By Karen Kroll

April 25, 2017

More internal audit departments are calling the functions, units, and subsidiaries they audit by a new name—customers—and treating them as such. They are approaching these internal audit customers with consideration for their schedules and concerns, inviting their input during the planning and scoping phases, looking for other ways in which their auditing skills can be an asset to the organization, and often taking on initiatives that fall outside the traditional scope of internal audit.

Read more ...

By Tom O'Reilly

April 24, 2017

The Apprentice, Top Chef, and Project Runway are three of the most successful reality TV competition shows in the United States. Each show highlights a cast of competitors trying to prove themselves to a panel of judges on how well they do their job. The end of each show features the judges’ assessment and feedback of each competitor, which then ultimately decides their fate, or reward.

Read more ...

Chief audit executives and directors are building teams that are out to change the perception of internal audit

By Karen Kroll

April 17, 2017

NOTE: This is part four of a four-part series on treating auditees as customers. See part one, The Customer Service Oriented Internal Audit Department, part two, Tell Us How We Did: More Internal Audit Departments Surveying Auditees, and part three, Turning Front-Line Internal Auditors into Customer Service Envoys.

Adopting a customer service mindset for internal audit starts at the top. Chief audit executives and other internal audit leaders who want to change the perception of internal audit must create a culture of treating auditees as customers that includes changes to internal audit processes, communication of what is expected of rank-and-file internal auditors, and examples of taking a customer service approach through actions.

Read more ...

Incident serves as reminder for internal auditors to assess customer facing processes

By Joseph McCafferty

April 13, 2017

United Airlines is no stranger to viral videos and social media kerfuffles that cast the company in a poor light. A video uploaded to You Tube in 2009 called "United Breaks Guitars" has more than 17 million views and its own Wikipedia page. Just last month, a Twitter-storm erupted over how United treated two young girls, after a gate agent objected to the leggings they were wearing and barred them from boarding the plane until they changed.

Yet when fellow passengers filmed a man being violently dragged off a plane, screaming with blood dripping down his face, and it quickly circulated on Facebook, Twitter, and Chinese social media site Weibo earlier this week, it was immediately clear that this was different. There was no humorous song to write or much of a moral principle to debate, this was just wrong. Horrible, actually, for United, as well as its victimized customer, who ended up in a Chicago-area hospital.

Keep reading...

A new report from the IIA finds many companies could do more to provide assurance over EHS

By Joseph McCafferty

April 10, 2017

BP paid more than $25 billion; Volkswagen shelled out $19 billion; Anadarko Petroleum, $5.1 billion; and GlaxoSmithKline ponied up $3.75 billion.

No, these aren't prices paid for major acquisitions, they are the penalties these companies paid to resolve environmental, health, and safety issues during the last seven years with a raft of U.S. federal agencies, including the Environmental Protection Agency, the Occupational Safety and Health Administration, and 11 others that deal with EHS issues. Such sums have nearly threatened the ability of these companies and several others to continue as a going concern. To say that EHS risks were substantial in these cases is, of course, a Deep-Water-Horizons-sized understatement.

Keep reading...

Leading internal audit departments are empowering their teams to handle auditees with the same care as they would treat customers

By Karen Kroll

April 6, 2017

NOTE: This is part three of a four-part series on treating auditees as customers. See part one, The Customer Service Oriented Internal Audit Department, and part two, Tell Us How We Did: More Internal Audit Departments Surveying Auditees.

First-rate internal audit departments are working to foster better relationships and achieve smoother audits by treating process owners and others in the functions and departments they audit more like customers. For the strategy to work, they must ensure that internal auditors in the field—those staffers and audit seniors who interact most with auditees—are prepared and empowered to act as customer service agents.

Read more ...

A conversation with Dan Tsang, director of internal audit at Expedia

Podcast

Interview by Joseph McCafferty

April 4, 2017

In this digital age online marketing activities, including e-mail marketing, search engine advertising, and social media are among the most important ways to connect with customers and promote products and services. Such activities also come with strategic and reputational risks. Forward-thinking companies are conducting a thorough internal audit of online marketing efforts to ensure that they are getting what they pay for and managing the risks.

We recently spoke to Dan Tsang, director of internal audit of Expedia, about why companies should audit the digital marketing program, how to get started on such an audit, and what to look for regarding key risks.

Keep reading...

Stakeholders are sending a clear message to internal audit to step up its game

By Joseph McCafferty

March 30, 2017

A recent report by PwC is making some waves in the internal audit community. The study, "State of the Internal Audit Professional," found that less than half (44 percent) of the board members and company executives it surveyed think that internal audit adds significant value, down from 54 percent last year. The news is likely to sound alarm bells among internal audit leaders who believed they were making progress on the goal of adding value, not regressing.

The PwC report notwithstanding, many internal audit departments are increasing the value they add to the business. Indeed, the same study found that 18 percent of respondents say the internal audit function "plays a valuable role in helping their companies anticipate and respond to business disruption."

Keep reading...

Preparing a comprehensive risk and control matrix can help internal auditors focus on providing assurance on the key risks

By Hernan Murdock

March 27, 2017

Internal auditors must focus their reviews, prioritize what to audit, and concentrate on what matters most to the business. Since there are often insufficient resources to cover the entire audit plan, internal auditors can no longer conduct sprawling or unclear audits looking under every rock hoping to find something somewhere.

An audit is a complex undertaking that requires internal auditors to examine documents, speak with employees, observe business practices, and evaluate controls in business programs and processes. Given these dynamics, is there a document that organizes what needs to be understood and provides a clear roadmap for effective testing? Yes, there is. It's called the Risk and Control Matrix (RCM), and if you aren't taking the time to assemble one, you should.

Read more ...

Internal Auditor Spotlight with Devin Potter of RSM

By Joseph McCafferty

March 23, 2017

Devin Potter is a Supervisor in the Risk Advisory Services business at RSM, where he has worked since 2014. We recently sat down with Devin to talk about the internal audit profession.

Q: What do you like most about being an internal auditor?
A. I really enjoy having a sense that I’m improving things. Our primary role is to provide assurance that business risks are managed as management would expect. But if I can finish an internal audit project and at the end of it, we can provide insights that improve the business for my clients, while helping them manage risk at the same time, then I am adding enhanced value.

Keep reading...

With as much as 50 percent of some applications based on open source code, companies must ensure they are meeting compliance obligations

By Joseph McCafferty

March 22, 2017

If your organization is developing applications, it's likely that some of the code is borrowed from open source software that can be found freely on the Internet. While such code makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that, if left unmanaged, could pose significant risks to the organization. Conducting an audit of the use of open source software code can help companies get a handle on this emerging risk area.

Keep reading...

Employers are looking for more certifications and a broad work experience, even as they struggle to fill these evolving positions

By Shawna Flanders

March 17, 2017

We all know IT audit is about providing assurance of the reasonable effectiveness of IT processes and controls, while information security is focused on the protection of data and information assets in all forms. While these differences are stark, do you have an appreciation of the distinctive characteristics that set IT auditors apart from information security professionals?

Are IT auditors more assessment oriented and information security professionals more technically savvy? Do information security professionals know the details better, while IT auditors are better at understanding the business applications of information technology?

Keep reading...

Congress to consider easing of SOX 404, along with repeal of several Dodd-Frank provisions

By Joseph McCafferty

March 16, 2017

Less than two weeks after taking the oath of office, President Donald Trump set about fulfilling one of his more tangible and oft-repeated campaign promises: dismantling the Dodd-Frank Act, passed in 2010 in response to the banking failures that brought about the financial crisis a few years before.

On February 3, Trump signed an executive order urging regulatory agencies to review recent regulation, such as Dodd-Frank, and ensure that the rules align with a list of "core principles" that include fostering economic growth and enabling American companies to be competitive with foreign firms. Missing from that list of principles was achieving stability in the financial markets, which was the main intent of Dodd-Frank.

Keep reading...

Companies are also looking for higher-quality hires and specific skill sets

By Joseph McCafferty

March 10, 2017

The competition for internal audit talent remains fierce, pushing salaries for in-demand internal auditors ever so higher. Two new salary surveys out from recruiting and staffing companies find that salaries for internal auditors at all levels continue to grow at a brisk pace.

A report from recruiting firm Parker + Lynch finds that the average internal audit director will earn an average of $163,000 in 2017 in total cash compensation, up from $145,200 in 2015 when the survey was last conducted. That puts the rate of growth at 6 percent annually, well above the average 2.8 percent wage increases for all professions over that time projected by the ERI Economic Research Institute.

Keep reading...

Customer service oriented internal audit departments are conducting surveys after audits to improve their own processes

By Karen Kroll

February 28, 2017

This is part two of a four-part series on how internal audit departments can benefit from a customer-service approach to auditing. See, part one, The Customer Service Oriented Internal Audit Department.

Over the past few years, more internal audit departments are seeking to shed their reputation as the company's monitors and provide more value and service to those they audit. But how does internal audit know if it's meeting those goals? Some are simply asking.

Read more ...

A brief look at this week's news insights that impact internal auditors

February 24, 2017

How important information governance is during restructuring planning, IT security budgets are on the rise in 2017, and how the treasurer of a Swiss technology firm may be to blame for a $100 million shortfall in the company's 2016 results. This and more in this edition of This Week in Internal Audit.

Read more ...

When a consultant couldn't find positive portrayals of internal auditors in fiction, he decided to create his own

By Joseph McCafferty

February 22, 2017

It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.

This non-existent or negative portrayal so bothered Wa'el Bibi, a former internal auditor and current internal audit consultant, that he decided to do something about it. Bibi authored a short book of fiction, The Internal Auditor, which includes a hero internal audit protagonist who draws on his full complex of talents to uncover a burgeoning corporate fraud and save the day.

Keep reading...

A brief look at this week's news insights that impact internal auditors

February 17, 2017

Congress is being pressured to soften a Sarbanes-Oxley rule by business groups, Shadow IT is slowing down the adoption of the cloud thanks to a shortage in cybersecurity skills, and internal audit departments are becoming more customer service oriented. This and more in this edition of This Week in Internal Audit

Read more ...

More internal audit shops are treating auditees as customers, emphasizing service and value

By Karen Kroll

February 14, 2017

This is part one of a four-part series on how internal audit departments can benefit from a customer-service approach to auditing. See part two, Tell Us How We Did: More Internal Audit Departments Surveying Auditees.

By now, we've probably all heard as much as we care to about the need for internal audit to move from acting as a policing function to that of a trusted business partner. Indeed, many have moved in this direction during the last several years.

Now, some internal audit departments are looking to take the concept to the next level and treat the business units, functions, and process owners they audit as customers. They are ensuring not only that a thorough audit is completed that provides assurance and enables better decision-making, but that the auditees—now called customers—are happy with the audit work, face minimal disruption during the audit, and are treated with the care and concern typically reserved for paying customers.

Read more ...

A conversation with Jeffrey Ritter, information governance expert and author of Achieving Digital Trust

Podcast

Interview by Joseph McCafferty

February 13, 2017

We've all seen ambiguous and imprecise language in the business world, whether in standards and regulations, our own policies and requirements, or in everyday reports and memos. Words like "adequate," "reasonable," "suitable," and "appropriate" pervade business writing, especially when it comes to setting rules and standards, including those that internal auditors must provide assurance over.

Jeffrey Ritter a data security and governance expert and lecturer at John Hopkins University and University of Oxford, says it's no accident that business writing is littered with confusing and imprecise language. "The goal is to be intentionally ambiguous," says Ritter. He says such language allow us to take shortcuts and avoid the hard work of being precise. He says it also keeps one group from having to learn the business vocabulary of another or to really understand what they are trying to say at a detailed level.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Adv. Persistant Threat 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.