When a consultant couldn't find positive portrayals of internal auditors in fiction, he decided to create his own

By Joseph McCafferty

February 22, 2017

It's safe to say that popular culture hasn't been kind to internal auditors. The few references to the profession in television, movies, and books either confuse them with accountants or portray them as disliked corporate stooges or nerdy paper-pushers.

This non-existent or negative portrayal so bothered Wa'el Bibi, a former internal auditor and current internal audit consultant, that he decided to do something about it. Bibi authored a short book of fiction, The Internal Auditor, which includes a hero internal audit protagonist who draws on his full complex of talents to uncover a burgeoning corporate fraud and save the day.

Keep reading...

A brief look at this week's news insights that impact internal auditors

February 17, 2017

Congress is being pressured to soften a Sarbanes-Oxley rule by business groups, Shadow IT is slowing down the adoption of the cloud thanks to a shortage in cybersecurity skills, and internal audit departments are becoming more customer service oriented. This and more in this edition of This Week in Internal Audit

Read more ...

More internal audit shops are treating auditees as customers, emphasizing service and value

By Karen Kroll

February 14, 2017

By now, we've probably all heard as much as we care to about the need for internal audit to move from acting as a policing function to that of a trusted business partner. Indeed, many have moved in this direction during the last several years.

Now, some internal audit departments are looking to take the concept to the next level and treat the business units, functions, and process owners they audit as customers. They are ensuring not only that a thorough audit is completed that provides assurance and enables better decision-making, but that the auditees—now called customers—are happy with the audit work, face minimal disruption during the audit, and are treated with the care and concern typically reserved for paying customers.

Read more ...

A conversation with Jeffrey Ritter, information governance expert and author of Achieving Digital Trust

Podcast

Interview by Joseph McCafferty

February 13, 2017

We've all seen ambiguous and imprecise language in the business world, whether in standards and regulations, our own policies and requirements, or in everyday reports and memos. Words like "adequate," "reasonable," "suitable," and "appropriate" pervade business writing, especially when it comes to setting rules and standards, including those that internal auditors must provide assurance over.

Jeffrey Ritter a data security and governance expert and lecturer at John Hopkins University and University of Oxford, says it's no accident that business writing is littered with confusing and imprecise language. "The goal is to be intentionally ambiguous," says Ritter. He says such language allow us to take shortcuts and avoid the hard work of being precise. He says it also keeps one group from having to learn the business vocabulary of another or to really understand what they are trying to say at a detailed level.

Keep reading...

A brief look at this week's news insights that impact internal auditors

February 10, 2017

How the internal audit function can take steps in addressing the talent gap tied to the department, artificial intelligence attempts to perform the auditor's job, and why managing one's individual brand is essential for internal auditors. This and more in this edition of This Week in Internal Audit

Read more ...

There's real value in managing your individual brand as an internal auditor

By Daniel A. Clark

February 9, 2017

Whether we know it or not, as internal audit professionals we all have a brand.

Chief audit executives may have a more established brand, while upwardly mobile internal auditors are likely still working to establish their brands. We may have created it haphazardly through actions that others interpret or painstakingly built it through a structured process. Either way, this brand, like all brands, conveys a lot of information about us—positive and negative—can be easily damaged, takes a long time to build, and is a critical component of how others perceive us, including the person on the other side of the desk at your next job interview.

Read more ...

By Shawna Flanders

February 7, 2017

Is it historic or historical? Mass or weight? Mean or average? Coke or Pepsi?

The items in these pairs are similar to each other and certainly related, but have important distinctions that make them different in how they are defined and applied (or in that last case, enjoyed). The same can be said about information security and cybersecurity. These topics are related and can easily be confused. They are different, however, and understanding these differences may help internal auditors decide what to audit, how much assistance they will need during the audit, and how they provide assurance to the board of directors and executive management teams.

Keep reading...

Newest version addresses online supply chain risk management and use of metrics

By Joseph McCafferty

February 6, 2017

Last month, the National Institute of Standards and Technology issued a new update to its Framework for Improving Critical Infrastructure Cybersecurity. The cybersecurity framework is used by many organizations for assessing and improving their systems to prevent, detect, and respond to cyber-attacks. While it was first intended as a framework for protecting critical infrastructure such as the electrical grid and roads and bridges, many companies have adopted it as a blueprint for managing cybersecurity risks.

The updated framework provides new details on managing online supply chain risks and also clarifies some additional terms and measurement methods for cybersecurity. According to NIST, a unit of the Commerce Department that promotes industry measurement standards, the updated framework "aims to further develop NIST's voluntary guidance to organizations on reducing cybersecurity risks."

Keep reading...

Most companies still manage risk in silos and don't have a clearly defined strategy, report finds

By Joseph McCafferty

February 6, 2017

A new report from the Ponemon Institute finds that many companies lack a cohesive approach to risk management.

According to the study, "The Imperative to Raise Enterprise Risk Intelligence," three-quarters of the risk management professionals surveyed said their organizations don't have a clearly defined risk management strategy that applies across the full company. Of those, a third (33 percent) said they didn't have a clearly defined strategy at all, and another 43 percent said that while the strategy was defined, it was not applied to the entire enterprise.

Keep reading...

A brief look at this week's news insights that impact internal auditors

February 3, 2017

Tips to ensure that the internal audit function performs optimally, circumstances where internal auditors can receive SEC whistleblower awards, and a new study indicates organizations are more concerned about brand reputation than cyber attacks when it comes to risk management. 

Read more ...

Pressure may be easing on companies that prefer to use unsanctioned measures when reporting earnings

By Joseph McCafferty

February 1, 2017

The battle over the use of non-GAAP measures in financial reporting has been simmering for well over a year, but now it may be starting to cool off. New leadership at the SEC may be less inclined to pursue non-GAAP as an issue, and accounting's top rule maker says he's open to rethinking the rules around the use of the unsanctioned metrics.

Companies commonly report financial measures that don't conform to Generally Accepted Accounting Principles (GAAP). A company may think that it's important to include or exclude certain amounts to give what it considers a more accurate picture of performance or to provide greater insight into the business, even when accounting rules require a different computation. The use of non-GAAP metrics isn't necessarily a violation of reporting rules, but using them to mislead investors is. Companies must also reconcile the non-GAAP measures to GAAP and report those figures as well.

Keep reading...

A week-long series of internal audit courses provides internal auditors the opportunity to fill gaps in their portfolio of skills

February 1, 2017

Despite the phrase "what happens in Vegas stays in Vegas," there are some events that take place there that you'd be happy to take with you and apply in your professional life. In March, we will offer just such an event, as MISTI's Training Week heads to the City of Lights.

The week-long series of seminars will take place from March 13-17 at the Flamingo Las Vegas. Internal auditors can choose from among 11 courses, including such foundational courses as Fundamentals of Internal Auditing, IT Audit School, and Intermediate IT Audit School.

Keep reading...

A conversation with Alec Arons, national practice leader of advisory services at Experis Finance

Podcast developed in partnership with Experis Finance

Interview by Joseph McCafferty

January 30, 2017

Increasingly, fraud experts consider many high-profile cases of corporate wrongdoing—like the phony accounts scandal that plagued Wells Fargo last year—not just to be a breakdown in the control structure of the organization that should have prevented the ability to commit such fraud, but also a failing of the company's culture, which should have prevented the motivation to commit such fraud.

Many companies are now taking a harder look at the culture of the organization and how such elements as "tone at the top," incentives and rewards, the communication of values, and other factors combine to influence executives and employees to do the right thing or to stray from the path. A logical step in this focus is conducting a culture audit.

Keep reading...

A brief look at this week's news insights that impact internal auditors

January 27, 2017

A CFA Institute study examines the trade-offs in non-GAAP financial measures, Western Union admits to having a flawed corporate culture, and a trio of whistleblowers is awarded more than $7 million by the SEC. 

Read more ...

A risk management audit may spur new ideas and prompt improvement in how risks are managed

By Joe Underwood

January 27, 2017

Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive.

If a separate risk management department does not exist, the role of internal audit in risk management is even more important as fewer resources are dedicated to the process of identifying and evaluating risks and ensuring appropriate risk responses are intact. With this in mind, here are five ways organizations can benefit from having internal audit evaluate the risk management function.

Read more ...

Seven things you should do today to help protect your privacy and seven more for the office

By Shawna Flanders

January 25, 2017

We love our national holidays and, with a little help from Twitter, those lesser known, quirky commemoratives like national doughnut day, national left-handers day, and national roller-coaster day are making their way into our collective awareness.

This Saturday, January 28, is Data Privacy Day, which is intended as a day to raise awareness and promote good data privacy practices. While those in positions related to risk, technology, audit, and security, should be preaching and promoting good data privacy habits every day of the year, Data Privacy Day offers a unique opportunity to drive home the best practices message.

Read more ...

January 25, 2017

MIS Training Institute has launched a survey to gather the views of internal auditors on what areas they are auditing and what their priorities are in 2017. The survey is currently open and we are inviting North American internal auditors to complete it.

The survey, which is being conducted in partnership with Experis, explores what areas internal auditors are planning to audit, what skills and competencies they value most, and what incentives are most effective at recruiting and retaining top talent in their internal audit departments.

Keep reading...

Internal auditors are often put in positions where they must make difficult and uncomfortable inquiries. A strong ethical environment can help.

By Lynn Fountain

January 24, 2017

In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder, and regulatory conversations.

Meanwhile, companies continue to look for ways to emphasize the importance of strong ethics, integrity, and proper conduct and seek strategies to embed processes within their organizational structure. Yet, as we know, incidents of bad behavior still occur. It is an ever-evolving phenomenon. Once we find the answer to address a specific issue, another question or problem arises.

Read more ...

A methodology for using data analytics and other techniques to detect shell entities

By Leonard W. Vona

January 24, 2017

Boards of directors, stockholders, management teams, and professional standards all expect internal auditors to respond to the risk of fraud in core business systems. Within a company's accounts payable file, shell companies are being used to steal millions of dollars from companies or to conceal bribery payments which violate anti-bribery and corruption laws. The purpose of this article is to explain our methodology and experiences in detecting shell companies without a lead or clue as where to look in a company's database.

Read more ...

A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 20, 2017

A new report sheds light on the proactive tactics companies are using to reduce and mitigate audit fees, the SEC continues its crack down on the use of non-GAAP figures, and deficient internal accounting controls result in a $1 million penalty for General Motors.

Read more ...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.