Machine learning algorithms are becoming more commonplace, but what are the risks they could err? Sounds like a job for IT audit

By Andrew T. Clark

November 3, 2016

Machine learning algorithms are permeating our world. With applications in banking, investing, social media, advertising, and crime prevention, to name a few, these 'little black boxes' are increasingly being used to inform and drive decisions about our lives and businesses.

Yet, how do we know that in high-stakes situations—such as prison sentencing, airport security, combat, or how self-driving cars might choose between two catastrophic outcomes—the algorithms really are intellectually sound and in our best interest?

Keep reading...

Nearly one-in-four internal auditors say they've been pressured to suppress or change valid audit findings

By Joseph McCafferty

November 2, 2016

Just about every internal auditor will face an ethical dilemma or difficult situation at some point in their career. Among the toughest scenarios is when the CEO or other senior executive exerts pressures to suppress or change the results of an audit finding because it reflects poorly on management or some other aspect of the business. A new report indicates, however, that it's an all-too-common occurrence.

The latest CBOK study from the Internal Audit Foundation, the research unit of the Institute of Internal Auditors, finds that 25 percent of the internal auditors at North American organizations surveyed said they have been pressured to "suppress or significantly modify a valid internal audit finding or report" during their career. Another 6 percent indicated that they would rather not answer the question.

Keep reading...

Highlights and findings from the top conference for internal audit leaders

November 2, 2016

Several themes emerged during this year's SuperStrategies 2016 event, which was held in September in Las Vegas, as internal audit executives gathered to learn and exchange ideas on successful strategies and to gain insights on major trends and developments in internal audit. From the five keynote talks and panel discussions and 40 breakout sessions, it is clear that internal audit is very much a function that is evolving rapidly.

Many speakers referred to some overarching trends in internal audit, including the branching out into audits of non-traditional areas, the need to add more value, the difficulty internal audit has in communicating to stakeholders, and the challenges of hiring professionals with the right mix of skills for the department.

Keep reading...

Most companies struggle with how much is enough when it comes to protecting the company’s vital data and information

By Marius Bosman

November 1, 2016

Recently, our organization's CEO asked me a question about Cybersecurity: "Are we spending enough time and money on preventing cyber-incidents from occurring at our organization?" After a brief pause for careful consideration, I answered him: "It depends ... let me explain my point of view with an analogy."

I went on to explain how your home has some security measures included by design like a front door with a deadbolt lock. What makes you decide to add more security measures? Is it to gain extra peace of mind when you are away on a business trip to ensure your family is safe? Or is it to lower your home insurance cost? I think the biggest determining factor is the occurrence of criminal events like home invasions in your neighborhood.

Keep reading...

Do internal auditors have a responsibility to investigate suspicious activity?

An interview with Joel F. Kramer

October 28, 2016

What is internal audit's role in finding fraud? One of the key activities of internal audit is to conduct a fraud risk assessment that identifies an organization's vulnerabilities to internal and external fraud. In addition to helping to assure that companies are employing controls and processes to prevent fraud, internal audit will often aid in the investigation of potential fraud and will look more closely at the activity that raises concerns about fraud.

In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, talks about what auditors should do if they suspect fraudulent behavior and internal audit's role in detecting and preventing fraud.

Keep reading...

Did participation trophies in youth sports foster a generation of wimps? Probably not.

By Joseph McCafferty

October 26, 2016

Newsflash: Millennials don't stay in their jobs very long. They lack loyalty and focus. And they need oodles and oodles of positive reinforcement.

So say the several surveys and reports that portend to put their finger on the pulse of the generation born roughly between 1980 and 2000 and tell us how to relate to these skateboard-riding, texting-obsessed, criticism-adverse, video game junkies with short attention spans. They tell us to throw away the management strategies we've been honing for decades and get ready to do some coddling. Millennials are different, they say, and need a special kind of handling.

Keep reading...

A week-long series of internal audit courses provides internal auditors the opportunity to fill gaps in their portfolio of skills

October 26, 2016

Orlando area internal auditors or those who want to get some sun in December will have the opportunity to get up to speed on several topics all in one week, as MISTI's Training Week heads to the theme park capital of the world.

The week-long series of seminars will take place from December 12-15 at the Hilton Orlando in Lake Buena Vista, Fla. Internal auditors can choose from among 10 courses, including such foundational courses as Fundamentals of Internal Auditing, IT Audit School, and Intermediate IT Audit School.

Keep reading...

By Norman Marks

October 24, 2016

The management of risk, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives.

All the standards, frameworks, and guidelines—including the COSO Enterprise Risk Management – Integrated Framework and the ISO 31000:2009 global risk management standard—talk about risk in terms of its ability to affect the achievement of the organization's objectives.

Keep reading...

A conversation with Glenn Sumners, director of the Louisiana State University Center for Internal Auditing

Interview By Joseph McCafferty

October 21, 2016

The internal audit profession is hot right now, as companies are generally looking to hire additional auditors and are willing to pay more for talented individuals. Among the top academic programs that are looking to develop this next generation of internal auditors is the Louisiana State University Center for Internal Auditing.

We recently caught up with Glenn Sumners, director of center to talk about what audit departments can expect from this next generation and what young auditors must do to be successful.

Keep reading...

October 19, 2016

Some risk managers may feel like they are in the failure portion of a late-night TV infomercial these days. Perhaps they even hear that deep TV announcer voice in their heads: "Is your organization drowning in risks that are becoming harder and harder to quantify? Are you overwhelmed by emerging risks that seem to spring from every corner of the business? Are you losing sleep over risks from all the potential adverse events that could cause severe reputational damage? Now there's Risk-Away..."

As we all know, of course, no such product exists. The only option for risk managers and all of those who are responsible for identifying, assessing, and managing risks in the organization is to get smarter about how they think about risk and refine risk-management processes.

Keep reading...

IT audit planning depends on identifying the IT audit universe and solid assessment of the risks of adverse events

By Fred Roth

October 18, 2016

IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, IT auditors have an obligation and value-adding opportunities to assess enterprise vulnerabilities.

Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization. However, internal audit departments can help shed light on the risks.

Keep reading...

A conversation with Wade Brylow, director of internal audit at Northrop Grumman

Interview By Joseph McCafferty

October 17, 2016

Among the most powerful tools these days to detect and deter fraud is data analytics. While some internal audit departments struggle to use sophisticated analytics tools and continuous monitoring, those that do have a leg up on rooting out fraud and finding it in unlikely places.

We recently caught up with Wade Brylow, director of internal audit at defense contractor Northrop Grumman, to talk about the company's approach to data analytics and to detecting and deterring fraud throughout the company's sophisticated and sprawling operations.

Keep reading...

Regulators come down hard on corruption, unless companies cooperate completely

By Karen Kroll

October 14, 2016

As it nears its fortieth birthday, the Foreign Corrupt Practices Act (FCPA) remains a focus of both the Securities and Exchange Commission and the U.S. Department of Justice. At the same time, the agencies regularly modify their approach to enforcement. While no radical departures from historical practice appear imminent, experts have identified several shifts.

In 2015, the DoJ and SEC together brought eleven core corporate FCPA enforcement actions, says Mike Koehler, associate professor of law at Southern Illinois University and the individual behind FCPA Institute, which provides training on anti-corruption programs. Core actions are based on the same set of corporate conduct. For instance, actions against a corporate parent and its subsidiary for actions by the subsidiary typically would count as one action.

Keep reading...

New survey of internal auditors lists top risk-assessment and audit-planning considerations

By Joseph McCafferty

October 12, 2016

As internal auditors begin the process of planning audits for 2017, they are also looking to refine that planning process, which, of course, depends a great deal on risk assessment. With an intense focus on adding value, risk assessment and audit planning are as important as ever. A new survey finds that internal audit departments are reviewing those process and looking to improve risk assessment and audit planning in a few critical areas.

According to the survey, by Walters Kluwer's TeamMate Solutions unit, the top priorities include moving to a more continuous risk-assessment process and addressing strategic and emerging risks. Other "key considerations" include considering the impact of macro risk factors, sharpening the organization's focus on cyber-risks, and making the audit planning process more dynamic so it can be updated as conditions change.

Keep reading...

Despite vigorous efforts by regulators in the United States and Europe to punish bribery, it still plagues many parts of the world

By Joseph McCafferty

October 11, 2016

The U.S. Department of Justice and the Securities and Exchange Commission are on something of a roll lately in bringing corruption cases to fruition under the Foreign Corrupt Practices Act (FCPA).

Together, the agencies concluded 26 enforcement actions against companies and individualsincluding three cases where regulators declined to prosecute but enforced strict reformsthrough the first half of 2016, according to the FCPA Blog, which tracks such cases. That's more than the 20 enforcement actions the DoJ and SEC jointly concluded in all of 2015, including nine declinations. And most experts expect the second half to be just as active in terms of corruption enforcement.

Keep reading...

A conversation with Thomas Sanglier, director of internal audit at Raytheon

October 7, 2016

Finding the right candidates to fill internal audit positions is getting more difficult. Not only are salaries rising for internal auditors, making it more expensive to hire good applicants, but the array of skills needed for today's internal audit departments are so varied that those that possess all the right talents—including IT knowledge, communication skills, business acumen, critical thinking, risk management, industry knowledge, fraud-finding abilities, and several others—are hard to come by.

Internal audit managers that are looking to fill gaps in the department's collective set of skills have few options. They can pay more to hire talented individuals away from other companies, they can turn to outsourcing to complete work that they don't have the necessary abilities or numbers in house, or they can look to hire candidates without the typical internal audit background that is heavy in accounting and finance training and experience.

Keep reading...

A week-long series of internal audit courses provides New York-area internal auditors the opportunity to fill gaps in their portfolio of skills

October 5, 2016

New York area internal auditors will have the opportunity to get up to speed on several topics all in one week, as MISTI's Training Week heads to the Big Apple.

The week-long series of seminars will take place from October 17-20 at the Convene Conference Center in Midtown Manhattan. Internal auditors can choose from among nine courses, including such foundational courses as Fundamentals of Internal Auditing, IT Audit School, and Intermediate IT Audit School.

Keep reading...

FedEx Chief Audit Executive Robert King on what internal audit departments need to do to rise to the occasion

By Joseph McCafferty

October 4, 2016

There are several big challenges facing internal audit departments and still more facing the internal audit profession as a whole. Some of them represent opportunities as well as obstacles to overcome. The difficulty in filling internal audit positions with talented candidates, for example, has led to increases in pay for many internal auditors. The need to do a better job leveraging technology has the potential to free internal audit up to do more valuable and higher-level jobs, raising internal audit's profile in the organization.

"It's a great time to be in the internal audit profession," said Robert King, chief audit executive of FedEx, during a keynote speech at the SuperStrategies 2016 conference held last week in Las Vegas. "Executive teams are continually reaching out to us to do more, so it's a great time that we are being asked to be in the game."

Keep reading...

A conversation with Thierry Dessange, vice president of technology audit at Visa Inc.

Interview By Joseph McCafferty

October 3, 2016

Whether it's data analytics; governance, risk, and compliance solutions; or planning and collaboration software packages, most internal audit departments are looking to improve their use of technology as they strive to do more with less. Meeting the organizational mandate to provide more value means achieving greater efficiency, and technology offers the best chance at doing that.

Still, many internal auditors say they have muchwork to do to get where they want to be on the spectrum of those who use technology to its full potential. A recent study by the Institute of Internal Auditors found that just 40 percent of internal audit leaders say their departments embrace technology at what they consider to be appropriate levels. More than half said they were lagging on the use of technology. A separate Deloitte study found that only 7 percent of respondents say their internal audit department is using data analytics at an advanced level.

Keep reading...

The Department of Justice’s Pilot Program awards credit and even a pass to companies that go the extra mile after finding evidence of corruption

By Thomas Fox

September 30, 2016

This year is sure to be one for the books for Foreign Corrupt Practices Act (FCPA) enforcement. By the end of June, there were more FCPA enforcement actions in 2016 than in all of 2015, and it doesn't appear that things will be slowing down anytime soon. The Fed's aggressive campaign against bribery and corruption rolls on.

Yet this surge in FCPA cases isn't even the most significant development in corruption enforcement so far this year. The single most important development is the announcement of the Justice Department's Pilot Program for FCPA enforcement, which provides some relief for companies that meet high standards for cooperating with regulators during investigations.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Select a Region
United States
United Kingdom/Ireland
Middle East

By continuing to use you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.