A brief look at this week's news insights that impact internal auditors
February 3, 2017
Tips to ensure that the internal audit function performs optimally, circumstances where internal auditors can receive SEC whistleblower awards, and a new study indicates organizations are more concerned about brand reputation than cyber attacks when it comes to risk management.
Ensuring the Internal Audit Function Performs Optimally
Carrying the responsibility of improving the organization’s governance, management controls, and risk management is a tall order, but there are ways to assure the internal audit function runs at peak performance. To combat the high turnover that internal audit departments sometimes experience, working with HR to build a pipeline of candidates, in addition to prompting employees to rotate from other departments, can develops a culture of shared risk management. Internal auditors should also ensure they have a seat at the strategic planning table, which allows them to offer valuable viewpoints given their ties to the organization’s current processes and controls should any acquisitions take place or new systems get introduced.
Internal Auditors Can Obtain SEC Whistleblower Awards
Under the SEC's Whistleblower Program, internal auditors are eligible for awards in certain circumstances. Since the SEC recognizes that internal auditors and compliance personnel are among those in the best position within the organization to expose fraud, Section 21F-4 of the Securities Exchange Act allows them to receive and award if they disclose information about a fraud that could cause “substantial injury” to the financial interest of investors. Additionally, internal auditors are subject to a reward if they believe the business is engaging in conduct that will impede an investigation, or if 120 days have passed since they disclosed the information internally.
Questions to Ask When It's Time for an IoT Implementation
As IoT initiatives continue at many companies to improve the bottom line and internal operations, the internal audit function should work off of a checklist to prepare for any risks associated with such projects. The focus areas should include questions related to the IT organization and the IT strategy, in addition to inquiries tied to security, compliance, and governance. Perhaps one of the most important sections would include organizational buy-in, which should focus on defining the business value case for the IoT initiative and developing a team focused on the project.
Report: Reputational Risk Is a Bigger Concern than Cyber Attacks
A new study that surveys 641 individuals involved in risk management activities within their business ranks their biggest fears as it relates to risk management. In the study, conducted by the Ponemon Institute, “The Imperative to Raise Enterprise Risk Intelligence,” 63 percent of respondents said that brand damage was their biggest concern, while security breaches and business disruption tied for second place. Of the individuals surveyed, only 24 percent indicated that their organization had a risk management strategy in place, while one-third had no defined strategy at all.
Former Och-Ziff Executives Charged with FCPA Violations
Two former executives at Och-Ziff Capital Management Group are facing monetary penalties for allegedly violating the Foreign Corrupt Practices Act (FCPA). The SEC charges allege that Michael Cohen, head of Och-Ziff’s European office, and Vanja Baros, who leads Africa-related deals, caused millions of dollars in bribes to be paid to government officials in Africa, according to an SEC release. The alleged misconduct resulted in the Libyan Investment Authority sovereign wealth fund to invest in Och-Ziff managed funds. The bribery scheme involved agents and partners to pay bribes to high-ranking foreign government officials.
Is the Backlash Against Non-GAAP Earnings Measures Receding?
Pressure may be easing on companies that prefer to use unsanctioned measures when reporting earnings. New leadership at the SEC may be less inclined to pursue non-GAAP as an issue, and accounting’s top rule maker says he’s open to rethinking the rules around the use of the unsanctioned metrics. Companies have recently increased their use of non-GAAP metrics, and some have pushed the envelope on what could be considered an acceptable use of the disclosure tactic. But after an SEC crackdown, the regulator’s campaign has started to recede, and recent developments indicate the Financial Accounting Standards Board may be willing to make some changes to its rules.