- Home
- Internal Audit Insights
Internal Audit
ft: f: 2000-01-01t: 3000-01-02c: 2018-09-19
asdf
Featured Article:
A Call to Internal Audit: Don't Just Write, Tell a Story!
By Ross E. Wescott MA CISA CIA CCP CUERME
September 11, 2018
Internal auditors do not always come into the profession knowing how to write well. That's why there's so much material available on writing clearly. But what if there was an alternative perceptive that would transform an internal auditor's written and spoken communication?
Adapting to the New Normal of Internal Audit
By Imran Zia
September 06, 2018
Rapidly accelerating pressures are fueling the need for the internal audit profession to transform its thinking from being financial controls-centric to shareholder value-centric. Here's how internal auditors can adapt to this "new normal."
The Three-Part Approach to Closing the Audit Plan
By Ernest Anunciacion
September 04, 2018
Effectively closing the audit plan and landing on specific action items to pursue can be a challenge. In this contributed article, Workiva's Ernest Anunciacion provides three steps to close this year's audit plan and prepare for next year.
The Pareto Diagram: A Tool for Internal Audit to Focus on What Matters Most
By Hernan Murdock
August 30, 2018
As internal auditors increase their use of data analytics to better understand process characteristics, isolate issues and perform more accurate root cause analysis, the Pareto Diagram continues to grow as a useful tool for them.
The Dos and Don'ts of IT GRC in the Cloud
By Marcos Colón
August 23, 2018
IT audit expert Mark Thomas, president of Escoute Consulting, chats with Internal Audit Insights on the impact that cloud migration has had on the business, and shares the major Dos and Don'ts that IT auditors should know about GRC in the cloud.
How Internal Auditors Can Leverage the Balanced Scorecard
By Hernan Murdock
August 21, 2018
The balanced scorecard is a system used for planning and management to make sure business operations are aligned with the organization’s mission, vision, and strategy. In this featured article, MISTI's Dr. Hernan Murdock explains how you can use it to your advantage.
Training the Internal Auditors of Tomorrow
By Karen Kroll
August 14, 2018
As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge.
Innovation: The New Imperative for Internal Audit
By Terry Hatherell, Deloitte Global Internal Audit Leader
August 14, 2018
As organizations continue to evolve and innovate, new risks arise. Meanwhile, the larger business environment continues to change, often rapidly and in unexpected ways. This places new demands on the internal audit function.
Internal Audit Data Analysis Using Benford’s Law
By Hernan Murdock
August 09, 2018
Organizations are accumulating large amounts of data and internal auditors are rapidly increasing their mining for, and use of, these sizable data sets. This proliferation of data raises the question of how to extract meaning from it all.
Leveraging Virtual Team Meetings: Four Tips for Success
By Jill Schiefelbein
August 07, 2018
With distributed workforces and flexible workstyles, virtual team meetings are becoming commonplace in the internal audit function. Many times, though, virtual meetings aren’t taken with the same level of seriousness as in-person meetings are.
What Risks Do Blockchain Present the Enterprise?
By Karen Kroll
August 02, 2018
As the number of blockchain implementations continues to grow, internal auditors will need to learn about both the promise and risk this technology offers. So what exactly is blockchain technology and what does it mean to you as an internal auditor? This article answers that question.
Audit Writer’s Hub: 3 Steps to Improve Risk Statements
By Sarah Swanson
July 31, 2018
If you’ve ever read or written a sentence along the lines of “Financial misstatement could lead to financial loss,” or “Non-compliance with policies” (what does that even mean anyway?), then read on for some tips to improve the risk statement.
How to Develop a Strong 'Tone at the Top'
By Karen Kroll
July 29, 2018
The value of a strong "tone at the top" cannot be underestimated as it can improve a company's performance. The benefits of a strong tone at the top should be of interest to leaders in all departments within every organization. Here's what you can do to evaluate it.
Using Scatter Diagrams to Understand Numerical Relationships
By Hernan Murdock
July 24, 2018
Scatter diagrams can help find the answer to many questions. Internal auditors can leverage them to analyze pairs of numerical data and show the relationship between two variables. In this feature write-up, MISTI's Dr. Hernan Murdock highlights their benefits.
Privacy in 2023: What Internal Audit Can Expect
By Heather Dean Bennington
July 19, 2018
The European Union’s GDPR is officially in effect, but that’s likely not the last regulation that will be implemented that has an impact on the internal audit function. Here’s what you should consider five years from now.
The Internal Auditor’s Guide to Masterfully Speaking to Boards and Committees
By Jill Schiefelbein
July 18, 2018
The presentation skills that you were likely taught in high school and college in no way prepared you for the reality of delivering reports in front of boards and audit committees. This article is your crash-course in small group presentations and gives you two key areas to consider.
Being Creative While Conducting Internal Audits
By Hernan Murdock
July 17, 2018
Creativity is the use of imagination or original ideas, but it's not that important for internal auditing. Given that reporting rules and regulations are non-negotiable, there is little room for creativity and original ideas, right? Wrong! Here's what you can do to be creative while conducting audits.
Rotational Auditing and Fishing
By Sarah Swanson
July 10, 2018
Rotational auditing has been a fishing hole for years. The pros and cons have been fished around too. And then fished around some more. Auditors have a way of fishing. But paddling deeper into audit's consulting water, rotational auditing could provide a venue for teaching risk awareness.
IT Audit Should Consider These Third-Party Risk Traps
By Marcos Colón
July 05, 2018
TalaTek’s Baan Alsinawi provides an update on the state of third-party risk management as it relates to IT auditors and sheds light on the hidden traps they should look out for as it relates to trusted business partners.
How IT Audit Can Break Down Communication Silos
By Marcos Colón
June 28, 2018
Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.
Using Key Performance and Key Risk Indicators to Provide Timely Assurance
By Hernan Murdock
June 26, 2018
Information drives modern organizations, so it is imperative that metrics be used that give management objective information. In this instructive article by MISTI's Dr. Hernan Murdock, he advises on how internal auditors can do just that.
Who Owns Risk at the End of the Day?
By Marcos Colón
June 21, 2018
Fastpath’s Keith Goldschmidt discusses who the real owners of risk are within the enterprise, but also offers up insight on what IT audit can do to help streamline communication and do their part in creating a “risk culture” within the business.
Developing Continuous Control Monitoring Procedures Without Losing Independence
By Hernan Murdock
June 19, 2018
When designing continuous auditing procedures, auditors and management must think through what the metrics are, and what thresholds would trigger the auditors’ desire to gain a better understanding of operational issues.
DevOps: What IT Audit Needs to Know
By Marcos Colón
June 18, 2018
XebiaLabs’ Robert Stroud highlights what it is that IT audit needs to know about DevOps, why they should care, and offers up ways in which they can approach DevOps in a constructive manner that ultimately reduces risk in the organization.
Five Elements of an Effective Audit Planning Process
By Wade Brylow
June 17, 2018
After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.
Audit Writer’s Hub: Spicing Up Mumbling Dump Trucks
By Sarah Swanson
June 12, 2018
In the last Audit Writer’s Hub, we talked about crafting gourmet audit issues, instead of mass-produced, dollar-menu issues. This week, we focus on mumbling words and long-winded sentences.
How Technology Impacts the Internal Auditor of Today
By Marcos Colón
June 07, 2018
Onspring’s Jason Rohlf discusses how technology has impacted the internal auditor of today, but also offers tips on how auditors can stay ahead of the curve, rather than play catchup.
Closing the Internal Audit Talent Gap
By Karen Kroll
June 05, 2018
The internal audit function is not immune to the challenges that come with acquiring and retaining talented individuals in the department. In this article, we identify several strategies that can help you recruit talented internal audit candidates.
Finding IT Help for your Business
By Sarah Swanson
May 31, 2018
According to MISTI’s annual Internal Audit Priorities Report, internal audit leaders are in need of hiring outside assistance for challenges they face surrounding IT security. Here, we share a few tips to help you find the best IT consultant for your needs.
Why Words, Not Numbers, Are the Internal Auditor’s Most Valuable Currency
By Jill Schiefelbein
May 29, 2018
Numbers and fancy charts are only able to tell part of the story for internal auditors. If you want your reports and your data to come alive for your clients, you need to make your words matter. Words, when it comes to driving action, are your most valuable currency. Here's why.
From Corporate Cop to Trusted Advisor
By Hernan Murdock
May 24, 2018
Internal auditors have been working toward shedding the "corporate cop" label given to them within the enterprise. But what is a trusted advisor? What do they do and what behaviors are necessary to become a trusted advisor?
How to Audit Whistleblower Programs
By Hernan Murdock
May 22, 2018
The Sarbanes-Oxley Act of 2002 Section 301 requires publicly-traded companies to have a whistleblowing program. But, how do we know if the program is effective? This article should help get you on your way.
How to Keep Millennials in Internal Audit
By Sarah Swanson
May 17, 2018
When salary is fixed and the perks are what a Gen Xer would like but maybe not a millennial (i.e., catered lunches, unlimited paid time off, yoga hour), how does an audit shop change their philosophy to cater to the younger crew? Below we explore different ways to motivate a millennial auditor.
Looking to Improve Your Audit Cycle? Try This
By Karen Kroll
May 15, 2018
To continually operate more efficiently and add greater value to the business, internal audit has to boost its performance throughout each stage of the audit cycle. The guidelines below can help you improve the risk assessment, planning, execution, and reporting stages of the audit cycle.
How Internal Auditors Can Strategize for the Mundane, Part 2
By Sarah Swanson
May 14, 2018
We recently discussed the intersection of emotional intelligence and strategic intelligence. Here are some more common strategic areas to look at. One of these may be similar to your company, or maybe you have some additional strategic areas too. We’d love to hear about them.
When Emotional Intelligence Meets Strategic Intelligence for Internal Auditors, Part 1
By Sarah Swanson
May 08, 2018
Infusing an audit with strategic intelligence can be a little uncomfortable. But a little stretch does an auditor (and the company) good. Here, we've provided a few tips to articulate the big picture to your team and your auditee.
5 Ways to Continuously Audit Without Data Analytics
By Sarah Swanson
May 03, 2018
If continuous auditing doesn’t strictly mean automated data analytics or fancy software, then it means a larger group of internal audit shops can employ continuous auditing. This article highlights five ways you can continuously audit your business without all the software and by just using your brain.
Why Internal Auditors Should Lead with Their Relevancy and Value, Not Their Title
By Jill Schiefelbein
May 01, 2018
As an Internal Auditor what you do is NOT your title. It's NOT your longevity in the field. It's NOT a credential. However, as an internal auditor the question "What do you do?" typically doesn't receive a straightforward answer. Here we provide you with an activity that will get you thinking about what you DO, and help you communicate it effectively.
How to Develop a Stronger Relationship with the Second Line of Defense
By Karen Kroll
April 26, 2018
In this feature article, we caught up with some top subject matter experts that shared their best advice on how internal auditors can develop stronger relationships with their colleagues in the functions that make up the second line of defense.
Audit Writer’s Hub: Dollar-Menu Burgers and Grammar Passive Voice and 3 Steps to Fix Your Sentence
By Sarah Swanson
April 24, 2018
Even if you’re a dollar-menu writer now, that does not mean you always will be. Anyone can become a gourmet audit report writer. Over the next few weeks, Audit Writer’s Hub articles will focus on specific writing tips to help you begin crafting your gourmet issues. This week, we look at passive voice.
7 Areas to Focus on to Improve Your Relationship with Audit Clients
By Karen Kroll
April 19, 2018
Developing a strong working relationship with audit clients goes a long way, but that can be a lot easier said than done. In this post, we examine 7 areas that internal auditors can focus on that will help them improve their relationships with audit clients.
Essential Steps to Tackling Vendor Risk Management
By Sarah Swanson
April 16, 2018
Internal audit is positioned to help evaluate risk that arises from working with vendors. Here we outline steps for determining which vendors to audit and what to focus on during the audit.
How Internal Audit Can Benefit from Force Field Analysis
By Hernan Murdock
April 05, 2018
Auditors in search of a great decision-making tool to identify the forces for and against a course of action should look no further than Force Field Analysis. In this feature by MISTI's own Dr. Hernan Murdock, he details how internal audit can leverage this technique.
5 Skills Internal Auditors Can Use to Refine Their Emotional Intelligence
By Sarah Swanson
April 03, 2018
If internal auditors are auditing people, then they need to have a humane approach. And to audit humanely, they need to show a degree of emotional intelligence. Here are five skills that can get you on your way.
5 Tips that Make Your Audit Budget Go Further
By Sarah Swanson
March 27, 2018
Small internal audit team, small budget. Large internal audit team, still small budget. What do you do to make sure you get the most out of your internal audit dollars? Here are some ideas to consider when making every dollar count.
The Fundamental Components of Evaluating Your Audit Team
By Jill Schiefelbein
March 22, 2018
Performance reviews are often viewed as arduous, time-consuming tasks. But they don’t have to be. Business communication expert Jill Schiefelbein dissects the two different aspects of evaluating one's audit team.
Are You Committing Blunders with Your Audit Committee?
By Sarah Swanson
March 13, 2018
If you're an internal auditor and are in the midst of creating a quarterly summary right now, we have people here who have created and delivered plenty of quarterly summaries to audit committees. Here are some of the ideas they shared that you should follow.
Why Auditing Social Media is Becoming Increasingly Important
By Marcos Colón
March 08, 2018
In this recent video shot at MISTI’s ITAC Conference, INARMA's Jason Claycomb gives his take on the state of auditing social media in the enterprise, and what steps internal auditors can take to monitor the risks associated with the technology.
5 Signs You Have a World-Class Audit Team
By Sarah Swanson
March 06, 2018
In this feature article, we catch up with one subject matter expert that discusses the qualities that world-class audit teams possess. Perhaps all these qualities are alive and spinning on your team right now. Or maybe the following will touch upon qualities worth recommitting to on your audit team.
How to Leverage Surveys in Internal Audit
By Hernan Murdock
March 01, 2018
Surveys can benefit internal audit when it comes to reviewing intangible topics such as corporate culture, entity-level controls, and an ethical environment. In this feature article, we highlight the critical stages of conducting and designing effective surveys.
How Audit Can Support the Incident Response Plan
By Sarah Swanson
February 27, 2018
Response plans vary somewhat. But here we'll focus on giving you the best insight on how the internal audit function can provide support for the business's incident response plan. Here's a look at some proven tips that can help you get started.
Preparing for the Future Class of Internal Auditors
By Marcos Colón
February 22, 2018
In this video interview with Glenn Sumners, Director of LSU's Center for Internal Auditing, he discusses what attracts his students to the internal audit program at LSU, what you can expect from the next crop of internal auditors, and how you can help them adjust to the internal audit department of today.
Why Speaking Cybersecurity Goes a Long Way for Internal Audit
By Sarah Swanson
February 20, 2018
Most auditors learn about IT but don’t come from IT backgrounds. Whereas auditing financial accounting is pretty straightforward, both IT and finance auditors tend to struggle in this brave new world of auditing cybersecurity.
Audit Writer's Hub: 7 Steps to Writing Better Root Causes Part 2
By Sarah Swanson
February 15, 2018
Picking up where we left off in part one of this two-part series, here we discuss strategies to determine if findings really need RCA and tips for discussing RCA with the audit client.
Audit Writer's Hub: 7 Steps to Writing Better Root Causes Part 1
By Sarah Swanson
February 13, 2018
If done well and communicated properly, reporting the root cause can be the glue your report needs to tie findings to the overall health of the company and create significant change for the business. This article provides some strategies to use in writing and communicating root cause in audit findings.
Is the "Data Asset" Really Different?
By Christopher Bradley
February 12, 2018
We hear copious amounts said that “Data is an asset”, “It's got to be managed”, “Few people in the business understand us”, and so on. This article is not trying to cast any doubt on the importance of data as an asset, but rather raise the level of debate from a subliminal nod to a conscious examination of the characteristics of different "assets" and to compare them with the “Data asset".
How Internal Audit Can Get More Information From Flowcharts
By Hernan Murdock
February 08, 2018
Drawing flowcharts can be time-consuming, but internal auditors can gain a wealth of information during and after preparing them. By following these suggestions the benefits will far exceed the costs.
What COSO’s Revised ERM Framework Means for Internal Audit
By Marcos Colón
February 06, 2018
In this interview featuring Bob Hirth, Chairman at COSO, he sheds light on the recent updates made to the COSO ERM framework, discusses what those changes mean for internal auditors, and advises on how to best leverage the framework.
Speed Up Your Audit Team's Performance with Data Analytics
By Sarah Swanson
January 31, 2018
Given the talents and skills that auditors possess (analyzing data, spotting trends, forming conclusions), auditors are in a perfect position in a company to be part of data analytic innovation. This article proposes a plan to fill in the gaps and implement data analytics in the business.
An Internal Auditor's Guide to Social Media
By Sarah Swanson
January 30, 2018
Within a communications group, chances are that someone is performing a level of auditing of weekly or monthly online analytics already. But it doesn’t hurt to talk to these people and fill in any gaps you discover. How effective is your social media presence and how do you audit it? This article should get you started on auditing social media within a larger audit.
Effective Inclusion: 3 Strategies for Seeking Talented Auditors
By Sarah Swanson
January 24, 2018
Historically, the Internal Audit profession has not been a leader on the topics of diversity and inclusion. Internal Audit Insights recently caught up with Adam Rutan of Cardinal Health who shared his audit team's experience of how they redefined diversity and improved their audit function along the way.
The Benefits of Leveraging the CIS Critical Security Controls
By Marcos Colón
January 23, 2018
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Five Signs Your Compliance Department Needs an Overhaul
By Marcos Colón
January 22, 2018
Data reveals that compliance modernization seems to be eluding most companies due to a host of reasons, and internal audit can play an important role in identifying areas of improvement. Here are five signs the compliance function needs fixing.
The Secret to Driving Value Through Artificial Intelligence
By Sarah Swanson
January 17, 2018
Rather than robotic humanoids or machines who have become “self-aware,” artificial intelligence might be better described as computer systems that can predict human behavior. For internal audit, it can be a handy tool for specific processes within audit and analyzing overall sets of data with greater accuracy and even predict risk.
What to Expect from the Next Crop of Internal Auditors
By Sarah Swanson
January 11, 2018
Because of technology and godlike accessibility, the new crop of auditors has a completely different paradigm, and previous generations must learn to connect with this generation to accomplish audit goals. With a widening skills gap between the top and the bottom students, we’ve compiled some ways to look for the worthwhile candidates for your company.
Audit Writer's Hub: 7 Steps to Overhaul Your Audit Report
By Sarah Swanson
January 04, 2018
This article won’t show you exactly how the report should look, but will you give you some of the basics to expunge elements of the old audit report so you can make room for the new audit report.
Readers Choice: Top 5 Articles of 2017
By Marcos Colón
January 03, 2018
You picked them! Here's a look at the most read articles published in The Audit Report in 2017. From building great audit teams to writing an audit report that gets results, you'll find a unique mix of some engaging content that answers some of your pressing questions.
Audit Writer’s Hub: Tone and the Chicken Little Dilemma
By Sarah Swanson
January 02, 2018
By improving the tone of the audit report, auditors maintained – if not, increased – the integrity of findings and developed better relationships with their clients. Rather than brutal honesty, auditors became humanely honest. Here are four strategies to improve tone in your audit reports.
How to Manage Outside Audits Performed on Your Organization
By Marcos Colón
December 21, 2017
Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.
How to Manage Outside Audits Performed on Your Organisation
By Marcos Colón
December 20, 2017
Raytheon's Thomas Sanglier discusses the positive impact that the internal audit function can make when it comes to handling outside audits, the challenges this task can present, and how to overcome them.
Stayin’ Alive with Integrated Auditing
By Sarah Swanson
December 19, 2017
For those that do integrated audits, the concept is a no-brainer. Integrated audits are an efficient, holistic approach to the business. But, if the idea of integrated auditing is untapped, then it’s a brave new world to check out. Below are some points to get the conversation started in your company.
The IT Auditors Role in Today’s Complex, Evolving Enterprise
By Marcos Colón
December 18, 2017
Forrester Research's Robert Stroud discusses the current state of the enterprise as it relates to IT auditors and why it’s important to bridge the gaps between audit, IT audit, compliance, and security within organizations.
Audit Writer’s Hub: The Art of Tidying Up Narratives
By Sarah Swanson
December 12, 2017
Today, we’ll be cleaning out the metaphorical “auditor’s closet.” The auditor’s closet comes stashed with a variety of documents that identify, document, record, and communicate specific controls for both you and whoever needs to review these controls in the future.
Remain Relevant as an Internal Auditor by Doing This
By Marcos Colón
December 11, 2017
In this exclusive video interview with Internal Audit Insights, MISTI's Dr. Murdock offers up key steps that internal auditors should take to remain relevant and continue to add value to the business.
5 Critical Social Media Tips for Internal Auditors
By Sarah Swanson
December 04, 2017
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organisation.
Knocking Your SOX off with COSO
By Sarah Swanson
December 03, 2017
Just like each area of a jungle gym needs solid attention (lest there be risks), so do the right areas of an audit require attention to maintain the health of a company.
What Every Audit Customer is Thinking, But Won't Ever Say
By Sarah Swanson
November 28, 2017
Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.
Investigate, Understand and Forgive: A Realistic Alternative to Zero Tolerance
By Nigel Iyer
November 27, 2017
Fraud and corruption are all around us. As internal auditors, if we're so heavy handed with the few “sinners” we catch, won’t the large majority who didn't get caught breath a huge sigh of relief and just try even harder to stay hidden?
Audit Writer’s Hub: Is Your Audit Report written to a flock of Wild Turkeys?
By Sarah Swanson
November 21, 2017
Between varied audiences and modern communication standards (dense information in few words), internal auditors must make sure they’re writing to their end audience.
Effective Audit Committee Communication: Keys to Success for Internal Auditors
By Ed Williams
November 15, 2017
Few things can derail the audit committee’s perception, confidence, and trust of internal audit faster and more profoundly than ineffective communications to and from the internal audit function.
Do We Understand What a Risk Event Is?
By Norman Marks
November 13, 2017
People talk about a risk event as if it is obvious what it is and what it means. But that's certainly not always the case.
Why Internal Auditors Should Use the 5 Whys Method for Root Cause Analysis
By Dr. Hernan Murdock
November 10, 2017
The Five Whys is one of the simplest tools for cause analysis. It is easy to use, and the approach consists of asking “why” multiple items, each of which probes further into the source of the problem.
How to Attract and Retain High-Impact Internal Auditors
By Alec Arons
November 06, 2017
Whether the organisation as a whole is onboard or not, corporate audit needs to develop and embrace programs designed to meet the needs of a changing workforce if they are to attract and retain top talent.
Taking Your Audit Career to the Next Level: How to Separate Passion from Emotion
By Daniel A. Clark
November 05, 2017
As an internal auditor, there's nothing wrong with having passion for what you do. Passion supports the search of truth and ensures objective momentum to a conclusion. But it's important to know that emotion, on the other hand, is not passion.
Eight Things Every Internal Auditor Should Know About Sarbanes Oxley
By Matt Kelly
November 04, 2017
As SOX turns 15 this fall, let’s widen the lens to capture what SOX is really about: its history, its goals, and the most important points to remember for an effective SOX compliance experience.
Strategies for Building Killer Audit Teams
By Sarah Swanson
October 30, 2017
Whether you are creating an audit team, adding new auditors to your existing team, or flat-out enjoying audit like we do, read on for tips to creating an internal audit team with all the right flavors.
Taking Your Internal Audit Career to the Next Level: Quick Tips to Express Your Team Support
By Daniel A. Clark
October 24, 2017
Believe it or not, some orchestral tunes offer up important bits of wisdom that can easily apply to the internal audit function. In part one of this two-part series, Dan Clark describes what internal auditors can learn from Joseph-Maurice Revel's "Bolero".
You Are What the Search Engine Finds!: Tips to Ensure Online Privacy
By Shawna Flanders
October 22, 2017
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
5 Tips to Ride the Wave of Rotational Auditing
By Sarah Swanson
October 17, 2017
Where companies may do some variation of a rotational program, perhaps using rotational auditors is an untapped resource in your company. If rotational auditing sounds like something you’d like to try – do it. We put together a few steps to get going in that direction.
Understand the Objective of Your Audit, Or Fail
By William Nealon
October 10, 2017
To have a successful audit outcome, it’s imperative to understand the objective of your audit. Keeping your focus on the end result is imperative.
Internal Audit’s Role in Third Party Data Protection
By Tom O'Reilly
October 09, 2017
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
Don’t George Costanza Your Next Internal Audit Meeting
By Michael McShea
October 07, 2017
Internal auditors would fare well-taking inspiration from these iconic Seinfeldisms and keeping the following five ideas in mind to better structure their meetings and help them be more efficient.
It’s Time to Put a Little More Management in Your Risk Management
By Richard Archer
September 26, 2017
Just because a company has a robust risk management system in place doesn't guarantee that it will actually manage risk well. An ineffective manager will mismanage risks, no matter how strong the risk management system is.
Communication Tips to Increase Auditor Effectiveness
By Chris Hollands
July 14, 2017
Most people think their driving is above average. That’s a statistical impossibility, of course, otherwise it wouldn’t be an average. Still, it’s what they believe and in one study, no fewer than 93% of Americans placed themselves in the top 50% of drivers.
So, Why Are You Still Not Using Data Analytics?
By Dave Coderre
June 29, 2017
Study after study has shown that data analytics is effective and efficient at detecting risk and identifying control weaknesses, non-compliance, and inefficient business processes. So why have some internal audit departments still not embraced it?
These Internal Auditors Aren’t Afraid to Get a Little Dirty
By Joe McCafferty
June 20, 2017
When Woodforest National Bank wanted to test whether employees were properly destroying physical data, it hit on an idea that would require internal auditors to roll up their sleeves and get messy.
Internal Auditors Say Their Departments Lack Some Important Skills
By Joe McCafferty
June 15, 2017
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
A Day in the Life of an IT Auditor: Tony Redlinger
By Joe McCafferty
June 15, 2017
Internal auditor spotlight with Tony Redlinger of IHS Markit: We recently sat down with Tony to talk about the challenges of being an IT auditor, what's next for cybersecurity, integrated auditing, and more.
Arial or Times New Roman – What’s Your Audit Report Font?
By Chris Hollands
June 13, 2017
I went to a client the other day to run a 'Report Writing' course and we discussed “House Style”, including the font choice for audit reports. They were, like many large organisations, very clear on what was and what was not acceptable.
Internal Audit Departments Struggle to Retain High Performers
By Joe McCafferty
June 08, 2017
Internal audit leaders continue to fret about hanging on to their top talent. In a recent survey, they ranked staffing concerns, including retention, as among their greatest worries.
2017: The Year of Computer-Generated Audit Reports?
By Chris Hollands
June 08, 2017
I was reading an interesting article the other day about Artificial Intelligence (AI) and cognitive computing. I thought it might be worth sharing some of the thoughts with you in case you had ever contemplated using automation in the compilation of one of your reports.
Is Internal Audit Neglecting Environmental, Health and Safety Risks?
By Joe McCafferty
June 01, 2017
BP paid more than $25 billion; Volkswagen shelled out $19 billion; Anadarko Petroleum, $5.1 billion; and GlaxoSmithKline ponied up $3.75 billion. No, these aren't prices paid for major acquisitions, they are the penalties these companies paid to resolve environmental, health, and safety issues during the last seven years with a raft of U.S. federal agencies.
Six Risk Resources You May Not Be Using, But Should
By Tom O'Reilly
June 01, 2017
One telling sign of a maturing internal audit department is when the CAE proposes audit topics that are organizationally-focused around key projects and initiatives (e.g. evaluating the make-or-buy decision for a material for a key part or performing an assessment of a recent new product introduction) versus a generic audit topic (e.g. payroll or procurement cards).
Is Social Media Killing Your Audit Reports?
By Chris Hollands
June 01, 2017
As regular readers will know, I run audit report writing courses for a living. For the past couple of years, I have included a small module I call "the hashtag generation". It was originally intended as a little light relief from the rigours of grammar but as time passes the subject has the potential to become a serious threat to the audit report.
Five Preventative Controls for Ransomware Attacks
By Joe McCafferty
May 24, 2017
The high-publicity WannaCry attack has many companies reviewing their protections against ransomware and other cybersecurity attacks. Here we provide five preventative controls that IT auditors should ensure are functioning properly.
The Oxford Comma - To Use in Audit Reports or Not?
By Chris Hollands
May 24, 2017
Being a Brit of a certain age and fortunate to have a very good English teacher in my early years I have always pushed back on the use of a comma before the word "and". Indeed. I spent the better part of 20 years working for American firms desperately trying to convince my betters in the US that they really shouldn't be there and removing them from audit reports.
While Internal Auditors Expect Budgets to Increase, It May Still Not Be Enough
By Joe McCafferty
May 18, 2017
After years of belt tightening and cost cutting, companies may finally be starting to increase budgets and staffing for internal audit. As part of our inaugural internal audit study on planning and staffing priorities, we asked internal auditors about the resources, including budget and staff, they are allocated and if they are sufficient to get the job done.
The Fight on Fraud
By Chris Hollands
May 18, 2017
I find myself reading a lot of information each week on the subject of fraud, in its many different forms, and it has started me thinking about what is the best way to address it. Everybody talks about putting controls in place to stop it, but do they really work?
What is 'Benford's Law'?
By Chris Hollands
May 11, 2017
Those of us who have been associated with audit and investigations in one form or another over the years will always be on the lookout for something that gives us the edge over the fraudster.
Six Best Practices of World Class CAEs
By Tom O'Reilly
May 11, 2017
It is not uncommon for CAEs to read thought leadership that highlights internal audit’s inability to meet stakeholder expectations and room for improvement (e.g. here, here, and here)...
Are You Ready for the New EU Data Privacy Protections?
By Joe McCafferty
May 03, 2017
In a little more than a year, U.S. companies that do business in Europe or have customers or employees there will need to comply with a new set of European Union data protection and privacy laws.
Four Communication Tips to Increase Internal Auditor Effectiveness
By Tom O'Reilly
May 03, 2017
Why do some internal auditors effectively prepare workpapers and write audit reports with ease, yet stumble when it comes to most other forms of communication?
FCA Says Reward Staff
By Chris Hollands
May 02, 2017
The FCA is encouraging firms to make cyber security training more interactive by introducing mock scams and rewarding sharp employees.
Four-Part Series: Creating a Customer Service Oriented Internal Audit Department
By Karen Kroll
April 25, 2017
More internal audit departments are calling the functions, units, and subsidiaries they audit by a new name—customers—and treating them as such.
To Reward or Not to Reward – The Very Important CAE Question
By Tom O'Reilly
April 25, 2017
The Apprentice, Top Chef, and Project Runway are three of the most successful reality TV competition shows in the United States. Each show highlights a cast of competitors trying to prove themselves to a panel of judges on how well they do their job.
What Internal Audit Leaders Can Do to Foster a Customer Service Approach
By Karen Kroll
April 20, 2017
Chief audit executives and directors are building teams that are out to change the perception of internal audit.
Auditing the Use of Open Source Software Code
By Joe McCafferty
March 29, 2017
If your organisation is developing applications, it's likely that some of the code is borrowed from open source software that can be found freely on the Internet. While such code makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that, if left unmanaged, could pose significant risks to the organisation.
Four Internal Audit Lessons from the United Airlines Viral Video Fiasco
By Joe McCafferty
March 29, 2017
United Airlines is no stranger to viral videos and social media kerfuffles that cast the company in a poor light. A video uploaded to YouTube in 2009 called "United Breaks Guitars" has more than 17 million views and its own Wikipedia page. And, of course, the now infamous, airline incident.
A Day in the Life of an Internal Audit Supervisor
By Joe McCafferty
March 29, 2017
Devin Potter is a Supervisor in the Risk Advisory Services business at RSM, where he has worked since 2014. We recently sat down with Devin to talk about the internal audit profession.
How to Make Sure Every Audit Focuses on What Matters Most
By Dr. Hernan Murdock
March 29, 2017
Internal auditors must focus their reviews, prioritize what to audit, and concentrate on what matters most to the business. Since there are often insufficient resources to cover the entire audit plan, internal auditors can no longer conduct sprawling or unclear audits looking under every rock hoping to find something somewhere.
Lines Blurring Between IT Audit and InfoSec Professionals
By Shawna Flanders
March 22, 2017
It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.
Trump’s Regulatory Rollback Could Include Changes to Sarbanes-Oxley
By Joe McCafferty
March 22, 2017
Less than two weeks after taking the oath of office, President Donald Trump set about fulfilling one of his more tangible and oft-repeated campaign promises: dismantling the Dodd-Frank Act.
Bridging Internal Audit's Talent Gap
By Joe McCafferty
March 22, 2017
Finding the right candidates to fill internal audit positions is getting more and more difficult. Which is why Thomas Sanglier, director of internal audit at Raytheon, has found a unique alternative.
Competition for Candidates Driving Internal Audit Pay Higher
By Joe McCafferty
March 15, 2017
The competition for internal audit talent remains fierce, pushing salaries for in-demand internal auditors ever so higher. Two new salary surveys out from recruiting and staffing companies find that salaries for internal auditors at all levels continue to grow at a brisk pace.
Understanding Risk-Based IT Audit Planning
By Fred Roth
March 08, 2017
Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization.
A Revolution in Risk Management
By Norman Marks
March 08, 2017
The management of risk, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives.
Tell Us How We Did: More Internal Audit Departments Surveying Auditees
By Karen Kroll
March 01, 2017
Over the past few years, more internal audit departments are seeking to shed their reputation as the company's monitors and provide more value and service to those they audit.
Five Reasons to Audit the Risk Management Function
By Joe Underwood
March 01, 2017
Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive.
A Novella Approach to Internal Audit
By Joe McCafferty
March 01, 2017
It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.
Help Wanted: Internal Audit Talent Gap Widening
By Joe McCafferty
February 22, 2017
A survey by the Big Four audit firm finds that a startling number of audit leaders are concerned about the skills and expertise their teams have to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support in the years ahead.
Do Millennials Really Require a Different Management Style?
By Joe McCafferty
February 22, 2017
Newsflash: Millennials don't stay in their jobs very long. They lack loyalty and focus. And they need oodles and oodles of positive reinforcement. Or so they say.
Where Bribery and Corruption Still Reign
By Joe McCafferty
February 22, 2017
The U.S. Department of Justice and the Securities and Exchange Commission (SEC) are on something of a roll lately in bringing corruption cases to fruition under the Foreign Corrupt Practices Act (FCPA).
Striving for Clear and Precise Language in Report Writing and Business Communications
By Joe McCafferty
February 15, 2017
We've all seen ambiguous and imprecise language in the business world, whether in standards and regulations, our own policies and requirements, or in everyday reports and memos.
The Customer Service Oriented Internal Audit Department(s)
By Karen Kroll
February 15, 2017
By now, we've probably all heard as much as we care to about the need for internal audit to move from acting as a policing function to that of a trusted business partner. Indeed, many have moved in this direction during the last several years.
Are You Building a Marketable Internal Audit Career? You Should Be!
By Daniel A. Clark
February 15, 2017
Whether we know it or not, as internal audit professionals, we all have a brand.
NIST Publishes Update to Its Cybersecurity Framework
By Joe McCafferty
February 08, 2017
The cybersecurity framework is used by many organizations for assessing and improving their systems to prevent, detect, and respond to cyber-attacks.
Study Finds Fractured Approach to Risk Management
By Joe McCafferty
February 08, 2017
A new report from the Ponemon Institute finds that many companies lack a cohesive approach to risk management..
Auditing Culture: Taking the Next Steps
By Joe McCafferty
February 01, 2017
Increasingly, fraud experts consider many high-profile cases of corporate wrongdoing not just to be a breakdown in the control structure of the organization, but also a failing of the company's culture.
Is the Backlash Against Non-GAAP Earnings Measures Receding?
By Joe McCafferty
February 01, 2017
The battle over the use of non-GAAP measures in financial reporting has been simmering for well over a year, but now it may be starting to cool off.
Ethics and the Internal Auditor
By Lynn Fountain
January 25, 2017
In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder and regulatory conversations.
Spotting Potentially Fraudulent Shell Companies During Audits
By Leonard W. Vona
January 25, 2017
In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder and regulatory conversations.
Audit Committees Expanding Audit Oversight Role
By Joe McCafferty
January 18, 2017
More than eight years removed from the start of the financial crisis that caused a full-on risk management freak-out across Corporate America, it appears that risk management programs are still not up to snuff.
What Internal Auditors Must Do To Remain Relevant
By Dr. Hernan Murdock
January 18, 2017
As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the board and senior management.
A Primer on Auditing The Internet of Things
By Shawna Flanders
January 18, 2017
As IT auditors, we've audited mainframes, servers, applications and many other IT devices/systems for years and have become proficient in determining the reasonable effectiveness of a company's suite of controls to safeguard them.
Four New Year's Resolutions for Every Internal Auditor
By Tom O'Reilly
January 11, 2017
As we say goodbye to 2016 and hello to 2017, it's a good time to reflect on last year's successes and missteps. The New Year provides a great chance to pause and consider some self-improvement opportunities and goals for the next 12 months.
Six IT Audit Hiring Mistakes Companies Make
By Joe McCafferty
January 11, 2017
IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.
The Problem with Most Audit Reports
By Norman Marks
January 11, 2017
How do our stakeholders on the board and in top management assess the value of internal audit? What do we give them? What do they have on which to base their assessment?
Survey Finds Directors Lack Understanding of Cyber-Risks
By Joe McCafferty
January 04, 2017
As board members look to set their agendas for 2017, many will include getting a better handle on cybersecurity among their top priorities.
Elevating Critical IT Risks to the Board and C-Suite
By Joe McCafferty
December 21, 2016
Communicating top risks to the board and C-suite is always tricky since it's such a critical area of involvement by the highest levels of the organization.
Finding and Retaining Top Internal Audit Job Candidates
By Joe McCafferty
December 21, 2016
Many companies are having a difficult time finding qualified staffers for the internal audit department or keeping their star performers from moving on to take other offers or to other departments.
SEC Sending a Message to Beef Up Whistleblower Protections
By Joe McCafferty
December 21, 2016
The SEC hit two separate companies with penalties for violating rules that prevent companies from asking outgoing employees in severance agreements to not bring concerns to regulators as a condition of the agreement.
Few Changes to Use of Non-GAAP Measures After SEC Warning
By Joe McCafferty
December 21, 2016
For more than a year, the SEC has been on something of a crusade against what it considers a swell in the misleading use of non-GAAP measures in financial reports.
MISTI on Audit: Auditing 'Tone at the Top'
By Joe McCafferty
December 14, 2016
Through their words and actions, the board and C-suite set the tone and shape the ethical culture that pervades the organization.
Who Should Evaluate the Performance of the Internal Audit Leader?
By Joe McCafferty
December 14, 2016
I wanted to call attention to an item that might have been a little lost in a recent report by the Institute of Internal Auditors Research Foundation. One survey in particular caught my eye.
Keeping Employees from Gaining Unauthorized Access to Inside Information
By Joe McCafferty
December 14, 2016
It's a nightmare scenario for any public company: An IT staffer gets a hold of senior executives' passwords and accesses sensitive non-public information like upcoming earnings reports, new products, etc. What next?
How Much Cyber-Risk Should We Take?
By Joe McCafferty
December 07, 2016
It's enough to make those responsible for information security at such companies want to throw up their hands and say, "we give up."
Pre-Implementation Audits: Waterfall vs Agile
By Joe McCafferty
December 07, 2016
Among the top responsibilities of IT auditors is auditing software and application development projects. As those projects have moved at some companies from a waterfall style, to agile, IT auditors have had to adapt.
MISTI on Audit: To Whom Should the CAE Report?
By Joe McCafferty
November 30, 2016
Reporting lines have always been complicated and tricky for chief audit executives and internal audit directors.
What Will the SEC Look Like Under Trump?
By Joe McCafferty
November 30, 2016
Like at most government agencies under the executive branch, change is coming to the Securities and Exchange Commission (SEC), as it prepares the transition to the Trump Administration.
Internal Audit Budgets May Finally Be Getting a Boost
By Joe McCafferty
November 30, 2016
Budgeting trends across Corporate America tend to look a lot like the undulating waistline of a yo-yo dieter.
Outside the Box, Out of the Comfort Zone and Right on Target
By Yves Froude
November 16, 2016
It's 4:00 p.m. on a Friday afternoon and you are already thinking about your weekend plans, when your manager walks into your office with "a simple request".
Too Much Data, Coming Too Fast?
By Joe McCafferty
November 16, 2016
Financial Executives are straining to keep up as the increasing volume and pace of data clouds and their ability to provide meaningful insights to boards quickly and accurately.
MISTI on Audit: The Benefits of Integrated Internal Auditing
By Joe McCafferty
November 16, 2016
Integrated auditing isn't a new idea. Organistions have tried to bring together specialized audit areas, such as finance, operations, and IT audit, and others for a long time.
How Silos Can Cause Risk-Management Headaches
By Joe McCafferty
November 09, 2016
Not all organizations are good at managing risk in a holistic way. It's easy for business units or functions that address risks to be guarded about their risk-management efforts or to reproduce what other parts of the company are already doing.
Who's the Boss? Chief Audit Executive Reporting Lines Still Blurred
By Joe McCafferty
November 09, 2016
To whom should the chief audit executive report? That question has perplexed companies for decades. Once an underling of the finance or legal departments, many companies have made the CAE a direct report to the CEO.
Focusing IT Audit on Machine Learning Algorithms
By Andrew T. Clark
November 09, 2016
Machine learning algorithms are permeating our world. With applications in banking, investing, social media, advertising, and crime prevention, to name a few, these 'little black boxes' are increasingly being used to inform and drive decisions about our lives and businesses.
Internal Auditors Under Pressure to Alter Reports
By Joe McCafferty
November 02, 2016
Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business.
MISTI on Audit: Internal Audit's Role in Detecting and Preventing Fraud
By Joe McCafferty
November 02, 2016
What is internal audit's role in finding fraud? One of the key activities of internal audit is to conduct a fraud risk assessment that identifies an organization's vulnerabilities to internal and external fraud.
Continuous Risk Assessment, Emerging Risks Top Priorities
By Joe McCafferty
October 12, 2016
As internal auditors begin the process of planning audits for 2017, they are also looking to refine that planning process, which, of course, depends a great deal on risk assessment.
Four Big Challenges Facing Internal Audit
By Joe McCafferty
October 06, 2016
There are several big challenges facing internal audit departments and still more facing the internal audit profession as a whole. Some of them represent opportunities as well as obstacles to overcome. The difficulty in filling internal audit positions with talented candidates, for example, has led to increases in pay for many internal auditors.
Time for More Reporting on Cybersecurity Efforts
By Joe McCafferty
October 06, 2016
There's a lot going around these days: viruses, malware, Trojans, ransomware, you name it. And if you're not careful, you could catch a nasty case of any of these inflictions.
As FCPA Cases Mount, Justice Department Offers a Path to Reprieve
By Thomas Fox
October 06, 2016
This year is sure to be one for the books for Foreign Corrupt Practices Act (FCPA) enforcement. By the end of June, there were more FCPA enforcement actions in 2016 than in all of 2015, and it doesn't appear that things will be slowing down anytime soon. The Fed's aggressive campaign against bribery and corruption rolls on.
How Technology Is Changing the Internal Audit Function
By Joe McCafferty
October 06, 2016
Whether it's data analytics; governance, risk, and compliance solutions; or planning and collaboration software packages, most internal audit departments are looking to improve their use of technology as they strive to do more with less.
Internal Audit Execs Fret Over Talent Gaps
By Joe McCafferty
September 29, 2016
One of the top challenges facing internal audit departments today is finding the right people with the right set of skills. Internal audit executives say that getting good job candidates is difficult and finding people with the complete set of talents for the modern internal audit department is even harder.
MISTI on Audit: Top Attributes of a World-Class Internal Audit Department
By Joe McCafferty
September 29, 2016
What are the characteristics that define a truly world-class audit department? Leading internal audit departments address emerging risks, embrace diversity of thought, communicate well, and are on the cutting edge of data analytics.
SEC Dings Weatherford $140 Million for Fraud Charge
By Joe McCafferty
September 29, 2016
The Securities and Exchange Commission (SEC) settled charges with oil services company, Weatherford International, that it inflated earnings by using deceptive income tax accounting. Two of the company's former senior accounting executives have also agreed to settle charges that they orchestrated the fraud.
Upping Your Fraud Detection Game
By Joe McCafferty
September 29, 2016
The Securities and Exchange Commission has taken action against several fraudsters over the past few days, including charges against a group of movie executives for making false claims about the construction of a movie studio and a man who is charged with registering several "blank check" companies.
FASB Proposes Changes to Hedge Accounting
By Joe McCafferty
September 15, 2016
The Financial Accounting Standards Board (FASB) has issued a new proposal that it says would make "targeted improvements" to the accounting guidance for hedging activities.
Bridging Internal Audit's Gender Gap
By Joe McCafferty
September 15, 2016
The road to equality for women in the internal audit profession has been a bumpy one. It's led to some higher plateaus, sure, but it also has left plenty of hills still to climb.
With Wells Fargo, It's Déjà Vu All Over Again
By Joe McCafferty
September 15, 2016
It's often said that the regulatory response to a large financial scandal or series of frauds will be swift and sweeping, and that it will do absolutely nothing to stop the next series of frauds or scandals.
Audit Once, Use Many: The Benefits of a HITRUST Certification
By Cathlynn Nigh
September 15, 2016
As you may have heard, healthcare organizations have been under attack during the last three-plus years by various types of malicious hackers.
How Internal Audit Can Be a Force for Good
By Joe McCafferty
September 08, 2016
It's not often that you hear about auditors and accountants in the same breath as aid workers, healthcare providers, or charity workers. Indeed, you won't find internal audit on Forbes' list of the 25 Most Meaningful Professions. And yet, internal audit can be a force for good.
Conducting Audits of Marketing and Media Programs
By Angela Saferite
September 08, 2016
Cash rebates, free media inventory rebates, mark ups from 30 to 90 percent, dual rate cards, and non-transparent business practices are all things that can keep senior audit managers and audit committee members of the board awake at night.
Internal Audit Pay Expected to Rise in 2017
By Joe McCafferty
September 08, 2016
Salaries of internal audit and IT audit professionals are expected to increase by an average of 3.9 percent in 2017, according to the latest annual salary guide from staffing firm Robert Half.
Making Culture into a Hard Science Tied to Risk Management
By Joe McCafferty
September 01, 2016
The Financial Crisis of 2008 cemented what many risk management experts have known for years: You can have an army of risk managers and all the sophisticated risk-management models and tools you like, but if there is something wrong with the culture of the organization and what we all now call the “tone at the top,” they won’t work.
Leveraging Diversity of Thought in Internal Audit
By Stefanie Diaz Thibeault
September 01, 2016
It's hard to justify recruiting great talent, investing in training, and passing on company knowledge, only to find that those recruits eventually leave for competitors because they didn't feel engaged. It's a story we've heard before.
Add 'Courage' to the List of Needed Internal Auditor Traits
By Joe McCafferty
September 01, 2016
For the last few years we've been hearing about the skills and traits needed for good internal auditors. The lists generally include things like communication skills, critical thinking, IT savvy, and business acumen. Add one more to the list: "courage."
SEC Pays $22 Million to Whistleblower Who Uncovered 'Well-Hidden' Fraud
By Joe McCafferty
September 01, 2016
The Securities and Exchange Commission (SEC) has awarded more than $22 million to a whistleblower this week, putting the agency over $100 million in total whistleblower bounties awarded since the program was established in February 2011 under the Dodd-Frank Act.
Kramer on Audit: Doing More with Less
By Joe McCafferty
August 25, 2016
Managing a small audit department is never easy. Covering a seemingly endless stream of risks with limited resources can be trying for any audit leader. Small audit department leaders must become experts in time management, stretching the budget, and focusing on what matters.
What Constitutes a Good Risk Culture?
By Joe McCafferty
August 25, 2016
Everyone knows that culture is set at the highest levels of the organization. We may all be tired of hearing about "tone at the top," but it's never been more important. Apart from influencing the culture of the organization as a whole, executives—especially the CEO—have a big role to play in setting the risk culture.
The Importance of Board Support to the Success of Internal Audit
By Jami Harris Shine
August 17, 2016
The role of internal audit in organizations is rapidly expanding as auditors move from being rule enforcers and compliance police to trusted advisors. Audit departments are being asked to audit culture, corporate strategy, and governance functions and are increasingly being consulted on key projects and business decisions.
Anti-Whistleblower Severance Agreement Lands Insurer in Hot Water
By Joe McCafferty
August 17, 2016
Companies might want to review their severance agreements and other employment contracts in light of a recent Securities and Exchange Commission (SEC) ruling. The SEC is taking issue with language that discourages employees or former employees from raising concerns about wrongdoing to its whistleblower office.
Data Analytics Still in Early Stages
By Joe McCafferty
August 11, 2016
Data analytics is supposed to be the great savior of the internal audit function. It has been heralded as the set of tools that will give organizations new insights into risk management, fraud, and corruption. It would free up internal auditors to use their skills on assessing non-traditional areas of the business and lower the cost of internal audit.
What's Next for Accounting Rulemaking?
By Joe McCafferty
August 11, 2016
The top U.S. accounting rulemaker is looking for more input on what projects it should tackle over the next few years as it moves into the post-convergence era of accounting rulemaking.
Positioning Internal Audit for the Future: A Global Perspective
By Joe McCafferty
August 11, 2016
One of the big themes of the Audit, Risk and Governance Africa conference held by MISTI in Accra last week was how to position internal audit for the future and how to ensure that the function continues to add value in the organization and remain relevant.
Big Challenges for Public Auditors in Africa
By Joe McCafferty
August 03, 2016
It's not easy to be an internal auditor at a public entity in Africa. "It takes a lot of bravery," said Graham Joscelyne, chair of the audit and ethics committee at the Global Fund to Fight Aids.
Add Internal Audit to Your List of Followers
By Karen Kroll
August 03, 2016
Social media sites are becoming a bigger part of most companies' plans to connect with customers and other stakeholders. And while sites like Twitter and Facebook can be powerful marketing tools, they are also fraught with risks.
Fraud Prevention Insights for Auditors
By H. David Kotz
August 03, 2016
In December 2007, I was appointed as the Inspector General of the Securities and Exchange Commission (SEC) and served in that capacity until January 2012. An IG is an internal watchdog for a governmental body with its primary purpose being to identify and reduce waste, fraud, and abuse in the agency. IGs supervise both internal audit and investigative units.
SEC Hits South American Airline with Bribery Charges
By Joe McCafferty
August 03, 2016
The Securities and Exchange Commission (SEC) has charged South American-based LAN Airlines with making illegal payments to attempt to settle a labor dispute, in violation of the Foreign Corrupt Practices Act.
Audit Leaders Uneasy About the Future of Internal Audit
By Joe McCafferty
July 27, 2016
A survey by the Big Four audit firm finds that a startling number of audit leaders are concerned about the skills and expertise their teams have to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support in the years ahead.
Auditing the Incident Response Plan
By Joe McCafferty
July 27, 2016
No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan.
FASB Wants Better Disclosure of Business Income Tax Information
By Joe McCafferty
July 27, 2016
The Financial Accounting Standards Board (FASB) issued a proposed Accounting Standards Update that is intended to enhance disclosure requirements on business income taxes.
Six Steps the Audit Committee Can Take To Empower Internal Audit
By Joe McCafferty
July 20, 2016
As Audit Committees work to strengthen how companies approach risk management, corporate reporting, cybersecurity, and other key areas, they are relying on internal audit to provide more value, greater oversight, and better communication about issues of concern.
Should Internal Audit Have A Bigger Cybersecurity Role?
By Joe McCafferty
July 20, 2016
There isn't a company out there, big or small, that doesn't have some concerns about cybersecurity. Some have called it the biggest problem of our time for companies. Given the potential for the types of disasters Target, Sony, and so many others have experienced, it's no surprise that internal audit has played an important role in ensuring that cybersecurity systems are in place and functioning.
The Factors That Contribute to Internal Audit 'Maturity'
By Joe McCafferty
July 20, 2016
A new research report from The IIA finds a wide variety of factors influence the maturity levels of internal audit functions around the world. The age and size of the internal audit function, industry type, organizational size, and other variables often influence how quickly internal audit functions can operate to deliver a high level of value.
Companies Woefully Unprepared for New Lease Accounting Standards
By Joe McCafferty
June 09, 2016
Just 10% of companies are prepared to adopt the new Financial Accounting Standards Board (FASB) lease accounting standards, according to a recent report by audit firm, Deloitte.
Audit Committees Expanding Audit Oversight Role
By Joe McCafferty
June 02, 2016
U.S. regulators have expanded the role of the Audit Committee in recent years to oversee the hiring and performance of the external auditor in the hopes of improving audit quality. In many ways, the U.S. was just catching up with audit governance practices that were already common in Europe.
Corruption's Toll on Companies Takes Many Forms
By Joe McCafferty
May 27, 2016
Companies are paying a huge price for worldwide corruption and bribery, even if they are adopting practices to fight against it. That's because the cost of corruption takes many forms, including loss of business to less scrupulous companies, regulatory requirements, and lost opportunities in regions where corruption risks are too high.
SEC Issues Guidance on Non-GAAP Reporting
By Joe McCafferty
May 27, 2016
The fury over the increasing use of non-GAAP accounting measures when companies report earnings is building, and now the Securities and Exchange Commission (SEC) is weighing in with some guidance on practices that are and aren’t acceptable.
Auditors, Beware the Ebbing Tide
By Joe McCafferty
May 27, 2016
Senior management and boards are asking internal audit to do a lot of things, and that is also a good thing. But financial reporting assurance can’t become an afterthought. If it does, you’ll likely get exposed. And when the tide goes out, that warm sunlight will be shining on places where it hasn't shined before.
Is the Non-GAAP Reporting Freak Out Justified?
By Joe McCafferty
May 12, 2016
Late last month, the New York Times proclaimed, "Fantasy Math Is Helping Companies Spin Losses into Profits." A headline on Yahoo! in March warned, "Companies haven't fudged their numbers this much since the financial crisis.
What Makes an IT Audit Shop World Class?
By Fred Roth
May 12, 2016
The massive cyber heist affecting more than 100 financial institutions in some 32 countries is only the latest in a spate of data security breaches worldwide.
SEC Pushes Along on Disclosure Reform
By Joe McCafferty
May 06, 2016
Earlier this month the Securities and Exchange Commission (SEC) took the next step in its year’s-long campaign to reform the vast dump of information we collectively call financial disclosure.
Class-Action Lawsuits Based on Accounting Woes Rising
By Joe McCafferty
May 06, 2016
While Valeant Pharmaceuticals continues to battle allegations of bookkeeping misdeeds, it's not the only company dealing with accounting problems. The number of class-action securities law suits based on allegations of accounting missteps increased for the third straight year in 2015, according to a new report from Cornerstone Research.
More Companies Are Outsourcing Internal Audit
By Joe McCafferty
April 29, 2016
Companies are increasingly turning to outside service providers to help out with their internal audit activities, especially when it comes to specialized work, according to a recent report. An annual survey of global internal audit professionals finds that, on average, one in three corporate internal audit departments worldwide outsource some of that work to third-party services.
What Audit Committees Really Want From Internal Audit
By Joe McCafferty
April 29, 2016
In this podcast, Joseph McCafferty, former head of audit content at MIS Training Institute, talks with Blythe McGarvie, an author, speaker and director on several corporate boards. She is also chair of the Audit Committee at Viacom.
Rethinking Basic Principles of Risk Oversight
By Matt Kelly
April 29, 2016
Risk assurance today is nothing like what it used to be. Gone are the early days of risk assurance, where the external audit firm inspected financial statements and corporate compliance officers (assuming your firm had one) worked strictly on regulatory filings. The board simply reviewed the accuracy of audit and regulatory filings, and then talked strategy with the CEO.
The Enforcement Discussion Doesn't Have To Be One-Sided
By Joe McCafferty
April 27, 2016
During the past several years that I have covered corporate compliance, auditing, accounting, and other functions that intersect with government regulation, the executives and company representatives I've talked to have always chosen their words very carefully. That is, when they choose to talk at all.
PCAOB Floats New Rules for Audits Involving Multiple Auditors
By Joe McCafferty
April 22, 2016
The Public Company Accounting Oversight Board has proposed changes to audit standards that would require lead auditors to provide better oversight and take more responsibility for audit work that they farm out to other audit firms.
In Search Of A New Data Security Model
By Joe McCafferty
April 21, 2016
Most information security experts aren't afraid to state bluntly: "We're losing the battle for information security." But then again, we already knew that. Near-daily headlines about the latest cyber-theft or data breach have made that pretty clear to most people
Audit Regulator Continues Push for Better Accounting
By Joe McCafferty
April 21, 2016
Last week the Securities and Exchange Commission approved a $258 million budget for the Public Company Accounting Oversight Board. The PCAOB acts as a check on accounting firms that conduct audits of public companies.
Auditing Corporate Culture: A New Imperative
By Jose Tabuena
April 21, 2016
The emerging flavor of the month in regulatory circles is the “culture of compliance” with recognition that corporate culture has a profound influence on how an organization conducts its business.
Five Steps to Planning an Effective IT Audit Programme
By Joe McCafferty
April 20, 2016
A new report finds that internal auditors increasingly directing risk-management efforts
Internal Auditors Assuming More Strategic Roles
By Joe McCafferty
April 14, 2016
Internal auditors are making progress at carving out a more strategic role for themselves and are gaining influence with management and the board at their organizations, according to a new report out earlier this month.
Corruption Risks Expected to Increase
By Joe McCafferty
April 14, 2016
Bad news for internal auditors, compliance executives, and risk managers who were hoping that bribery and corruption risks would start to subside after being on high alert for the last few years: they are actually increasing.
Four Common Contributors to Vendor Management Risk
By Joe McCafferty
April 07, 2016
When you outsource business processes you incur risk. And these days there are few companies that don't outsource at least some parts of their business. Getting a handle on these risks is vital, but not easily done.
Small Internal Audit Shops Struggle with Quality Reviews
By Joe McCafferty
April 07, 2016
No one doubts the value of conducting a Quality Assurance Review (QAR) to gauge how well the internal audit program is meeting its goals. Yet, for some companies a QAR is a luxury they cannot afford.
Cyber Security Becoming a Regular Part of Audit Plan
By Joe McCafferty
March 31, 2016
Discover the top 10 priorities for Internal Audit!
Dusting off Those Continuous Auditing Plans
By Fred Roth
March 31, 2016
Back in 1980, a popular accounting magazine asked: "Are we ready for continuous auditing?" That publication is no longer in circulation, but decades later, this question remains relevant.
What Audit Committees Want
By Joe McCafferty
March 31, 2016
Chief audit executives know the feeling of having to serve many masters. They have several constituencies they must answer to or advise—including management, business lines, regulators, and shareholders—all while retaining their independence to provide clear and objective views.
Protecting the Independence and Objectivity of CAEs
By Joe McCafferty
March 31, 2016
When The IIA proposed changes to its professional practice standards last month, it included new guidance for CAEs on measures they should take to safeguard their independence and objectivity when the job takes them outside the realm of traditional audit.
Hallmarks of a World-Class IT Audit Shop
By Fred Roth
March 24, 2016
As the use of information technology continues to proliferate, so do the associated risks organizations face. This article addresses the topic of what, specifically, constitutes a world-class IT audit department.
Survey Suggests Internal Audit Slow to Address Emerging Risks
By Joe McCafferty
March 24, 2016
A new survey from the Institute of Internal Auditors (IIA) suggests that internal audit departments are not changing fast enough to address emerging risks that lie outside the traditional purview of internal audit.
Expense Reporting Still a Common Place to Hide Bribery
By Joe McCafferty
March 17, 2016
This week the Securities and Exchange Commission settled a case with Mass.-based technology company PTC Inc. and its Chinese subsidiaries that could create new imperatives for internal audit practices and assurance of anti-bribery programs.
Internal Audit's Crucial Role in Anti-Bribery Programs
By Joe McCafferty
March 17, 2016
In this podcast, Joseph McCafferty, former head of audit content at MISTI, talks with Thomas Fox, an attorney who specializes in the Foreign Corrupt Practices Act and who edits the FCPA Compliance and Ethics blog.
High-Speed Growth Shouldn't Mean High Risk
By Joe McCafferty
March 17, 2016
Earlier this week, high-flying business software startup Zenefits got its wings clipped. The San Francisco-based company, which provides online tools to help small businesses manage their human resources and employee benefits functions, forced out its founder and CEO, Parker Conrad.
Changing Standards for a Changing Profession
By Joe McCafferty
March 10, 2016
How fast is the internal audit profession changing? So fast that its main professional association, the Institute of Internal Auditors (IIA), is planning to update its bedrock professional standards.
Internal Audit to Lean More on Outside Providers
By Joe McCafferty
March 02, 2016
Increasingly, companies are looking to third parties to provide internal audit services. A new study from the Institute of Internal Auditors finds that 56% of U.S. executives surveyed said their companies use third parties for some internal audit activity. That number is expected to climb, especially among large companies.
Don't Mute the Messenger
By Joe McCafferty
March 02, 2016
The buzz for the last few years now is that social media represents a unique risk that companies must manage, lest they leave their corporate reputations hanging out there for others to tweet all over them.
Bridging the Gap Between Enterprise Information Security and the Business
By Dave McPhee
February 25, 2016
Information security and the business need to be in a partnership, not a dictatorship with one party demanding the other follow certain rules and guidelines.
The Hallmarks of a Good (External) Audit
By Joe McCafferty
February 24, 2016
How can we tell if the external auditors are doing a good job? Often we can’t. Lots of companies have had large accounting and fraud issues blow up shortly after the external auditors issued a clean audit opinion.
Buyers Beware: Supply Chain Risks Intensifying
By Joe McCafferty
February 16, 2016
Can you be sure that your suppliers are on the up and up? Sounds like a job for internal audit. It’s every company’s worst nightmare: A call comes in to corporate communications from a reporter from 60 Minutes looking for a comment for a damaging piece they are airing in few weeks.
Integrating IT into the Internal Audit Process
By Fred Roth
February 10, 2016
Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing, an approach that can help them on both counts.
When Controls Do More Harm Than Good
By Joe McCafferty
February 10, 2016
In this podcast, Joseph McCafferty, head of audit content at MIS Training Institute, talks with Brian Barnier, a principal at ValueBridge Advisors and an OCEG fellow, about the role of controls in audit and risk management and their limitations.
Don't Lose Sight of the Basics
By Joe McCafferty
February 04, 2016
Think financial executives are most worried about cyber-security risks or the mounting new regulations they must navigate? Think again. While those are certainly big concerns, financial executives are, from a compliance and audit perspective, most worried about something much more mundane: internal controls over financial reporting.
Can You Audit Corporate Culture?
By Joe McCafferty
January 25, 2016
In this podcast, Joseph McCafferty, former head of audit content at the MIS Training Institute, sits down with Jose Tabuena, a former internal auditor and compliance executive at various companies including Orion Health and Texas Health Resources, to talk about the role of internal audit in influencing and shaping corporate culture.
Introducing the Good-Guy Stock Index
By Joe McCafferty
January 25, 2016
A group of global investors is hoping that convincing companies to adopt good governance standards—and avoid making decisions that provide a quick pop but don’t support long-term goals—can be a lucrative proposition.
The Whole World Is Watching - Are You?
By Joe McCafferty
January 22, 2016
Last Friday, the Securities and Exchange Commission’s whistleblower office announced an important first: It revealed the only award to date for aiding in the prosecution of securities fraud paid to an individual who had never worked at the company in question.
Beyond the Usual Suspects
By Joe McCafferty
January 20, 2016
Several studies have pointed recently to a shortage of skilled internal auditors. Some commentators have even referred to the difficulty organizations are having filling job openings and the competition for capable internal auditors as a “war for talent.”
Safety in Numbers - How Data Analytics Can Enable Internal Audits Ambitious Agenda
By Joe McCafferty
January 19, 2016
It’s no secret that internal audit is being pulled in several different directions these days and that the demands on the function are greater than they have ever been. A partial solution to the mounting workload has been available for years now, but audit shops have been slow to embrace it.
Are You Getting Value for Money Out of Your Employee Screening Programme?
By Jenny Reid
January 14, 2016
Hiring new employees is a delicate balance between finding someone that’s the right fit for the position as well as the right fit for the company itself.
Dispelling the Myth of the Introverted Internal Auditor
By Joe McCafferty
January 12, 2016
You’ve heard the jokes, I’m sure: “How do you tell an extroverted accountant? He’s the one that looks at your shoes when he’s talking to you.” The idea that accountants and, by association, auditors are introverts is, of course, a long-standing trope born in the days of the back-office bean counter.
Encouraging Stronger Adoption of PCI DSS Compliance
By Gill Woodcock
October 27, 2015
You want be to secure, you need to be PCI DSS compliant. Too many companies see these as two different goals, and maybe even have different departments and people looking at them. Or worse still, they treat PCI DSS compliance as a box to be ticked, involving the least amount of time, money and effort possible.
If Your Security Architecture Is Largely Based on Protective Measures, Think Again
By Dr. Martin Stemplinger
October 15, 2015
It seems that hardly a day goes by without news coverage of a high-profile data breach or successful attack. All these organisations employ security teams that do their best to secure their IT environment, although some organisations may lack the necessary focus on security or simply don't provide sufficient budget. Nevertheless, why do all these data breaches occur?
The Changing Face of Cybercrime
By Mark Johnson
October 02, 2015
The more things change, the more they stay the same, or so it seems. Naive users share their passwords with the world, senior managers expose printed confidential material to the gaze of the news media, systems stay unpatched and vulnerable to hackers for months or years, while more than half the population continues to visit dodgy websites that serve up all manner of malware infections.
(ISC)² Security Congress EMEA
By Chris Clarke
September 16, 2015
Building on the success of the first EMEA Congress and suggestions from our members/community, the second Annual (ISC)² Security Congress EMEA will offer attendees six tracks of member presentations, together with panel discussions, keynotes and interactive sessions to inform and update all those involved in IT and information security - whatever their skill level and specialism.
The newest feature from MISTI - our blog!
By Chris Clarke
September 16, 2015
We are very excited to introduce the newest feature of the MISTI website – the “MISTI blog”. Here you will gain insights into not just who MISTI is – but compelling, valuable resources and information for Internal Auditing, Risk Management, Fraud and Corruption and Information Security.