Common attributes that move some IT audit departments from good to great.

By Fred Roth

February 18, 2016

As the use of information technology continues to proliferate so do the associated risks organizations face.

The massive cyber heist affecting more than 100 financial institutions in some 32 countries is only the latest in a spate of data security breaches worldwide. Losses from the attack, disclosed in February 2015, eventually could exceed $1 billion. During the past 10 years, hackers have infiltrated millions of files of customers at eBay, Target, Sony, Heartland Payment Systems and others.

Keep reading...

While some charge complacency, resources may be the real problem

By Joseph McCafferty

February 17, 2016

A new survey from the Institute of Internal Auditors (IIA) suggests that internal audit departments are not changing fast enough to address emerging risks that lie outside the traditional purview of internal audit.

The survey highlights four areas—cybersecurity, data analytics, auditing culture, and developing interpersonal skills—where it found that corporate internal audit shops were lagging behind in keeping up with fast-paced organizational changes that bring emerging risks.

Keep reading...

Lessons for Internal Audit from the SEC’s Latest FCPA Enforcement Action

By Joseph McCafferty

February 16, 2016

This week the Securities and Exchange Commission settled a case with Mass.-based technology company PTC Inc. and its Chinese subsidiaries that could create new imperatives for internal audit practices and assurance of anti-bribery programs.

PTC agreed to pay more than $28 million to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act (FCPA). An SEC investigation found that two Chinese subsidiaries of PTC provided non-business related travel and other improper payments to various Chinese government officials in an effort to win business.

Keep reading...

Fast Growth Without Compliance and Audit Scaffolding Is a Disaster Waiting to Happen

By Joseph McCafferty

February 11, 2016

Earlier this week, high-flying business software startup Zenefits got its wings clipped.

The San Francisco-based company, which provides online tools to help small businesses manage their human resources and employee benefits functions, forced out its founder and CEO, Parker Conrad. Conrad’s transgression? He neglected to put the proper internal processes, controls, and compliance practices in place.

Keep reading...

Taking a risk-based approach to IT audit can help focus limited resources on the real threats.

By Fred Roth

April 10, 2016

Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization. However, internal audit departments can help shed light on the issue through risk-based IT audit planning.

One way of looking at the subject is simply put: There are no IT risks as such. Rather, it is all about business risks and how IT might impact the business.

Keep reading...

By Fred Roth

February 5, 2016

Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing, an approach that can help them on both counts.

The concept of integrated auditing, which first emerged during the 1970s to address the growing gap between business and technology auditors, has many definitions. A good one characterizes it as a synchronized effort between business audit and technical audit in order to provide application audit coverage of key business risks.

Keep reading...

IIA proposes needed changes to professional standards amid evolving role of internal audit

By Joseph McCafferty

February 4, 2016

How fast is the internal audit profession changing? So fast that its main professional association, the Institute of Internal Auditors (IIA), is planning to update its bedrock professional standards. It says the current standards no longer meet the realities of how the internal audit world is changing.

Earlier this week the IIA proposed changes to its International Standards for the Professional Practice of Internal Auditing, which guide effective and acceptable professional practices and behaviors.

Keep reading...

Are many controls wasteful, distracting, and even harmful? This risk expert thinks so.

Podcast

 


February 3, 2016

In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, talks with Brian Barnier, a principal at ValueBridge Advisors and an OCEG fellow, about the role of controls in audit and risk management and their limitations. According to Barnier, although controls are the centerpiece of many audit, compliance, governance, and risk-management programs, they are often ineffective. He says they are difficult to implement, maintain, and use and often don’t work. They can even be harmful, Barnier says, since they can offer a false sense of security.

Keep reading...

A new study shows companies plan to outsource more internal audit activities

By Joseph McCafferty 
January 29, 2016

Internal audit is becoming, well, less internal.

Increasingly, companies are looking to third parties to provide internal audit services. A new study from the Institute of Internal Auditors finds that 56 percent of the North American executives surveyed said their companies use third parties for some internal audit activity. That number is expected to climb, especially among large companies. That’s because 28 percent of North American respondents said they were increasing internal audit outsourcing budgets, while 56 percent said they would remain the same.

Keep reading...

A new poll finds financial executives are losing sleep over an old concern: financial controls.

By Joseph McCafferty 
January 28, 2016

Think financial executives are most worried about cyber-security risks or the mounting new regulations they must navigate? Think again.

While those are certainly big concerns, financial executives are, from a compliance and audit perspective, most worried about something much more mundane: internal controls over financial reporting. It’s the blocking and tackling of the internal audit domain, and audit shops that lose focus on the basics will find their forays into other areas of the business are counterproductive.

Keep reading...

Social media isn’t really its own risk, but it sure can amplify underlying ones

By Joseph McCafferty 
January 27, 2016

The buzz for the last few years now is that social media represents a unique risk that companies must manage, lest they leave their corporate reputations hanging out there for others to tweet all over them.

We’ve all heard the cases: the viral video of the pizza-chain employee adding an ingredient that, ahem, isn’t listed in the formal recipe book; the tweets about the recorded call of the cable company service rep insulting customers and refusing to let them cancel their service; the nonprofit that gets hammered on Facebook and other social media outlets after a senior executive makes an unpopular and seemingly politically-motivated decision, alienating its core constituency.

Keep reading...

Internal Audit can play a large role in shaping a culture of compliance

Podcast

 


January 22, 2016

In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, sits down with Jose Tabuena, a former internal auditor and compliance executive at various companies including Orion Health and Texas Health Resources, to talk about the role of internal audit in influencing and shaping corporate culture.

Keep reading...

Investor Group Hopes to Promote Good Governance and Long-Term Thinking With New Index

By Joseph McCafferty 
January 22, 2016

A group of global investors is hoping that convincing companies to adopt good governance standards—and avoid making decisions that provide a quick pop but don’t support long-term goals—can be a lucrative proposition.

Six large pension plans and sovereign-wealth funds are joining to create an index, called the S&P Long-Term Value Creation Global Index, that is comprised of companies that “have demonstrated the ability to manage both current and future economic and governance opportunities and risks by focusing on a long-term strategy,” stated S&P Dow Jones Indices, which is managing the index.

Keep reading...

How do you know if the audit firm is providing value with a quality audit?

By Joseph McCafferty 
January 21, 2016

How can we tell if the external auditors are doing a good job? Often we can’t. Lots of companies have had large accounting and fraud issues blow up shortly after the external auditors issued a clean audit opinion.

Yet the question remains for the audit committee: How do we know the audit firm is providing value with a quality audit? This is a question that the Center for Audit Quality (CAQ) has worked to shed light on for years. 

Keep reading...

What the SEC's first outsider whistleblower award means for internal audit

By Joseph McCafferty 
January 20, 2016

Last Friday, the Securities and Exchange Commission’s whistleblower office announced an important first: It revealed the only award to date for aiding in the prosecution of securities fraud paid to an individual who had never worked at the company in question.

It's an important development. Until now, all of the SEC's whistleblower awards have been paid to individuals who were working for the company at some point before they tipped off the agency about potential frauds at their employers.

Keep reading...

Having trouble finding talented individuals to fill internal audit roles? Maybe you’re looking in the wrong places.

By Joseph McCafferty 
January 15, 2016

Several studies have pointed recently to a shortage of skilled internal auditors. Some commentators have even referred to the difficulty organizations are having filling job openings and the competition for capable internal auditors as a “war for talent.”

Hyperbole aside, they aren’t much off the mark. A survey of 444 chief audit executives published last year by The Institute of Internal Auditors (IIA) found that companies are having trouble filling internal audit job openings. More than half of the respondents (54 percent) cited increased competition for a limited pool of candidates as a major concern.

Keep reading...

Can you be sure that your suppliers are on the up and up? Sounds like a job for internal audit.

By Joseph McCafferty 
January 13, 2016

It’s every company’s worst nightmare: A call comes in to corporate communications from a reporter from 60 Minutes looking for a comment for a damaging piece they are airing in few weeks.

That’s exactly what happened to flooring retailer Lumber Liquidators last year. The show ended up running a segment about how the company was selling potentially unsafe laminated flooring in the United States that it sourced from a supplier in China. 60 Minutes, acting on a tip from a short seller, claimed the flooring contained dangerous levels of toxic formaldehyde, a chemical that is known to cause cancer.

Keep reading...

By Joseph McCafferty 
January 12, 2016

It’s no secret that internal audit is being pulled in several different directions these days and that the demands on the function are greater than they have ever been. A partial solution to the mounting workload has been available for years now, but audit shops have been slow to embrace it. Is it time to give automation and advanced data analysis a closer look? 

Keep reading...

By Joseph McCafferty 
January 11, 2016

You’ve heard the jokes, I’m sure: “How do you tell an extroverted accountant? He’s the one that looks at your shoes when he’s talking to you.”

The idea that accountants and, by association, auditors are introverts is, of course, a long-standing trope born in the days of the back-office bean counter. It’s a misnomer that’s been difficult to shake, even as internal auditors have risen in importance and influence in most organizations, and companies have staffed audit departments with well-rounded, dynamic professionals.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.