Resources and lack of IT capabilities create big barriers to getting QAR done for some.

By Joseph McCafferty

March 9, 2016

No one doubts the value of conducting a Quality Assurance Review (QAR) to gauge how well the internal audit program is meeting its goals.

In fact, a QAR is part of the requirements to meet to The Institute of Internal Auditors professional standards. In accordance with The IIA's standards, "The chief audit executive must develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity." (The QAIP requirement is known as Standard 1300.)

Keep reading...

Here are four of the biggest blunders that can cause outsourced service relationships to backfire.

By Joseph McCafferty

March 8, 2016

As Donald Trump is quickly finding out, when you outsource business processes you incur risk. And these days there are few companies, if any, that don’t outsource at least some parts of their business. Many farm out critical functions, such as the manufacture of products they ultimately emblazon their names on. (Sometimes in large gold letters.)

Getting a handle on these risks is vital, but not easily done. Large, complex companies can have thousands of third parties and vendors that they do business with. These relationships increase risks, including bribery and corruption, business disruption, reputational damage, and many others.

Keep reading...

Technology issues dominate list of top internal audit priorities

By Joseph McCafferty

March 2, 2016

A new survey by consulting firm Protiviti finds that more companies are evaluating cyber-security risks as part of their annual audit plans.

According to the survey, "Arriving at Internal Audit's Tipping Point Amid Business Transformation," nearly three out of four companies (73 percent) now include cyber-security risk in their internal audits, a 20 percent increase from when the survey was last conducted.

Keep reading...

An old idea is getting a fresh look as technology and organizations evolve

By Fred Roth

March 2, 2016

Back in 1980, a popular accounting magazine asked: "Are we ready for continuous auditing?" That publication is no longer in circulation, but decades later, this question remains relevant.

The idea of auditors assessing controls on a continuous basis is certainly not a new idea. The Sarbanes-Oxley Act of 2002 had tremendous impact to that effect, forcing management teams across the board to take steps towards achieving continuous auditing.

Keep reading...

IIA's proposed standards changes urge internal audit leaders and boards to further safeguard objectivity

By Joseph McCafferty

March 2, 2016

When The Institute of Internal Auditors proposed changes to its professional practice standards last month, it included new guidance for chief audit executives on measures they should take to safeguard their independence and objectivity when the job takes them outside the realm of traditional audit duties.

The proposal is both an acknowledgement of the evolving role of internal audit and the department's leaders inside companies, as well as the realization of the need for some better protections against the possibility that internal audit leaders drink the Kool-Aid of "results at all costs," or become compromised by other conflicts.

Keep reading...

New reports suggest internal audit isn’t providing boards with the intelligence they really seek

By Joseph McCafferty

March 1, 2016

Chief audit executives know the feeling of having to serve many masters. They have several constituencies they must answer to or advise—including management, business lines, regulators, and shareholders—all while retaining their independence to provide clear and objective views.

The most important overseer of internal audit is the audit committee and the audit committee chair (at least at companies that care about governance). Generally, the audit committee helps set the agenda for the internal audit department, oversees and provides support, and intervenes on disputes or conflicts with management.

Keep reading...

Common attributes that move some IT audit departments from good to great.

By Fred Roth

February 18, 2016

As the use of information technology continues to proliferate so do the associated risks organizations face.

The massive cyber heist affecting more than 100 financial institutions in some 32 countries is only the latest in a spate of data security breaches worldwide. Losses from the attack, disclosed in February 2015, eventually could exceed $1 billion. During the past 10 years, hackers have infiltrated millions of files of customers at eBay, Target, Sony, Heartland Payment Systems and others.

Keep reading...

While some charge complacency, resources may be the real problem

By Joseph McCafferty

February 17, 2016

A new survey from the Institute of Internal Auditors (IIA) suggests that internal audit departments are not changing fast enough to address emerging risks that lie outside the traditional purview of internal audit.

The survey highlights four areas—cybersecurity, data analytics, auditing culture, and developing interpersonal skills—where it found that corporate internal audit shops were lagging behind in keeping up with fast-paced organizational changes that bring emerging risks.

Keep reading...

Lessons for Internal Audit from the SEC’s Latest FCPA Enforcement Action

By Joseph McCafferty

February 16, 2016

This week the Securities and Exchange Commission settled a case with Mass.-based technology company PTC Inc. and its Chinese subsidiaries that could create new imperatives for internal audit practices and assurance of anti-bribery programs.

PTC agreed to pay more than $28 million to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act (FCPA). An SEC investigation found that two Chinese subsidiaries of PTC provided non-business related travel and other improper payments to various Chinese government officials in an effort to win business.

Keep reading...

Fast Growth Without Compliance and Audit Scaffolding Is a Disaster Waiting to Happen

By Joseph McCafferty

February 11, 2016

Earlier this week, high-flying business software startup Zenefits got its wings clipped.

The San Francisco-based company, which provides online tools to help small businesses manage their human resources and employee benefits functions, forced out its founder and CEO, Parker Conrad. Conrad’s transgression? He neglected to put the proper internal processes, controls, and compliance practices in place.

Keep reading...

Taking a risk-based approach to IT audit can help focus limited resources on the real threats.

By Fred Roth

April 10, 2016

Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization. However, internal audit departments can help shed light on the issue through risk-based IT audit planning.

One way of looking at the subject is simply put: There are no IT risks as such. Rather, it is all about business risks and how IT might impact the business.

Keep reading...

By Fred Roth

February 5, 2016

Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing, an approach that can help them on both counts.

The concept of integrated auditing, which first emerged during the 1970s to address the growing gap between business and technology auditors, has many definitions. A good one characterizes it as a synchronized effort between business audit and technical audit in order to provide application audit coverage of key business risks.

Keep reading...

IIA proposes needed changes to professional standards amid evolving role of internal audit

By Joseph McCafferty

February 4, 2016

How fast is the internal audit profession changing? So fast that its main professional association, the Institute of Internal Auditors (IIA), is planning to update its bedrock professional standards. It says the current standards no longer meet the realities of how the internal audit world is changing.

Earlier this week the IIA proposed changes to its International Standards for the Professional Practice of Internal Auditing, which guide effective and acceptable professional practices and behaviors.

Keep reading...

Are many controls wasteful, distracting, and even harmful? This risk expert thinks so.

Podcast

 


February 3, 2016

In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, talks with Brian Barnier, a principal at ValueBridge Advisors and an OCEG fellow, about the role of controls in audit and risk management and their limitations. According to Barnier, although controls are the centerpiece of many audit, compliance, governance, and risk-management programs, they are often ineffective. He says they are difficult to implement, maintain, and use and often don’t work. They can even be harmful, Barnier says, since they can offer a false sense of security.

Keep reading...

A new study shows companies plan to outsource more internal audit activities

By Joseph McCafferty 
January 29, 2016

Internal audit is becoming, well, less internal.

Increasingly, companies are looking to third parties to provide internal audit services. A new study from the Institute of Internal Auditors finds that 56 percent of the North American executives surveyed said their companies use third parties for some internal audit activity. That number is expected to climb, especially among large companies. That’s because 28 percent of North American respondents said they were increasing internal audit outsourcing budgets, while 56 percent said they would remain the same.

Keep reading...

A new poll finds financial executives are losing sleep over an old concern: financial controls.

By Joseph McCafferty 
January 28, 2016

Think financial executives are most worried about cyber-security risks or the mounting new regulations they must navigate? Think again.

While those are certainly big concerns, financial executives are, from a compliance and audit perspective, most worried about something much more mundane: internal controls over financial reporting. It’s the blocking and tackling of the internal audit domain, and audit shops that lose focus on the basics will find their forays into other areas of the business are counterproductive.

Keep reading...

Social media isn’t really its own risk, but it sure can amplify underlying ones

By Joseph McCafferty 
January 27, 2016

The buzz for the last few years now is that social media represents a unique risk that companies must manage, lest they leave their corporate reputations hanging out there for others to tweet all over them.

We’ve all heard the cases: the viral video of the pizza-chain employee adding an ingredient that, ahem, isn’t listed in the formal recipe book; the tweets about the recorded call of the cable company service rep insulting customers and refusing to let them cancel their service; the nonprofit that gets hammered on Facebook and other social media outlets after a senior executive makes an unpopular and seemingly politically-motivated decision, alienating its core constituency.

Keep reading...

Internal Audit can play a large role in shaping a culture of compliance

Podcast

 


January 22, 2016

In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, sits down with Jose Tabuena, a former internal auditor and compliance executive at various companies including Orion Health and Texas Health Resources, to talk about the role of internal audit in influencing and shaping corporate culture.

Keep reading...

Investor Group Hopes to Promote Good Governance and Long-Term Thinking With New Index

By Joseph McCafferty 
January 22, 2016

A group of global investors is hoping that convincing companies to adopt good governance standards—and avoid making decisions that provide a quick pop but don’t support long-term goals—can be a lucrative proposition.

Six large pension plans and sovereign-wealth funds are joining to create an index, called the S&P Long-Term Value Creation Global Index, that is comprised of companies that “have demonstrated the ability to manage both current and future economic and governance opportunities and risks by focusing on a long-term strategy,” stated S&P Dow Jones Indices, which is managing the index.

Keep reading...

How do you know if the audit firm is providing value with a quality audit?

By Joseph McCafferty 
January 21, 2016

How can we tell if the external auditors are doing a good job? Often we can’t. Lots of companies have had large accounting and fraud issues blow up shortly after the external auditors issued a clean audit opinion.

Yet the question remains for the audit committee: How do we know the audit firm is providing value with a quality audit? This is a question that the Center for Audit Quality (CAQ) has worked to shed light on for years. 

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.