs organisations millions of dollars each year. Simply Google the phrase “fraud scheme,” and you will discover more news stories than you have time to read. If auditors do not detect and stop a fraud scheme, they have cost their organisation real money. So, another question for you: Do you want to explain to your audit committee why your department did not detect a $63 million fraud?

Becoming a Risk Assessment Unicorn

By Steve DeSantis

January 15, 2019

You’ve read a bazillion articles on data analytics theory (ho-hum) in auditing. And we'll be the first to say that we've written a variety on this site. But this time around, let’s focus on how to actually use those data analytics in a single audit area: risk assessments.

Women in Internal Audit: Opportunities, Challenges, and More in 2019

By Marcos Colón

January 10, 2019

Internal Audit Insights catches up with Nancy Luquette, senior vice president and chief risk and audit executive at S&P Global, who shares her take on the state of women in internal audit in 2019 and the challenges many female practitioners face, but more importantly, how they can overcome them.

How Your Organisation Can Benefit from Internal Audit Rotation Programs

By Hernan Murdock

January 08, 2019

As business processes become more complex, information more widely dispersed, and the risk environment more complicated, the need for internal auditors to adapt to this new environment becomes imperative.

How Non-Technical Auditors Can Tackle IT Risks

By Marcos Colón

January 03, 2019

Internal Audit Insights caught up with Jami Shine, corporate and IT audit manager at Quiktrip Corp, who shared some proven advice on how non-technical auditors can overcome some of the challenges associated with IT risks.

Internal Audit Insights Top 10 in 2018

By Marcos Colón

December 27, 2018

And just like that, another year has gone by. We've had a blast providing you with insights all throughout the year, covering audit report writing, project management, and coverage on emerging technology. Here we've compiled a list of the most read articles.

The Dos and Dont’s of Navigating Touchy Audit Interviews Through Language

By Marcos Colón

December 21, 2018

Communication's expert Jill Schiefelbein chats with Internal Audit Insights and offers up her take on what makes audit interviews so difficult for the modern-day internal auditor, and also offers up specific advise you can use during your next audit interview to ensure you're navigating those encounters effectively.

The Three-Part Approach to Closing the Audit Plan

By Ernest Anunciacion

December 21, 2018

Effectively closing the audit plan and landing on specific action items to pursue can be a challenge. In this contributed article, Workiva's Ernest Anunciacion provides three steps to close this year's audit plan and prepare for next year.

Implementing Your Audit Department’s Top Technological Audit Practices

By Marcos Colón

December 18, 2018

Data analytics is being leveraged more than ever by internal audit departments, but for those that haven't jumped on the bandwagon yet, this interview with CVS Health's head of data analytics explains the benefits, challenges, and misconceptions tied to the technology.

How Internal Audit Can Improve the Organisation's Tone and Culture

By Hernan Murdock

December 18, 2018

The concept of “tone” plays a key role in the control environment of the organisation. While it is set at the top, it should cascade without distortion or gaps throughout the entire organisation.

Audit Writer’s Hub: Delete the Nothings and Get to Something

By Sarah Swanson

December 11, 2018

In this edition of the Audit Writer's Hub, we specifically tackle some of the pesky nothings – unimportant sentences, filler phrases, and negative phrasing – that creep into our writing and how to get rid of them.

High-Impact Skills for Developing and Leading Your Audit Team

By Marcos Colón

December 06, 2018

MISTI’s Dr. Murdock shares what the status of the internal auditor is today, in addition providing some key audit leadership techniques that many up-and-coming audit leaders are commonly unaware of.

The Impact Selective Language Can Have on Your Audit Interviews

By Jill Schiefelbein

December 04, 2018

With increased access to cost-effective and user-efficient digital communication technologies that allow people to intentionally or spontaneously connect from any place, at any time, we have opportunities to collaborate like never before.

The Three Key Elements of Professional Scepticism

By Hernan Murdock

December 04, 2018

Professional scepticism is a critical component of an internal auditor's duty of care that applies throughout any engagement. It's an attitude that includes a questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence. Here are the three key elements of scepticism you should know .

The Low Down on Integrated Auditing

By Marcos Colón

November 29, 2018

In this video interview with Internal Audit Insights, Constance Snelling, director of IT risk at Jackson National Life, offers up the essential skills that are needed to be a successful IT auditor today and how this ties into performing an integrated audit.

Preparing for Robotic Process Automation: What Internal Auditors Need to Know

By Ed Williams & Venkatesh Krishnamoorthy

November 27, 2018

RPA, robotics, robots, bots … as internal auditors you have undoubtedly been hearing this terminology tossed around more and more. What exactly is it? Why is it such a hot topic? Here we answer those questions.

GRC at the Speed of Business

By Marcos Colón

November 22, 2018

Internal Audit Insights catches up with Ford Winslow, CEO of ICE Cybersecurity, to discuss what the “speed of business” has had on GRC controls, and what IT auditors should prepare for.

How to Use Balanced Scorecards to Measure the Performance of Internal Audit Departments

By Hernan Murdock

November 19, 2018

The balanced scorecard is a system used to make sure business operations are aligned with the organization’s mission, vision, and strategy. Since it uses several measures to determine success, it helps those involved to balance what is achieved with how it is achieved. Here's how.

How to Create a Fraud Risk Statement for Your Fraud Audit Program

By Leonard Vona

November 15, 2018

There tends to be a fair amount of confusion when it comes to a fraud risk identification approach versus an experience-based approach but here we set out to create a list of universal definitions intended to clarify how and why you might use this approach.

Do DevOps and Compliance Go Hand in Hand?

By Marcos Colón

November 13, 2018

IT audit is only beginning to familiarize itself with DevOps as more organizations begin to deploy successful programs. But is it fair to say that DevOps and compliance go hand in hand? In this video interview with Atlassian Risk Futurist Guy Herbert, he gives his take on the topic.

4 Strategies to Head up Risk Management in your Company

By Sarah Swanson

November 13, 2018

As auditors, we all know that internal audit is uniquely positioned to understand where risks lay within an organization. But sometimes audit doesn’t get the opportunity to communicate the company’s risks to a broader audience. Here, we share a few ideas to help internal audit build bridges between knowing, communicating, and fixing risk in a company.

Leveraging Virtual Team Meetings as Part of the Internal Audit Process

By Jill Schiefelbein

November 06, 2018

Many internal audit teams are not using video conferencing and virtual meetings to their advantage. When they're set up for success, research shows that virtual teams can be more effective in solving quick, simple problems than face-to-face teams.

Common Visual Cues that Could Send Your Audit Client the Wrong Message

By Jill Schiefelbein

November 01, 2018

As an internal auditor, it’s not just your words, it’s the absence of words or untimely words that could still convey a message to an audit client. It’s not only your actions, but it’s also the lack of action. All of these aspects result in communication. Communications expert Jill Schiefelbein explains more.

What Internal Auditors Should Know About Dirty Money Centres

By Veronica Morino, Asia Chernova, and Nigel Iyer

November 01, 2018

As Dirty Money Constellations continue to move from the “Islands of Shame” to the re-emerging epicentres of power, should we just be passive observers or is there something we can do?

Balancing the Risks of Today with an Eye on the Risks of Tomorrow

By Alec Arons

October 29, 2018

A great deal has changed over the years when it comes to risk, including the willingness and interest of CAE’s, Audit Committees and Boards to talk about risk. As part of the increase in dialogue relating to risk and risks on the horizon much has been written and discussed. Here, Experis's Alec Arons consolidates that information.

The IT Audit Checklist for Emerging Risks

By Sarah Swanson

October 22, 2018

Many organisations are still failing to effectively audit areas such as cloud security or even social media. So what areas should you be covering and why? This article answers questions tied to that topic. Here you'll find the top IT risks that consistently vex companies and protect your assets.

Using Histograms to Better Understand Data

By Hernan Murdock

October 22, 2018

Histograms are a very powerful tool to analyze data because they show the distribution of a continuous variable in a diagram and their appearance is similar to bar graphs. In this feature article, MISTI's Dr. Hernan Murdock explains how internal auditors can leverage them.

How to Make Findings and Recommendations More Persuasive

By Hernan Murdock

October 16, 2018

Persuasion is an important aspect of internal auditing that doesn’t receive enough attention or coverage. Internal auditing is done to verify that conditions and practices are as expected, and to identify opportunities for improvement within organizations.

Can Internal Auditors Perform Advisory Reviews While Remaining Independent?

By Nancy Luquette

October 11, 2018

Is serving as an advisor and maintaining internal audit’s essential responsibility of objectivity, free of management influence, possible? Spoiler alert: Yes. And it’s both necessary and crucial to the internal audit profession’s standing in any organization.

How Internal Auditors Can Change How Audit Clients Listen to Them

By Jill Schiefelbein

October 09, 2018

In a perfect world, the client is receptive, understands each recommendation, and takes immediate corrective action. But we all know that perfect world doesn’t exist. In this informative feature, communications expert Jill Schiefelbein explains what internal auditors can do to make audit clients more receptive to their communication.

Complex Fraud Scheme: Vendor Overbilling Part 2

By Leonard Vona

October 04, 2018

In this second installment of our two-part series on vendor overbilling, we look at how to use fraud data analytics designed to uncover a complex fraud scheme and the fraud audit procedures designed to provide credible evidence.

Complex Fraud Scheme: Vendor Overbilling Part 1

By Leonard Vona

October 02, 2018

Fraud expert and MISTI instructor, Leonard Vona, selected a complex corruption scheme and a complex overbilling scheme to illustrate how fraud auditing can detect even the most complex schemes.

Common Audit Committee Questions on Cybersecurity

By Marcos Colón

October 01, 2018

Internal Audit Insights catches up with Yulia Gurman, Director of Internal Audit and Corporate Security at the Packaging Corporation of America on the common questions that audit committee members have tied to cybersecurity, and what IT auditors should prepare for.

Assessing Cyber Risk: What You Don’t Know Can Hurt You

By Stephen Head

September 26, 2018

Measurably reducing cyber risk in the business is an obstacle nearly all organizations face today. Needless to say, it's critical for businesses to conduct cyber risk assessments. In this contributed article by Experis' Stephen Head, he dives into the topic.

GRC at the Speed of Business

By Marcos Colón

September 20, 2018

Internal Audit Insights catches up with Ford Winslow, CEO of ICE Cybersecurity, to discuss what the “speed of business” has had on GRC controls, and what IT auditors should prepare for.

Using Cause and Effect Diagrams to Find the Root Cause of Issues

By Hernan Murdock

September 20, 2018

One of the challenges internal auditors encounter when analyzing a finding is identifying the root cause of the problem. This is where the Cause and Effect Diagram can help. In this featured post, MISTI's Dr. Hernan Murdock explains how and why.

A Call to Internal Audit: Don't Just Write, Tell a Story!

By Ross E. Wescott MA CISA CIA CCP CUERME

September 11, 2018

Internal auditors do not always come into the profession knowing how to write well. That's why there's so much material available on writing clearly. But what if there was an alternative perceptive that would transform an internal auditor's written and spoken communication?

Adapting to the New Normal of Internal Audit

By Imran Zia

September 06, 2018

Rapidly accelerating pressures are fueling the need for the internal audit profession to transform its thinking from being financial controls-centric to shareholder value-centric. Here's how internal auditors can adapt to this "new normal."

The Pareto Diagram: A Tool for Internal Audit to Focus on What Matters Most

By Hernan Murdock

August 30, 2018

As internal auditors increase their use of data analytics to better understand process characteristics, isolate issues and perform more accurate root cause analysis, the Pareto Diagram continues to grow as a useful tool for them.

The Dos and Don'ts of IT GRC in the Cloud

By Marcos Colón

August 23, 2018

IT audit expert Mark Thomas, president of Escoute Consulting, chats with Internal Audit Insights on the impact that cloud migration has had on the business, and shares the major Dos and Don'ts that IT auditors should know about GRC in the cloud.

How Internal Auditors Can Leverage the Balanced Scorecard

By Hernan Murdock

August 21, 2018

The balanced scorecard is a system used for planning and management to make sure business operations are aligned with the organization’s mission, vision, and strategy. In this featured article, MISTI's Dr. Hernan Murdock explains how you can use it to your advantage.

Training the Internal Auditors of Tomorrow

By Karen Kroll

August 14, 2018

As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge.

Innovation: The New Imperative for Internal Audit

By Terry Hatherell, Deloitte Global Internal Audit Leader

August 14, 2018

As organizations continue to evolve and innovate, new risks arise. Meanwhile, the larger business environment continues to change, often rapidly and in unexpected ways. This places new demands on the internal audit function.

Internal Audit Data Analysis Using Benford’s Law

By Hernan Murdock

August 09, 2018

Organizations are accumulating large amounts of data and internal auditors are rapidly increasing their mining for, and use of, these sizable data sets. This proliferation of data raises the question of how to extract meaning from it all.

Leveraging Virtual Team Meetings: Four Tips for Success

By Jill Schiefelbein

August 07, 2018

With distributed workforces and flexible workstyles, virtual team meetings are becoming commonplace in the internal audit function. Many times, though, virtual meetings aren’t taken with the same level of seriousness as in-person meetings are.

What Risks Do Blockchain Present the Enterprise?

By Karen Kroll

August 02, 2018

As the number of blockchain implementations continues to grow, internal auditors will need to learn about both the promise and risk this technology offers. So what exactly is blockchain technology and what does it mean to you as an internal auditor? This article answers that question.

Audit Writer’s Hub: 3 Steps to Improve Risk Statements

By Sarah Swanson

July 31, 2018

If you’ve ever read or written a sentence along the lines of “Financial misstatement could lead to financial loss,” or “Non-compliance with policies” (what does that even mean anyway?), then read on for some tips to improve the risk statement.

How to Develop a Strong 'Tone at the Top'

By Karen Kroll

July 29, 2018

The value of a strong "tone at the top" cannot be underestimated as it can improve a company's performance. The benefits of a strong tone at the top should be of interest to leaders in all departments within every organization. Here's what you can do to evaluate it.

Using Scatter Diagrams to Understand Numerical Relationships

By Hernan Murdock

July 24, 2018

Scatter diagrams can help find the answer to many questions. Internal auditors can leverage them to analyze pairs of numerical data and show the relationship between two variables. In this feature write-up, MISTI's Dr. Hernan Murdock highlights their benefits.

Privacy in 2023: What Internal Audit Can Expect

By Heather Dean Bennington

July 19, 2018

The European Union’s GDPR is officially in effect, but that’s likely not the last regulation that will be implemented that has an impact on the internal audit function. Here’s what you should consider five years from now.

The Internal Auditor’s Guide to Masterfully Speaking to Boards and Committees

By Jill Schiefelbein

July 18, 2018

The presentation skills that you were likely taught in high school and college in no way prepared you for the reality of delivering reports in front of boards and audit committees. This article is your crash-course in small group presentations and gives you two key areas to consider.

Being Creative While Conducting Internal Audits

By Hernan Murdock

July 17, 2018

Creativity is the use of imagination or original ideas, but it's not that important for internal auditing. Given that reporting rules and regulations are non-negotiable, there is little room for creativity and original ideas, right? Wrong! Here's what you can do to be creative while conducting audits.

Rotational Auditing and Fishing

By Sarah Swanson

July 10, 2018

Rotational auditing has been a fishing hole for years. The pros and cons have been fished around too. And then fished around some more. Auditors have a way of fishing. But paddling deeper into audit's consulting water, rotational auditing could provide a venue for teaching risk awareness.

IT Audit Should Consider These Third-Party Risk Traps

By Marcos Colón

July 05, 2018

TalaTek’s Baan Alsinawi provides an update on the state of third-party risk management as it relates to IT auditors and sheds light on the hidden traps they should look out for as it relates to trusted business partners.

How IT Audit Can Break Down Communication Silos

By Marcos Colón

June 28, 2018

Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.

Using Key Performance and Key Risk Indicators to Provide Timely Assurance

By Hernan Murdock

June 26, 2018

Information drives modern organizations, so it is imperative that metrics be used that give management objective information. In this instructive article by MISTI's Dr. Hernan Murdock, he advises on how internal auditors can do just that.

Who Owns Risk at the End of the Day?

By Marcos Colón

June 21, 2018

Fastpath’s Keith Goldschmidt discusses who the real owners of risk are within the enterprise, but also offers up insight on what IT audit can do to help streamline communication and do their part in creating a “risk culture” within the business.

Developing Continuous Control Monitoring Procedures Without Losing Independence

By Hernan Murdock

June 19, 2018

When designing continuous auditing procedures, auditors and management must think through what the metrics are, and what thresholds would trigger the auditors’ desire to gain a better understanding of operational issues.

DevOps: What IT Audit Needs to Know

By Marcos Colón

June 18, 2018

XebiaLabs’ Robert Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.

Five Elements of an Effective Audit Planning Process

By Wade Brylow

June 17, 2018

After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.

Audit Writer’s Hub: Spicing Up Mumbling Dump Trucks

By Sarah Swanson

June 12, 2018

In the last Audit Writer’s Hub, we talked about crafting gourmet audit issues, instead of mass-produced, dollar-menu issues. This week, we focus on mumbling words and long-winded sentences.

How Technology Impacts the Internal Auditor of Today

By Marcos Colón

June 07, 2018

Onspring’s Jason Rohlf discusses how technology has impacted the internal auditor of today, but also offers tips on how auditors can stay ahead of the curve, rather than play catchup.

Closing the Internal Audit Talent Gap

By Karen Kroll

June 05, 2018

The internal audit function is not immune to the challenges that come with acquiring and retaining talented individuals in the department. In this article, we identify several strategies that can help you recruit talented internal audit candidates.

Finding IT Help for your Business

By Sarah Swanson

May 31, 2018

According to MISTI’s annual Internal Audit Priorities Report, internal audit leaders are in need of hiring outside assistance for challenges they face surrounding IT security. Here, we share a few tips to help you find the best IT consultant for your needs.

Why Words, Not Numbers, Are the Internal Auditor’s Most Valuable Currency

By Jill Schiefelbein

May 29, 2018

Numbers and fancy charts are only able to tell part of the story for internal auditors. If you want your reports and your data to come alive for your clients, you need to make your words matter. Words, when it comes to driving action, are your most valuable currency. Here's why.

From Corporate Cop to Trusted Advisor

By Hernan Murdock

May 24, 2018

Internal auditors have been working toward shedding the "corporate cop" label given to them within the enterprise. But what is a trusted advisor? What do they do and what behaviors are necessary to become a trusted advisor?

How to Audit Whistleblower Programs

By Hernan Murdock

May 22, 2018

The Sarbanes-Oxley Act of 2002 Section 301 requires publicly-traded companies to have a whistleblowing program. But, how do we know if the program is effective? This article should help get you on your way.

How to Keep Millennials in Internal Audit

By Sarah Swanson

May 17, 2018

When salary is fixed and the perks are what a Gen Xer would like but maybe not a millennial (i.e., catered lunches, unlimited paid time off, yoga hour), how does an audit shop change their philosophy to cater to the younger crew? Below we explore different ways to motivate a millennial auditor.

Looking to Improve Your Audit Cycle? Try This

By Karen Kroll

May 15, 2018

To continually operate more efficiently and add greater value to the business, internal audit has to boost its performance throughout each stage of the audit cycle. The guidelines below can help you improve the risk assessment, planning, execution, and reporting stages of the audit cycle.

How Internal Auditors Can Strategize for the Mundane, Part 2

By Sarah Swanson

May 14, 2018

We recently discussed the intersection of emotional intelligence and strategic intelligence. Here are some more common strategic areas to look at. One of these may be similar to your company, or maybe you have some additional strategic areas too. We’d love to hear about them.

When Emotional Intelligence Meets Strategic Intelligence for Internal Auditors, Part 1

By Sarah Swanson

May 08, 2018

Infusing an audit with strategic intelligence can be a little uncomfortable. But a little stretch does an auditor (and the company) good. Here, we've provided a few tips to articulate the big picture to your team and your auditee.

5 Ways to Continuously Audit Without Data Analytics

By Sarah Swanson

May 03, 2018

If continuous auditing doesn’t strictly mean automated data analytics or fancy software, then it means a larger group of internal audit shops can employ continuous auditing. This article highlights five ways you can continuously audit your business without all the software and by just using your brain.

Why Internal Auditors Should Lead with Their Relevancy and Value, Not Their Title

By Jill Schiefelbein

May 01, 2018

As an Internal Auditor what you do is NOT your title. It's NOT your longevity in the field. It's NOT a credential. However, as an internal auditor the question "What do you do?" typically doesn't receive a straightforward answer. Here we provide you with an activity that will get you thinking about what you DO, and help you communicate it effectively.

How to Develop a Stronger Relationship with the Second Line of Defense

By Karen Kroll

April 26, 2018

In this feature article, we caught up with some top subject matter experts that shared their best advice on how internal auditors can develop stronger relationships with their colleagues in the functions that make up the second line of defense.

Audit Writer’s Hub: Dollar-Menu Burgers and Grammar Passive Voice and 3 Steps to Fix Your Sentence

By Sarah Swanson

April 24, 2018

Even if you’re a dollar-menu writer now, that does not mean you always will be. Anyone can become a gourmet audit report writer. Over the next few weeks, Audit Writer’s Hub articles will focus on specific writing tips to help you begin crafting your gourmet issues. This week, we look at passive voice.

7 Areas to Focus on to Improve Your Relationship with Audit Clients

By Karen Kroll

April 19, 2018

Developing a strong working relationship with audit clients goes a long way, but that can be a lot easier said than done. In this post, we examine 7 areas that internal auditors can focus on that will help them improve their relationships with audit clients.

Essential Steps to Tackling Vendor Risk Management

By Sarah Swanson

April 16, 2018

Internal audit is positioned to help evaluate risk that arises from working with vendors. Here we outline steps for determining which vendors to audit and what to focus on during the audit.

How Internal Audit Can Benefit from Force Field Analysis

December 21, 2017

Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.

How to Manage Outside Audits Performed on Your Organisation

By Marcos Colón

December 20, 2017

Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.

Stayin’ Alive with Integrated Auditing

By Sarah Swanson

December 19, 2017

For those that do integrated audits, the concept is a no-brainer. Integrated audits are an efficient, holistic approach to the business. But, if the idea of integrated auditing is untapped, then it’s a brave new world to check out. Below are some points to get the conversation started in your company.

The IT Auditors Role in Today’s Complex, Evolving Enterprise

By Marcos Colón

December 18, 2017

Forrester Research's Robert Stroud discusses the current state of the enterprise as it relates to IT auditors and why it’s important to bridge the gaps between audit, IT audit, compliance, and security within organizations.

Audit Writer’s Hub: The Art of Tidying Up Narratives

By Sarah Swanson

December 12, 2017

Today, we’ll be cleaning out the metaphorical “auditor’s closet.” The auditor’s closet comes stashed with a variety of documents that identify, document, record, and communicate specific controls for both you and whoever needs to review these controls in the future.

Remain Relevant as an Internal Auditor by Doing This

By Marcos Colón

December 11, 2017

In this exclusive video interview with Internal Audit Insights, MISTI's Dr. Murdock offers up key steps that internal auditors should take to remain relevant and continue to add value to the business.

5 Critical Social Media Tips for Internal Auditors

By Sarah Swanson

December 04, 2017

If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organisation.

Knocking Your SOX off with COSO

By Sarah Swanson

December 03, 2017

Just like each area of a jungle gym needs solid attention (lest there be risks), so do the right areas of an audit require attention to maintain the health of a company.

What Every Audit Customer is Thinking, But Won't Ever Say

By Sarah Swanson

November 28, 2017

Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.

Investigate, Understand and Forgive: A Realistic Alternative to Zero Tolerance

By Nigel Iyer

November 27, 2017

Fraud and corruption are all around us. As internal auditors, if we're so heavy handed with the few “sinners” we catch, won’t the large majority who didn't get caught breath a huge sigh of relief and just try even harder to stay hidden?

Audit Writer’s Hub: Is Your Audit Report written to a flock of Wild Turkeys?

By Sarah Swanson

November 21, 2017

Between varied audiences and modern communication standards (dense information in few words), internal auditors must make sure they’re writing to their end audience.

Effective Audit Committee Communication: Keys to Success for Internal Auditors

By Ed Williams

November 15, 2017

Few things can derail the audit committee’s perception, confidence, and trust of internal audit faster and more profoundly than ineffective communications to and from the internal audit function.

Do We Understand What a Risk Event Is?

By Norman Marks

November 13, 2017

People talk about a risk event as if it is obvious what it is and what it means. But that's certainly not always the case.

Why Internal Auditors Should Use the 5 Whys Method for Root Cause Analysis

By Dr. Hernan Murdock

November 10, 2017

The Five Whys is one of the simplest tools for cause analysis. It is easy to use, and the approach consists of asking “why” multiple items, each of which probes further into the source of the problem.

How to Attract and Retain High-Impact Internal Auditors

By Alec Arons

November 06, 2017

Whether the organisation as a whole is onboard or not, corporate audit needs to develop and embrace programs designed to meet the needs of a changing workforce if they are to attract and retain top talent.

Taking Your Audit Career to the Next Level: How to Separate Passion from Emotion

By Daniel A. Clark

November 05, 2017

As an internal auditor, there's nothing wrong with having passion for what you do. Passion supports the search of truth and ensures objective momentum to a conclusion. But it's important to know that emotion, on the other hand, is not passion.

Eight Things Every Internal Auditor Should Know About Sarbanes Oxley

By Matt Kelly

November 04, 2017

As SOX turns 15 this fall, let’s widen the lens to capture what SOX is really about: its history, its goals, and the most important points to remember for an effective SOX compliance experience.

Strategies for Building Killer Audit Teams

By Sarah Swanson

October 30, 2017

Whether you are creating an audit team, adding new auditors to your existing team, or flat-out enjoying audit like we do, read on for tips to creating an internal audit team with all the right flavors.

Taking Your Internal Audit Career to the Next Level: Quick Tips to Express Your Team Support

By Daniel A. Clark

October 24, 2017

Believe it or not, some orchestral tunes offer up important bits of wisdom that can easily apply to the internal audit function. In part one of this two-part series, Dan Clark describes what internal auditors can learn from Joseph-Maurice Revel's "Bolero".

You Are What the Search Engine Finds!: Tips to Ensure Online Privacy

By Shawna Flanders

October 22, 2017

When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.

5 Tips to Ride the Wave of Rotational Auditing

By Sarah Swanson

October 17, 2017

Where companies may do some variation of a rotational program, perhaps using rotational auditors is an untapped resource in your company. If rotational auditing sounds like something you’d like to try – do it. We put together a few steps to get going in that direction.

Understand the Objective of Your Audit, Or Fail

By William Nealon

October 10, 2017

To have a successful audit outcome, it’s imperative to understand the objective of your audit. Keeping your focus on the end result is imperative.

Internal Audit’s Role in Third Party Data Protection

By Tom O'Reilly

October 09, 2017

Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.

Don’t George Costanza Your Next Internal Audit Meeting

By Michael McShea

October 07, 2017

Internal auditors would fare well-taking inspiration from these iconic Seinfeldisms and keeping the following five ideas in mind to better structure their meetings and help them be more efficient.

It’s Time to Put a Little More Management in Your Risk Management

By Richard Archer

September 26, 2017

Just because a company has a robust risk management system in place doesn't guarantee that it will actually manage risk well. An ineffective manager will mismanage risks, no matter how strong the risk management system is.

Communication Tips to Increase Auditor Effectiveness

By Chris Hollands

By Joe McCafferty

June 08, 2017

Internal audit leaders continue to fret about hanging on to their top talent. In a recent survey, they ranked staffing concerns, including retention, as among their greatest worries.

2017: The Year of Computer-Generated Audit Reports?

By Chris Hollands

June 08, 2017

I was reading an interesting article the other day about Artificial Intelligence (AI) and cognitive computing. I thought it might be worth sharing some of the thoughts with you in case you had ever contemplated using automation in the compilation of one of your reports.

Is Internal Audit Neglecting Environmental, Health and Safety Risks?

May 03, 2017

Why do some internal auditors effectively prepare workpapers and write audit reports with ease, yet stumble when it comes to most other forms of communication?

FCA Says Reward Staff

March 22, 2017

Finding the right candidates to fill internal audit positions is getting more and more difficult. Which is why Thomas Sanglier, director of internal audit at Raytheon, has found a unique alternative.

Competition for Candidates Driving Internal Audit Pay Higher

By Joe McCafferty

March 15, 2017

The competition for internal audit talent remains fierce, pushing salaries for in-demand internal auditors ever so higher. Two new salary surveys out from recruiting and staffing companies find that salaries for internal auditors at all levels continue to grow at a brisk pace.

Understanding Risk-Based IT Audit Planning

By Fred Roth

March 08, 2017

Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization.

A Revolution in Risk Management

By Norman Marks

March 08, 2017

The management of risk, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives.

Tell Us How We Did: More Internal Audit Departments Surveying Auditees

By Karen Kroll

March 01, 2017

Over the past few years, more internal audit departments are seeking to shed their reputation as the company's monitors and provide more value and service to those they audit.

Five Reasons to Audit the Risk Management Function

By Joe Underwood

March 01, 2017

Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive.

A Novella Approach to Internal Audit

By Joe McCafferty

March 01, 2017

It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.

Help Wanted: Internal Audit Talent Gap Widening

By Joe McCafferty

By Chris Clarke

September 16, 2015

Building on the success of the first EMEA Congress and suggestions from our members/community, the second Annual (ISC)² Security Congress EMEA will offer attendees six tracks of member presentations, together with panel discussions, keynotes and interactive sessions to inform and update all those involved in IT and information security - whatever their skill level and specialism.

The newest feature from MISTI - our blog!

By Chris Clarke

September 16, 2015

We are very excited to introduce the newest feature of the MISTI website – the “MISTI blog”. Here you will gain insights into not just who MISTI is – but compelling, valuable resources and information for Internal Auditing, Risk Management, Fraud and Corruption and Information Security.