Filings involving company announcements of internal control weaknesses hit highest level in 10 years

By Joseph McCafferty

April 19, 2016

While Valeant Pharmaceuticals continues to battle allegations of bookkeeping misdeeds, it's not the only company dealing with accounting problems. The number of class-action securities law suits based on allegations of accounting missteps increased for the third straight year in 2015, according to a new report from Cornerstone Research. There were 71 such class-actions in 2015, up from 69 in 2014.

Accounting-based class-actions continued to costs companies a bundle, too. Accounting case settlement dollars reached $2.6 billion in 2015. Not only did the number of accounting case filings increase in 2015, the market capitalization losses associated with those filings jumped as well," said Elaine Harwood, a vice president of Cornerstone Research and head of the firm's accounting practice.

Keep reading...

A bank anti-fraud Executive's open memo to the Justice Department is a too-rare example of plain talk on regulation

By Joseph McCafferty

April 13, 2016

During the past several years that I have covered corporate compliance, auditing, accounting, and other functions that intersect with government regulation the executives and company representatives I've talked to have always choose their words very carefully. That is, when they choose to talk at all.

I understand the discretion. You can't be too cautious when you're speaking to a journalist about how you may or may not be dealing with all the many issues that can get you in trouble with the government. I generally don't expect too much candor when companies are talking about how they handled an internal fraud, an instance of potential corruption, or whether or not they are doing all they can to combat inhumane practices by suppliers around the globe. Those are not going to be free-wheeling conversations.

Keep reading...

Audit regulator wants lead auditor to provide better oversight on farmed out audit work

By Joseph McCafferty

April 12, 2016

The Public Company Accounting Oversight Board has proposed changes to audit standards that would require lead auditors to provide better oversight and take more responsibility for audit work that they farm out to other audit firms. It also wants to impose a more uniform approach to the lead auditor's supervision of other auditors and has proposed a new auditing standard for situations in which the lead auditor divides responsibility for the audit with another firm.

When auditing a multinational company, lead auditors often seeks the help of other firms or individual accountants to complete the audit. According to the PCAOB, other auditors are used in about 55 percent of audits performed by large U.S. audit firms.

Keep reading...

Information security expert Jeffrey Ritter says the current risk-management model is irreparably broken

By Joseph McCafferty

April 6, 2016

Most information security experts aren't afraid to state bluntly: "We're losing the battle for information security." But then again, we already knew that. Near-daily headlines about the latest cyber-theft or data breach have made that pretty clear to most people.

"It's broken and it's not getting better," said Jeffrey Ritter, author and University of Oxford lecturer. During a keynote presentation this week at InfoSec World, an information security conference, Ritter explained that the current model of information security, based on risk management, isn't working. "Risk Management is dead as a business discipline, we just don't know it yet," he said.

Keep reading...

ISACA issues guide to conducting IT audits

A new report from global IT association ISACA identifies five steps organizations should take to create an effective audit program and reap the benefits of a successful information systems audit.

IT audits help enterprises ensure the secure and reliable operation of the systems that are critical to organizational success. The effectiveness of the audit depends largely on the quality of the audit program, according to a new ISACA report, titled Information Systems Auditing Tools and Techniques: Creating Audit Programs.

Keep reading...

How to work with your board to define risk and compliance objectives

By Matt Kelly

March 30, 2016

Risk assurance today is nothing like what it used to be.

Gone are the early days of risk assurance, where the external audit firm inspected financial statements and corporate compliance officers (assuming your firm had one) worked strictly on regulatory filings. The board simply reviewed the accuracy of audit and regulatory filings, and then talked strategy with the CEO.

Keep reading...

Audit committees aren't always getting the data and information they are looking for

Podcast

 

March 30, 2016

In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, talks with Blythe McGarvie, an author, speaker and director on several corporate boards. She is also chair of the audit committee at Viacom.

According to McGarvie, there is some truth to reports that show a gap between the information internal audit departments are providing and what audit committees are looking for. She says that while most internal audit executives provide accurate and useful information, it can always be better. She says the audit committee is looking for more information on the potential underlying problems that can cause specific incidents.

Keep reading...

New report finds effective communication, supervision are keys to make third-party audits work

March 28, 2016

Companies are increasingly turning to outside service providers to help out with their internal audit activities, especially when it comes to specialized work, according to a recent report.

An annual survey of global internal audit professionals finds that, on average, one in three corporate internal audit departments worldwide outsource some of that work to third-party services. And North American companies have the highest rate of using third parties for internal audits, with 56 percent of responding firms relying on outside services.

Keep reading...

PCAOB Outlines Ambitious Agenda After Budget Hike

By Joseph McCafferty

March 22, 2016

Last week the Securities and Exchange Commission approved a $258 million budget for the Public Company Accounting Oversight Board. The PCAOB acts as a check on accounting firms that conduct audits of public companies.

That’s right, we spend a whopping quarter of a billion dollars to check the checkers who check the accounting of public companies. That is, of course, after their own internal audit departments check it first.

Keep reading...

Thought bribery and corruption risks were subsiding? Think again.

By Joseph McCafferty

March 17, 2016

Bad news for internal auditors, compliance executives, and risk managers who were hoping that bribery and corruption risks would start to subside after being on high alert for the last few years: they are actually increasing.

According to a new survey conducted by Kroll, a risk-management consulting firm, and Ethisphere, which promotes ethical business practices, 40 percent of all compliance officers surveyed believe their company's bribery and corruption risks will increase in 2016. These senior-level ethics and compliance professionals cited two primary factors as contributing to increased corruption risks: global expansion and an ever-increasing number of third-party business relationships.

Keep reading...

A new report finds that internal auditors increasingly directing risk-management efforts

By Joseph McCafferty

March 15, 2016

Internal auditors are making progress at carving out a more strategic role for themselves and are gaining influence with management and the board at their organizations, according to a new report out earlier this month.

Securing a place as a trusted adviser to the board and management—long a goal of the internal audit profession—involves providing services beyond assurance. According to results from the Common Body of Knowledge (CBOK) 2015 Stakeholder Study, conducted by The Institute of Internal Auditors Research Foundation (IIARF) and Protiviti, that is exactly what is happening. The study suggest stakeholders are eager to expand internal audit's role to encompass risk identification and management.

Keep reading...

Resources and lack of IT capabilities create big barriers to getting QAR done for some.

By Joseph McCafferty

March 9, 2016

No one doubts the value of conducting a Quality Assurance Review (QAR) to gauge how well the internal audit program is meeting its goals.

In fact, a QAR is part of the requirements to meet to The Institute of Internal Auditors professional standards. In accordance with The IIA's standards, "The chief audit executive must develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity." (The QAIP requirement is known as Standard 1300.)

Keep reading...

Here are four of the biggest blunders that can cause outsourced service relationships to backfire.

By Joseph McCafferty

March 8, 2016

As Donald Trump is quickly finding out, when you outsource business processes you incur risk. And these days there are few companies, if any, that don’t outsource at least some parts of their business. Many farm out critical functions, such as the manufacture of products they ultimately emblazon their names on. (Sometimes in large gold letters.)

Getting a handle on these risks is vital, but not easily done. Large, complex companies can have thousands of third parties and vendors that they do business with. These relationships increase risks, including bribery and corruption, business disruption, reputational damage, and many others.

Keep reading...

Technology issues dominate list of top internal audit priorities

By Joseph McCafferty

March 2, 2016

A new survey by consulting firm Protiviti finds that more companies are evaluating cyber-security risks as part of their annual audit plans.

According to the survey, "Arriving at Internal Audit's Tipping Point Amid Business Transformation," nearly three out of four companies (73 percent) now include cyber-security risk in their internal audits, a 20 percent increase from when the survey was last conducted.

Keep reading...

An old idea is getting a fresh look as technology and organizations evolve

By Fred Roth

March 2, 2016

Back in 1980, a popular accounting magazine asked: "Are we ready for continuous auditing?" That publication is no longer in circulation, but decades later, this question remains relevant.

The idea of auditors assessing controls on a continuous basis is certainly not a new idea. The Sarbanes-Oxley Act of 2002 had tremendous impact to that effect, forcing management teams across the board to take steps towards achieving continuous auditing.

Keep reading...

IIA's proposed standards changes urge internal audit leaders and boards to further safeguard objectivity

By Joseph McCafferty

March 2, 2016

When The Institute of Internal Auditors proposed changes to its professional practice standards last month, it included new guidance for chief audit executives on measures they should take to safeguard their independence and objectivity when the job takes them outside the realm of traditional audit duties.

The proposal is both an acknowledgement of the evolving role of internal audit and the department's leaders inside companies, as well as the realization of the need for some better protections against the possibility that internal audit leaders drink the Kool-Aid of "results at all costs," or become compromised by other conflicts.

Keep reading...

New reports suggest internal audit isn’t providing boards with the intelligence they really seek

By Joseph McCafferty

March 1, 2016

Chief audit executives know the feeling of having to serve many masters. They have several constituencies they must answer to or advise—including management, business lines, regulators, and shareholders—all while retaining their independence to provide clear and objective views.

The most important overseer of internal audit is the audit committee and the audit committee chair (at least at companies that care about governance). Generally, the audit committee helps set the agenda for the internal audit department, oversees and provides support, and intervenes on disputes or conflicts with management.

Keep reading...

Common attributes that move some IT audit departments from good to great.

By Fred Roth

February 18, 2016

As the use of information technology continues to proliferate so do the associated risks organizations face.

The massive cyber heist affecting more than 100 financial institutions in some 32 countries is only the latest in a spate of data security breaches worldwide. Losses from the attack, disclosed in February 2015, eventually could exceed $1 billion. During the past 10 years, hackers have infiltrated millions of files of customers at eBay, Target, Sony, Heartland Payment Systems and others.

Keep reading...

While some charge complacency, resources may be the real problem

By Joseph McCafferty

February 17, 2016

A new survey from the Institute of Internal Auditors (IIA) suggests that internal audit departments are not changing fast enough to address emerging risks that lie outside the traditional purview of internal audit.

The survey highlights four areas—cybersecurity, data analytics, auditing culture, and developing interpersonal skills—where it found that corporate internal audit shops were lagging behind in keeping up with fast-paced organizational changes that bring emerging risks.

Keep reading...

Lessons for Internal Audit from the SEC’s Latest FCPA Enforcement Action

By Joseph McCafferty

February 16, 2016

This week the Securities and Exchange Commission settled a case with Mass.-based technology company PTC Inc. and its Chinese subsidiaries that could create new imperatives for internal audit practices and assurance of anti-bribery programs.

PTC agreed to pay more than $28 million to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act (FCPA). An SEC investigation found that two Chinese subsidiaries of PTC provided non-business related travel and other improper payments to various Chinese government officials in an effort to win business.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.