A new survey finds that data overload is affecting the financial reporting process

By Joseph McCafferty

November 16, 2016

Financial Executives are straining to keep up as the increasing volume and pace of data clouds their ability to provide meaningful insights to boards quickly and accurately. Certainly, internal audit executives and those involved in the reporting process are likely feeling just as frazzled, as they work to make sense of the endless streams of data and pluck the meaningful fragments from the meaningless noise.

According to a new report by EY Financial Accounting and Advisory Services, 66 percent of CFO (or those that head the financial reporting function) respondents worldwide say they are struggling to process the increased amount of data and that it is having a significant impact on the effectiveness of corporate reporting, up from 57 percent who said data overload was a financial reporting problem in 2015.

Keep reading...

Webinar will instruct internal audit executives on acquiring and enhancing effective leadership techniques

November 16, 2016

Unless you are a department of one, every chief audit executive or senior internal auditor must lead others to accomplish the objectives of the internal audit department. Good leaders inspire and influence others. They are able to organize a group of people to accomplish common goals and share in success.

A leader is someone who others follow, who guides and directs the team, and someone who can multiply outcomes by acting through and with others. A leader, then, is someone who can accomplish more and with higher satisfaction levels then someone who tries to do everything alone.

Keep reading...

How creative and unconventional audit analytics can help you take your audits to the next level

By Yves Froude

November 15, 2016

It's 4:00 p.m. on a Friday afternoon and you are already thinking about your weekend plans, when your manager walks into your office with "a simple request": "We just need to come up with some data analytics tests to find out about ... that thing they mentioned in the board meeting today."

That "thing" is usually the latest hot topic and could range among a variety of sensitive matters, from weeding out travel abuse to finding out if executives share passwords, whether contractors are overbilling the company, or even if anti-money laundering measures are effective.

Keep reading...

An expanded view of integrated auditing means combining internal audit with all of the second lines of defense

An interview with Joel F. Kramer

November 11, 2016

Integrated auditing isn't a new idea. Organizations have tried to bring together specialized audit areas, such as finance, operations, and IT audit, and others for a long time. They realize that leveraging these areas into a single audit can not only make the audit process more efficient, but the crossover and sharing of knowledge can provide better insights into the key risks of the function or process being audited. Now, companies are pushing further into integrated auditing to integrate more of the second lines of defense, including such areas as risk management, fraud, and compliance.

In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, talks about the benefits of integrated auditing, how he sees it evolving, and some of the challenges along the way to achieving fully integrated audits.

Keep reading...

With lots of variations and often duel reporting lines, CAEs must serve many masters

By Joseph McCafferty

November 9, 2016

To whom should the chief audit executive report? That question has perplexed companies for decades. Once an underling of the finance or legal departments, many companies have made the CAE a direct report to the CEO. That structure gives internal audit more clout, but it doesn't solve the problem of the need for internal audit leaders to have complete independence to elevate concerns directly to the board. The result is a muddy, duel-reporting structure that can pull internal audit executives in different directions and create plenty of angst.

A recent study, released last month by the Internal Audit Foundation—the research unit of the Institute of Internal Auditors—finds that reporting structures for chief audit executives still vary widely from company to company and region to region. Nearly half (49 percent) of the CAEs survived said they report to the CEO on an administrative basis; more than a quarter (26 percent) report directly to the audit committee chair or in some way to the board of directors; another 15 percent report to the chief financial officer; and 10 percent to the lead counsel or other executive.

Keep reading...

IT audit experts from such companies as Dropbox, Juniper Networks, Lockheed Martin, and others to address audit conference

November 9, 2016

Top risk and technology experts will give talks on such topics as establishing trust in the cloud and managing cyber-risk next month at the top conference for IT auditors.

The keynote addresses are set for the IT Audit & Controls (ITAC) conference taking place in New Orleans next month on December 6-8. Among the speakers that will provide IT auditors with insights on emerging technology and their related risks are executives from Dropbox, Juniper Networks, Ball Corp., and others.

Keep reading...

A conversation with Michael Gallagher, managing director of CBIZ Risk & Advisory Services

Interview By Joseph McCafferty

November 4, 2016

Not all organizations are good at managing risk in a holistic way. It's easy for business units or functions that address risks to be guarded about their risk-management efforts or to reproduce what other parts of the company are already doing. These risk silos can cause problems for companies, not only because they duplicate risk-management efforts, but because key strategic risks can go unaddressed or siloed thinking may be preventing the company from meeting its goals.

We recently caught up with Michael Gallagher, managing director at CBIZ Risk & Advisory Services, to talk about how these risk silos can crop up at companies, the dangers they present, and how organizations can dismantle them and manage risk in a more holistic way.

Keep reading...

Machine learning algorithms are becoming more commonplace, but what are the risks they could err? Sounds like a job for IT audit

By Andrew T. Clark

November 3, 2016

Machine learning algorithms are permeating our world. With applications in banking, investing, social media, advertising, and crime prevention, to name a few, these 'little black boxes' are increasingly being used to inform and drive decisions about our lives and businesses.

Yet, how do we know that in high-stakes situations—such as prison sentencing, airport security, combat, or how self-driving cars might choose between two catastrophic outcomes—the algorithms really are intellectually sound and in our best interest?

Keep reading...

Nearly one-in-four internal auditors say they've been pressured to suppress or change valid audit findings

By Joseph McCafferty

November 2, 2016

Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business. A new report indicates, however, that it's an all-too-common occurrence.

The latest CBOK study from the Internal Audit Foundation, the research unit of the Institute of Internal Auditors, finds that 25 percent of the internal auditors at North American organizations surveyed said they have been pressured to "suppress or significantly modify a valid internal audit finding or report" during their career. Another 6 percent indicated that they would rather not answer the question.

Keep reading...

Highlights and findings from the top conference for internal audit leaders

November 2, 2016

Several themes emerged during this year's SuperStrategies 2016 event, which was held in September in Las Vegas, as internal audit executives gathered to learn and exchange ideas on successful strategies and to gain insights on major trends and developments in internal audit. From the five keynote talks and panel discussions and 40 breakout sessions, it is clear that internal audit is very much a function that is evolving rapidly.

Many speakers referred to some overarching trends in internal audit, including the branching out into audits of non-traditional areas, the need to add more value, the difficulty internal audit has in communicating to stakeholders, and the challenges of hiring professionals with the right mix of skills for the department.

Keep reading...

Most companies struggle with how much is enough when it comes to protecting the company’s vital data and information

By Marius Bosman

November 1, 2016

Recently, our organization's CEO asked me a question about Cybersecurity: "Are we spending enough time and money on preventing cyber-incidents from occurring at our organization?" After a brief pause for careful consideration, I answered him: "It depends ... let me explain my point of view with an analogy."

I went on to explain how your home has some security measures included by design like a front door with a deadbolt lock. What makes you decide to add more security measures? Is it to gain extra peace of mind when you are away on a business trip to ensure your family is safe? Or is it to lower your home insurance cost? I think the biggest determining factor is the occurrence of criminal events like home invasions in your neighborhood.

Keep reading...

Do internal auditors have a responsibility to investigate suspicious activity?

An interview with Joel F. Kramer

October 28, 2016

What is internal audit's role in finding fraud? One of the key activities of internal audit is to conduct a fraud risk assessment that identifies an organization's vulnerabilities to internal and external fraud. In addition to helping to assure that companies are employing controls and processes to prevent fraud, internal audit will often aid in the investigation of potential fraud and will look more closely at the activity that raises concerns about fraud.

In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, talks about what auditors should do if they suspect fraudulent behavior and internal audit's role in detecting and preventing fraud.

Keep reading...

Did participation trophies in youth sports foster a generation of wimps? Probably not.

By Joseph McCafferty

October 26, 2016

Newsflash: Millennials don't stay in their jobs very long. They lack loyalty and focus. And they need oodles and oodles of positive reinforcement.

So say the several surveys and reports that portend to put their finger on the pulse of the generation born roughly between 1980 and 2000 and tell us how to relate to these skateboard-riding, texting-obsessed, criticism-adverse, video game junkies with short attention spans. They tell us to throw away the management strategies we've been honing for decades and get ready to do some coddling. Millennials are different, they say, and need a special kind of handling.

Keep reading...

A week-long series of internal audit courses provides internal auditors the opportunity to fill gaps in their portfolio of skills

October 26, 2016

Orlando area internal auditors or those who want to get some sun in December will have the opportunity to get up to speed on several topics all in one week, as MISTI's Training Week heads to the theme park capital of the world.

The week-long series of seminars will take place from December 12-15 at the Hilton Orlando in Lake Buena Vista, Fla. Internal auditors can choose from among 10 courses, including such foundational courses as Fundamentals of Internal Auditing, IT Audit School, and Intermediate IT Audit School.

Keep reading...

By Norman Marks

October 24, 2016

The management of risk, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives.

All the standards, frameworks, and guidelines—including the COSO Enterprise Risk Management – Integrated Framework and the ISO 31000:2009 global risk management standard—talk about risk in terms of its ability to affect the achievement of the organization's objectives.

Keep reading...

A conversation with Glenn Sumners, director of the Louisiana State University Center for Internal Auditing

Interview By Joseph McCafferty

October 21, 2016

The internal audit profession is hot right now, as companies are generally looking to hire additional auditors and are willing to pay more for talented individuals. Among the top academic programs that are looking to develop this next generation of internal auditors is the Louisiana State University Center for Internal Auditing.

We recently caught up with Glenn Sumners, director of center to talk about what audit departments can expect from this next generation and what young auditors must do to be successful.

Keep reading...

October 19, 2016

Some risk managers may feel like they are in the failure portion of a late-night TV infomercial these days. Perhaps they even hear that deep TV announcer voice in their heads: "Is your organization drowning in risks that are becoming harder and harder to quantify? Are you overwhelmed by emerging risks that seem to spring from every corner of the business? Are you losing sleep over risks from all the potential adverse events that could cause severe reputational damage? Now there's Risk-Away..."

As we all know, of course, no such product exists. The only option for risk managers and all of those who are responsible for identifying, assessing, and managing risks in the organization is to get smarter about how they think about risk and refine risk-management processes.

Keep reading...

IT audit planning depends on identifying the IT audit universe and solid assessment of the risks of adverse events

By Fred Roth

October 18, 2016

IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, IT auditors have an obligation and value-adding opportunities to assess enterprise vulnerabilities.

Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization. However, internal audit departments can help shed light on the risks.

Keep reading...

A conversation with Wade Brylow, director of internal audit at Northrop Grumman

Interview By Joseph McCafferty

October 17, 2016

Among the most powerful tools these days to detect and deter fraud is data analytics. While some internal audit departments struggle to use sophisticated analytics tools and continuous monitoring, those that do have a leg up on rooting out fraud and finding it in unlikely places.

We recently caught up with Wade Brylow, director of internal audit at defense contractor Northrop Grumman, to talk about the company's approach to data analytics and to detecting and deterring fraud throughout the company's sophisticated and sprawling operations.

Keep reading...

Regulators come down hard on corruption, unless companies cooperate completely

By Karen Kroll

October 14, 2016

As it nears its fortieth birthday, the Foreign Corrupt Practices Act (FCPA) remains a focus of both the Securities and Exchange Commission and the U.S. Department of Justice. At the same time, the agencies regularly modify their approach to enforcement. While no radical departures from historical practice appear imminent, experts have identified several shifts.

In 2015, the DoJ and SEC together brought eleven core corporate FCPA enforcement actions, says Mike Koehler, associate professor of law at Southern Illinois University and the individual behind FCPA Institute, which provides training on anti-corruption programs. Core actions are based on the same set of corporate conduct. For instance, actions against a corporate parent and its subsidiary for actions by the subsidiary typically would count as one action.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.