January 11, 2017

Planning for the upcoming SuperStrategies and AuditWorld 2017 conferences is in full swing with the opening of the Call for Speakers period and announcement of the dates and venue.

SuperStrategies and AuditWorld 2017 will take place November 14-16, 2017 at Planet Hollywood Las Vegas Resort & Casino. The events will be held together under one roof, offering sessions, workshops, and summits on a range of topics for internal auditors of all levels.

Keep reading...

A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 13, 2017

The Department of Justice signals a shift in their stance regarding FCPA remediation efforts, compliance officer liability concerns increase following the charges Volkswagen arrests, and a new survey indicates risk management is a top concern for audit committees.

Read more ...

Seven priorities that should be on every internal auditor's 'to-do' list

By Hernan Murdock

January 13, 2017

As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the board and senior management. While many internal auditors find it difficult to keep up with the cycle of risk-and-control reviews, there is no alternative. Failure to demonstrate how we add value will eventually result in stakeholders viewing internal audit as irrelevant.

The following actions are crucial to avoid this outcome.

Read more ...

Hiring and retaining top IT audit talent has never been harder, but hiring mistakes can only complicate the issue

By Joseph McCafferty

January 11, 2017

IT auditors are in high demand these days. Recruiters and competitors are looking to snatch high-quality talent with the right set of skills and background.

That means it's more important than ever to have a robust recruiting and retention program for IT audit to keep star performers from leaving for other jobs. It's also important to hire the right candidates and communicate with them well so that the organization and the IT auditors they hire are both on the same page. Johnathan Ngah, a principle at Synergy EnterPrize LLC, a staffing company that specializes in IT auditor recruitment says that a poor recruiting process can leads to problems later on. "If you miss on the front end of the hiring process, you need a lot of luck to make it up on the back end," he said.

Keep reading...

Internal audit reports do the function a great disservice

By Norman Marks

January 11, 2017

How do our stakeholders on the board and in top management assess the value of internal audit? What do we give them? What do they have on which to base their assessment? While they probably rely to a great deal on their direct interaction with the chief audit executive (CAE) and perhaps some of his or her team, the primary internal audit product is the audit report.

Let me state the problem as I see it. The typical audit report is boring. The typical audit report does not provide the reader on the board or in top management with the information they need to run the organization. The typical audit report is documentation of the work performed and results obtained. It conveys what we want to say rather than what the leaders of the organization need to know.

Keep reading...

What we learned at the conference for IT Audit and Controls

January 11, 2017

Several themes emerged during this year's IT Audit and Controls (ITAC) 2016 event, which was held in December in New Orleans, as IT auditors gathered to learn and exchange ideas on successful strategies and to gain insights on major trends and developments in IT audit. From the four keynote talks and panel discussions and 27 breakout sessions, it is clear that IT audit is evolving rapidly and several aspects, including data analytics and cybersecurity, present substantial challenges.

Many speakers referred to some overarching trends in IT audit, including the need to add more value and enable innovation not hinder it, the difficulty IT audit has in communicating to stakeholders, and the challenges of hiring professionals with the right mix of skills for the department. Some speakers cited the opportunity for IT audit to act as a bridge between technologists and business units and management.

Keep reading...

It’s time to reflect on our successes and past missteps and resolve to improve in 2017

By Tom O’Reilly

January 10, 2017

10, 9, 8, 7......Happy New Year! 

As we say goodbye to 2016 and hello to 2017, it’s a good time to reflect on last year’s successes and missteps. The New Year provides a great chance to pause and consider some self-improvement opportunities and goals for the next 12 months.

While it may be hard to believe that any internal auditor has missed opportunities or made mistakes (definitely not you), those who take the time to reflect on their missteps have the opportunity to improve not only themselves but also the service their departments provide. If improving Internal audit’s service is important to you, then the following four New Year’s resolutions should be on the top of your and every internal auditor’s list this year.

Read more ...

A brief look at this week's news insights that impact internal auditors

By Marcos Colón

January 6, 2017

The new head of the SEC is announced, an audit report uncovers misspent funds tied to Colorado's Obamacare exchange, and the PCAOB's revamped auditing standards take effect. This and more in a collection of the top internal audit news items of the week.  


Read more ...

In a survey by the National Association of Corporate Directors many board members admit they need to improve their knowledge of cybersecurity

By Joseph McCafferty

January 4, 2017

As board members look to set their agendas for 2017, many will include getting a better handle on cybersecurity among their top priorities. They will be looking for information security and risk professionals to provide an accurate assessment of the critical cyber-risks the organization faces. IT audit also has a role to play in assessing that a cybersecurity risk management process is in place and functioning properly and communicating that to the board and management.

Keep reading...

A week-long series of internal audit courses provides internal auditors the opportunity to fill gaps in their portfolio of skills

January 4, 2017

If your New Year's resolution includes elevating your audit skills, mark your calendars. Internal auditors will have the opportunity to get up to speed on several topics, including many IT audit options, all in one week as MISTI's Training Week heads to the Bay Area.

The week-long series of seminars will take place from February 6-12 at the MicroTek Computer Lab in San Francisco. Internal auditors can choose from among twelve courses, including such foundational courses as Fundamentals of Internal Auditing, IT Auditing and Controls, and Root Cause Analysis for Internal Auditors.

Keep reading...

A conversation with risk management and internal audit expert Norman Marks

Interview by Joseph McCafferty

January 3, 2017

The consequences of a cyber-attack—including a hit to reputation, lost customers, diminished credibility, and the cost of repairing the damage, just to name a few—are such that companies will do everything they can to defend against them. That is, of course, everything within reason and considering they have limited resources to spend on cybersecurity.

So where do you draw the line? Risk expert, Norman Marks, who has served as chief audit executive at several large companies, says thinking about how to answer that questions can provide new insights into the difficulty of managing the vast threat of cyber-attacks and data breaches. He says companies tend to be reactive, throwing money at every weakness they find, rather than considering the bigger picture and spending limited resources where they will do the most good.

Keep reading...

It's been a busy year for internal audit. Below are the top 10, most read articles from MISTI's Internal Audit Insights for 2016:

1. Auditing Corporate Culture: A New Imperative

The emerging flavor of the month in regulatory circles is the “culture of compliance,” with recognition that corporate culture has a profound influence on how an organization conducts its business. A culture that consistently places ethical considerations and client interests at the center of business decisions helps protect employees as well as investors and the integrity of the markets. Conversely, significant cultural failures can impose substantial harm on companies themselves including fines, penalties, and loss of reputation. more...

2. Internal Auditors Under Pressure to Alter Reports

Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business. A new report indicates, however, that it's an all-too-common occurrence. more...

Keep reading...

In two separate actions this week, the SEC objected to language in severance agreements that encourage outgoing employees to keep quiet

By Joseph McCafferty

December 21, 2016

The Securities and Exchange Commission hit two separate companies this week with penalties for violating rules that prevent companies from asking outgoing employees in severance agreements to not bring concerns or other information to regulators as a condition of the agreement. The SEC has warned in the past that such language in separation agreement is a violation of whistleblower protections.

On Monday, the SEC announced that a technology company had agreed to pay a penalty of $180,000 to settle charges involving its severance agreements that impeded at least one former employee from communicating information to the SEC.

Keep reading...

Seminar will provide auditors will the skills to lead audits and direct an audit team to get results

December 21, 2016

Starting in January expect the gyms to be packed as many people look to make good on their New Year's resolution to get in shape and shed those few extra pounds they may have picked up during the holidays. It's also time to exercise those audit muscles and bulk up on the audit skills you need to advance in your career.

MIS Training Institute will provide an excellent chance to do just that early in the year with its seminar, Advanced Auditing for the In-Charge Auditor, which will take place from February 6-8 in San Francisco. The course, instructed by Kathleen Crawford, will provide attendees with all of the elements involved in leading risk-based audits from the unique perspective of the in-charge position.

Keep reading...

Report finds no drop in the number of companies using non-GAAP figures, but some minor adjustments in how they use them

By Joseph McCafferty

December 20, 2016

For more than a year, the SEC has been on something of a crusade against what it considers a swell in the misleading use of non-GAAP measures in financial reports. The agency not only issued comment letters to several companies questioning and criticizing their use of the figures, several agency officials disparaged the practice in a series of speeches, where they suggested that some companies are pushing the envelope on using non-GAAP measures in financial reports. The SEC was so miffed at how Valeant pharmaceuticals has used non-GAAP measures that it dinged the company twice through comment letters.

In May, the regulator attempted to influence how companies use the figures by issuing new guidance in the form of a Compliance & Disclosures Interpretations document that provided 39 questions and answers on what the SEC would consider acceptable and what it would take issue with. Using metrics in financial statements that aren't approved by Generally Accepted Accounting Principles (GAAP) isn't necessarily a violation of reporting rules, the guidance points out, but using them to mislead investors is a violation of the rules, the SEC warned.

Keep reading...

A conversation with Marius Bosman, IT audit director at Ball Corporation

Interview by Joseph McCafferty

December 19, 2016

Communicating top risks to the board and C-suite is always tricky since it's such a critical area of involvement by the highest levels of the organization. Communicating IT risks can be even more challenging since directors and top executives aren't always sophisticated in technology areas. Information security and risk professionals must be sure they communicate in a way that will convey an accurate assessment of the critical IT risks without using too much "techie talk," or IT jargon.

Cybersecurity is such a critical issue that it is on most board agendas and a top concern of the CEO. IT auditors have a role to play in helping establish what the key IT risks are and how the organization is doing at managing them. This is one area that directors and the executive team are sure to push back on and probe for any weaknesses in the risk assessment.

Keep reading...

North American companies lag their international peers when it comes to having the audit committee, rather than the CEO, evaluate the performance of the chief audit executive

By Joseph McCafferty

December 14, 2016

I wanted to call attention to an item that might have been a little lost in a recent report by the Institute of Internal Auditors Research Foundation. While the major findings of the report—that many internal auditors say they have faced pressure to alter audit findings—was well reported, one survey result was not: that companies in North America lag well behind their international peers when it comes to having the audit committee, rather than the CEO, evaluate the performance of the chief audit executive.

According to the CBOK report, Ethics and Pressure: Balancing the Internal Audit Profession, just 38 percent of North American chief audit executive respondents said they were evaluated by the audit committee, board, or supervisory committee, compared to 61 percent who said their performance was evaluated by the CEO, president, or other senior executive. Those figures are well below the global average of about 50/50, and the lowest of any region.

Keep reading...

A former IT staffer at Expedia was recently charged with trading on non-public information. Could it happen at your company?

By Joseph McCafferty

December 14, 2016

It's a nightmare scenario for any public company: An IT staffer gets a hold of senior executives' passwords, accesses sensitive non-public information on things like upcoming earnings reports, new products, or potential deals, and trades on it, enriching himself at the expense of company shareholders.

Just such a nightmare recently played out at online travel-booking company Expedia. Last week the Securities and Exchange Commission announced insider trading charges against a San Francisco-based information technology specialist who allegedly hacked senior executives at Expedia and illegally traded on company secrets.

Keep reading...

We all know that the CEO and top senior executives shape the ethical climate for the company, but can you audit those activities?

An interview with Joel F. Kramer

December 13, 2016

Through their words and actions, the board and C-suite set the tone and shape the ethical culture that pervades the organization. If the rank and file perceive the CEO as someone who cuts corners or ignores ethical issues, it sends a message that skirting the rules is acceptable, even if the written policies forbid it. If senior management seems to always do the right thing, it creates a model that others are likely to follow and may do more to create an ethical culture than any amount of training and policy writing could ever do.

So how can internal audit assess something that seems so difficult to quantify? In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, looks at some of the ways internal audit can get at assessing "tone at the top."

Keep reading...

Live webinar will help internal auditors get a handle on where to focus IT assessment type activities for 2017

December 13, 2016

2016 was a wild year. It featured an election that was as bizarre as it was unpredictable; Britain voting to leave the EU; the loss of entertainment and sports icons like Prince, David Bowie, and Mohammed Ali; the Pokémon Go phenomenon; a major banking scandal at Wells Fargo; and the many high-profile hacks and data breaches at such organizations as Verizon, LinkedIn, the Democratic National Committee, and even the FBI.

2017 looks to be just as unpredictable, as businesses await the direction President-elect Trump will take, especially how much he will follow through on his promises to roll back business regulation and red tape. The fast pace of technological change is only expected to increase as well, offering new opportunities and plenty of threats.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.