A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 20, 2016

A new report sheds light on the proactive tactics companies are using to reduce and mitigate audit fees, the SEC continues its crack down on the use of non-GAAP figures, and deficient internal accounting controls result in a $1 million penalty for General Motors.

Read more ...

IoT devices are making their way into the office and onto corporate networks. Are you ready to audit them?

By Shawna Flanders

January 18, 2016

As IT auditors, we've audited mainframes, servers, applications, and many other IT devices and systems for years and have become proficient in determining the reasonable effectiveness of a company's suite of controls to safeguard them. Today, a new breed of interconnected devices, affectionately called the Internet of Things or IoT, is presenting new auditing opportunities along with a few challenges.

These devices, which include smart TVs and lots of other devices that can now be found in many coporate offices, do not follow the typical rules of those we've historically attached to our networks. They have firmware instead of operating systems, for example, and many can be used on both home and personal area networks (HAN/PAN), as well as in our corporate networks. They also use a different communications protocol which focuses far more on customer satisfaction than on security.

Read more ...

New survey puts risk management atop the list of audit committee concerns

By Joseph McCafferty

January 18, 2017

More than eight years removed from the start of the financial crisis that caused a full-on risk management freak-out across Corporate America, it appears that risk management programs are still not up to snuff despite the intense focus on them, at least not from the audit committee's perspective.

Audit committees, which are responsible for overseeing the risk-management apparatus at many companies, generally say they aren't satisfied with how those systems are functioning. According to a new survey by KPMG's Audit Committee Institute, the effectiveness of the risk management program topped the list of issues that survey participants view as "posing the greatest challenges to their companies."

Keep reading...

January 11, 2017

Planning for the upcoming SuperStrategies and AuditWorld 2017 conferences is in full swing with the opening of the Call for Speakers period and announcement of the dates and venue.

SuperStrategies and AuditWorld 2017 will take place November 14-16, 2017 at Planet Hollywood Las Vegas Resort & Casino. The events will be held together under one roof, offering sessions, workshops, and summits on a range of topics for internal auditors of all levels.

Keep reading...

A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 13, 2016

The Department of Justice signals a shift in their stance regarding FCPA remediation efforts, compliance officer liability concerns increase following the charges Volkswagen arrests, and a new survey indicates risk management is a top concern for audit committees.

Read more ...

Seven priorities that should be on every internal auditor's 'to-do' list

By Hernan Murdock

January 13, 2016

As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the board and senior management. While many internal auditors find it difficult to keep up with the cycle of risk-and-control reviews, there is no alternative. Failure to demonstrate how we add value will eventually result in stakeholders viewing internal audit as irrelevant.

The following actions are crucial to avoid this outcome.

Read more ...

Hiring and retaining top IT audit talent has never been harder, but hiring mistakes can only complicate the issue

By Joseph McCafferty

January 11, 2017

IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.

That means it's more important than ever to have a robust recruiting and retention program for IT audit to keep star performers from leaving for other jobs. It's also important to hire the right candidates and communicate with them well so that the organization and the IT auditors they hire are both on the same page. Johnathan Ngah, a principle at Synergy EnterPrize LLC, a staffing company that specializes in IT auditor recruitment says that a poor recruiting process can leads to problems later on. "If you miss on the front end of the hiring process, you need a lot of luck to make it up on the back end," he said.

Keep reading...

Internal audit reports do the function a great disservice

By Norman Marks

January 11, 2017

How do our stakeholders on the board and in top management assess the value of internal audit? What do we give them? What do they have on which to base their assessment? While they probably rely to a great deal on their direct interaction with the chief audit executive (CAE) and perhaps some of his or her team, the primary internal audit product is the audit report.

Let me state the problem as I see it. The typical audit report is boring. The typical audit report does not provide the reader on the board or in top management with the information they need to run the organization. The typical audit report is documentation of the work performed and results obtained. It conveys what we want to say rather than what the leaders of the organization need to know.

Keep reading...

What we learned at the conference for IT Audit and Controls

January 11, 2017

Several themes emerged during this year's IT Audit and Controls (ITAC) 2016 event, which was held in December in New Orleans, as IT auditors gathered to learn and exchange ideas on successful strategies and to gain insights on major trends and developments in IT audit. From the four keynote talks and panel discussions and 27 breakout sessions, it is clear that IT audit is evolving rapidly and several aspects, including data analytics and cybersecurity, present substantial challenges.

Many speakers referred to some overarching trends in IT audit, including the need to add more value and enable innovation not hinder it, the difficulty IT audit has in communicating to stakeholders, and the challenges of hiring professionals with the right mix of skills for the department. Some speakers cited the opportunity for IT audit to act as a bridge between technologists and business units and management.

Keep reading...

It’s time to reflect on our successes and past missteps and resolve to improve in 2017

By Tom O’Reilly

January 10, 2016

10, 9, 8, 7......Happy New Year! 

As we say goodbye to 2016 and hello to 2017, it’s a good time to reflect on last year’s successes and missteps. The New Year provides a great chance to pause and consider some self-improvement opportunities and goals for the next 12 months.

While it may be hard to believe that any internal auditor has missed opportunities or made mistakes (definitely not you), those who take the time to reflect on their missteps have the opportunity to improve not only themselves but also the service their departments provide. If improving Internal audit’s service is important to you, then the following four New Year’s resolutions should be on the top of your and every internal auditor’s list this year.

Read more ...

A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 6, 2016

The new head of the SEC is announced, an audit report uncovers misspent funds tied to Colorado's Obamacare exchange, and the PCAOB's revamped auditing standards take effect. This and more in a collection of the top internal audit news items of the week.  


Read more ...

In a survey by the National Association of Corporate Directors many board members admit they need to improve their knowledge of cybersecurity

By Joseph McCafferty

January 4, 2017

As board members look to set their agendas for 2017, many will include getting a better handle on cybersecurity among their top priorities. They will be looking for information security and risk professionals to provide an accurate assessment of the critical cyber-risks the organization faces. IT audit also has a role to play in assessing that a cybersecurity risk management process is in place and functioning properly and communicating that to the board and management.

Keep reading...

A week-long series of internal audit courses provides internal auditors the opportunity to fill gaps in their portfolio of skills

January 4, 2017

If your New Year's resolution includes elevating your audit skills, mark your calendars. Internal auditors will have the opportunity to get up to speed on several topics, including many IT audit options, all in one week as MISTI's Training Week heads to the Bay Area.

The week-long series of seminars will take place from February 6-12 at the MicroTek Computer Lab in San Francisco. Internal auditors can choose from among twelve courses, including such foundational courses as Fundamentals of Internal Auditing, IT Auditing and Controls, and Root Cause Analysis for Internal Auditors.

Keep reading...

A conversation with risk management and internal audit expert Norman Marks

Interview by Joseph McCafferty

January 3, 2017

The consequences of a cyber-attack—including a hit to reputation, lost customers, diminished credibility, and the cost of repairing the damage, just to name a few—are such that companies will do everything they can to defend against them. That is, of course, everything within reason and considering they have limited resources to spend on cybersecurity.

So where do you draw the line? Risk expert, Norman Marks, who has served as chief audit executive at several large companies, says thinking about how to answer that questions can provide new insights into the difficulty of managing the vast threat of cyber-attacks and data breaches. He says companies tend to be reactive, throwing money at every weakness they find, rather than considering the bigger picture and spending limited resources where they will do the most good.

Keep reading...

It's been a busy year for internal audit. Below are the top 10, most read articles from MISTI's Internal Audit Insights for 2016:

1. Auditing Corporate Culture: A New Imperative

The emerging flavor of the month in regulatory circles is the “culture of compliance,” with recognition that corporate culture has a profound influence on how an organization conducts its business. A culture that consistently places ethical considerations and client interests at the center of business decisions helps protect employees as well as investors and the integrity of the markets. Conversely, significant cultural failures can impose substantial harm on companies themselves including fines, penalties, and loss of reputation. more...

2. Internal Auditors Under Pressure to Alter Reports

Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business. A new report indicates, however, that it's an all-too-common occurrence. more...

Keep reading...

In two separate actions this week, the SEC objected to language in severance agreements that encourage outgoing employees to keep quiet

By Joseph McCafferty

December 21, 2016

The Securities and Exchange Commission hit two separate companies this week with penalties for violating rules that prevent companies from asking outgoing employees in severance agreements to not bring concerns or other information to regulators as a condition of the agreement. The SEC has warned in the past that such language in separation agreement is a violation of whistleblower protections.

On Monday, the SEC announced that a technology company had agreed to pay a penalty of $180,000 to settle charges involving its severance agreements that impeded at least one former employee from communicating information to the SEC.

Keep reading...

Seminar will provide auditors will the skills to lead audits and direct an audit team to get results

December 21, 2016

Starting in January expect the gyms to be packed as many people look to make good on their New Year's resolution to get in shape and shed those few extra pounds they may have picked up during the holidays. It's also time to exercise those audit muscles and bulk up on the audit skills you need to advance in your career.

MIS Training Institute will provide an excellent chance to do just that early in the year with its seminar, Advanced Auditing for the In-Charge Auditor, which will take place from February 6-8 in San Francisco. The course, instructed by Kathleen Crawford, will provide attendees with all of the elements involved in leading risk-based audits from the unique perspective of the in-charge position.

Keep reading...

Report finds no drop in the number of companies using non-GAAP figures, but some minor adjustments in how they use them

By Joseph McCafferty

December 20, 2016

For more than a year, the SEC has been on something of a crusade against what it considers a swell in the misleading use of non-GAAP measures in financial reports. The agency not only issued comment letters to several companies questioning and criticizing their use of the figures, several agency officials disparaged the practice in a series of speeches, where they suggested that some companies are pushing the envelope on using non-GAAP measures in financial reports. The SEC was so miffed at how Valeant pharmaceuticals has used non-GAAP measures that it dinged the company twice through comment letters.

In May, the regulator attempted to influence how companies use the figures by issuing new guidance in the form of a Compliance & Disclosures Interpretations document that provided 39 questions and answers on what the SEC would consider acceptable and what it would take issue with. Using metrics in financial statements that aren't approved by Generally Accepted Accounting Principles (GAAP) isn't necessarily a violation of reporting rules, the guidance points out, but using them to mislead investors is a violation of the rules, the SEC warned.

Keep reading...

A conversation with Marius Bosman, IT audit director at Ball Corporation

Interview by Joseph McCafferty

December 19, 2016

Communicating top risks to the board and C-suite is always tricky since it's such a critical area of involvement by the highest levels of the organization. Communicating IT risks can be even more challenging since directors and top executives aren't always sophisticated in technology areas. Information security and risk professionals must be sure they communicate in a way that will convey an accurate assessment of the critical IT risks without using too much "techie talk," or IT jargon.

Cybersecurity is such a critical issue that it is on most board agendas and a top concern of the CEO. IT auditors have a role to play in helping establish what the key IT risks are and how the organization is doing at managing them. This is one area that directors and the executive team are sure to push back on and probe for any weaknesses in the risk assessment.

Keep reading...

North American companies lag their international peers when it comes to having the audit committee, rather than the CEO, evaluate the performance of the chief audit executive

By Joseph McCafferty

December 14, 2016

I wanted to call attention to an item that might have been a little lost in a recent report by the Institute of Internal Auditors Research Foundation. While the major findings of the report—that many internal auditors say they have faced pressure to alter audit findings—was well reported, one survey result was not: that companies in North America lag well behind their international peers when it comes to having the audit committee, rather than the CEO, evaluate the performance of the chief audit executive.

According to the CBOK report, Ethics and Pressure: Balancing the Internal Audit Profession, just 38 percent of North American chief audit executive respondents said they were evaluated by the audit committee, board, or supervisory committee, compared to 61 percent who said their performance was evaluated by the CEO, president, or other senior executive. Those figures are well below the global average of about 50/50, and the lowest of any region.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.