Managing a small audit department is an exercise is stretching the buck

An interview with Joel F. Kramer

August 24, 2016

Managing a small audit department is never easy. Covering a seemingly endless stream of risks with limited resources can be trying for any audit leader. Small audit department leaders must become experts in time management, stretching the budget, and focusing on what matters.

In this first installment of our new series, "MISTI on Audit," Joel F. Kramer, vice president of internal audit curriculum at MIS Training Institute, offers some advice for leaders of small audit departments on how to get the most out of a small team and a small budget.

Keep reading...

Internal auditors face an uphill climb when it comes to auditing corporate culture

By Joseph McCafferty

August 20, 2016

The Financial Crisis of 2008 cemented what many risk management experts have known for years: You can have an army of risk managers and all the sophisticated risk-management models and tools you like, but if there is something wrong with the culture of the organization and what we all now call the “tone at the top,” they won’t work. That was clear at Bear Stearns and that was clear at Lehman Brothers.

Since then, risk managers, internal audit leaders, and governance gurus have tried make a stronger connection between culture and tone and risk management. What was once thought to be a squishy art better left to the feel-good folks in the human resources department is slowly becoming a hard science with monitoring, measures and metrics, and an emerging literature and research.

Keep reading...

The success of internal audit is tied tightly to the backing it gets from the audit committee

By Jami Harris Shine

August 17, 2016

The role of internal audit in organizations is rapidly expanding as auditors move from being rule enforcers and compliance police to trusted advisors. Audit departments are being asked to audit culture, corporate strategy, and governance functions and are increasingly being consulted on key projects and business decisions.

It's common, however, for internal auditors to face pressure to remove, deescalate, or change audit recommendations or results. According to the Institute of Internal Auditors' 2015 CBOK global practitioner study, about 30 percent of internal auditors surveyed said they were pressured to suppress or modify their findings. This statistic may be underreported since it does not include the respondents who selected "prefer not to answer."

Read more ...

The guy crawling through a dumpster in the company parking lot could be just as damaging as a malicious bot crawling through your server

By Joseph McCafferty

August 17, 2016

Mention "cyber-threat" and many of us envision an over-caffeinated twenty something in a hoodie tapping away on a keyboard as he snoops into our networks from the poorly lit back room of some run-down apartment thousands of miles awayin a country like Russia or Chinastealing customer credit card details and other sensitive data.

We can be forgiven for the typecast visualization. Just type "hacker" into google and select "images" and your screen will quickly fill with hundreds of examples of that very same vision.

Keep reading...

SEC rules that provisions discouraging current or former employees from raising concerns violate securities law

By Joseph McCafferty

August 16, 2016

Companies might want to review their severance agreements and other employment contracts in light of a recent Securities and Exchange Commission ruling. The SEC is taking issue with language that discourages employees or former employees from raising concerns about wrongdoing to its whistleblower office.

This week the SEC hit California-based health insurance provider Health Net with a $340,000 fine for illegally using severance agreements requiring outgoing employees to waive their ability to obtain monetary awards from the SEC's whistleblower program.

Keep reading...

Good audit planning is essential to audit success and can yield improved results

By Wade Brylow

August 15, 2016

After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.

Benjamin Franklin famously said: "By failing to prepare, you are preparing to fail." Indeed, one of the most common causes of unsuccessful audits is inadequate planning. Too often, audit staff commitments to current engagements become an obstacle to planning the next engagement. I would submit that delaying an audit is preferable to not investing the proper amount of time into planning for it.

Read more ...

A new report finds most internal audit shops aren't very advanced when it comes to data analytics

By Joseph McCafferty

August 10, 2016

Data analytics is supposed to be the great savior of the internal audit function. It has been heralded as the set of tools that will give organizations new insights into risk management, fraud, and corruption. It would free up internal auditors to use their skills on assessing non-traditional areas of the business and lower the cost of internal audit. It would change the internal audit profession entirely.

Here's the catch: most companies are still not very advanced in their use of data analytics. A new report out from Deloitte finds most companies are barely off the ground with the use of analytics and some haven't even started. "The use of analytics is largely at basic levels," the report's authors write.

Keep reading...

Internal auditors in Africa discuss the needed attributes of internal audit now and into the future

By Joseph McCafferty

August 10, 2016

One of the big themes of the Audit, Risk and Governance Africa conference held by MIS Training Institute in Accra, Ghana last week was how to position internal audit for the future and how to ensure that the function continues to add value in the organization and remain relevant.

In many ways, these challenges are similar to those that internal audit faces in developing nations, and many of the solutions are similar to those that internal auditors are emphasizing worldwide: better communication, a larger advisory role, and a more nimble approach to internal audit. Yet, the unique challenges that internal auditors face in Africa, including increased corruption and greater political uncertainly, only heighten the need to position internal audit as leaders in the organization.

Keep reading...

FASB mulls future accounting projects as the post-convergence era of standards updates begins

By Joseph McCafferty

August 10, 2016

The top U.S. accounting rulemaker is looking for more input on what projects it should tackle over the next few years as it moves into the post-convergence era of accounting rulemaking.

The Financial Accounting Standards Board issued an "Invitation to Comment" to solicit feedback about potential financial accounting and reporting topics that FASB should consider adding to its agenda. "The invitation to comment is an important opportunity for stakeholders to help the FASB set its agenda for the next several years," FASB said in a statement.

Keep reading...

Audit leaders in Africa voice frustration at the difficulty of bringing corruption to light

By Joseph McCafferty

August 3, 2016

It's not easy to be an internal auditor at a public entity in Africa. "It takes a lot of bravery," said Graham Joscelyne, chair of the audit and ethics committee at the Global Fund to Fight Aids.

Joscelyne moderated a panel of auditors and former auditors of public entities and governments at the Audit, Risk, and Governance Africa conference being held this week in Accra, Ghana. The panelists, including Ludovick Utouh, former controller and auditor general at WAJIBU – Institute of Public Accountability in Tanzania, expressed frustration at the slow pace of progress for government services in Africa and the many obstacles to bringing corruption at public entities to light.

Keep reading...

Internal auditors are increasingly taking a closer look at the company's social media strategy

By Karen Kroll

August 3, 2016

Social media sites are becoming a bigger part of most companies' plans to connect with customers and other stakeholders. And while sites like Twitter and Facebook can be powerful marketing tools, they are also fraught with risks. Now internal audit departments are taking a closer look at those risks and the controls companies are instituting to manage them.

That's because social media is quickly becoming integral to how people and organizations communicate. More than one billion people log onto Facebook daily. Twitter has 310 million active users. Coca Cola has 1.3 million followers on Instagram, and the 235,280 subscribers to the YouTube channel of home improvement retailer Lowe's have logged more than 100 million views.

Keep reading...

By H. David Kotz

August 2, 2016

In December 2007, I was appointed as the Inspector General of the Securities and Exchange Commission and served in that capacity until January 2012.  An IG is an internal watchdog for a governmental body with its primary purpose being to identify and reduce waste, fraud, and abuse in the agency.  IGs supervise both internal audit and investigative units.

Read more ...

LAN Airlines made illegal payments to a third party to attempt to settle a labor dispute

By Joseph McCafferty

July 29, 2016

The Securities and Exchange Commission has charged South American-based LAN Airlines with making illegal payments to attempt to settle a labor dispute, in violation of the Foreign Corrupt Practices Act. The airline has agreed to pay more than $22 million to settle parallel civil and criminal cases related to improper payments it authorized during a dispute between the airline and its union employees in Argentina.

The SEC's investigation found that when LAN encountered problems negotiating labor agreements with the unions, it was contacted by a consultant from Argentina who offered to negotiate on the company's behalf.

Keep reading...

Survey finds chief audit executives are concerned about talent gap, meeting stakeholder expectations

By Joseph McCafferty

July 27, 2016

What keeps internal audit executives up at night? Plenty, according to a recent survey of chief audit executives conducted by Deloitte.

A survey by the Big Four audit firm finds that a startling number of audit leaders are concerned about the skills and expertise their teams have to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support in the years ahead. CAEs recognize that internal audit groups need to change, but many struggle with how to achieve that change, according to Deloitte Global's new report, "Evolution or irrelevance? Internal Audit at a crossroads."

Keep reading...

The accounting standards overseer is proposing additional reporting on tax changes and cash held abroad

By Joseph McCafferty

July 27, 2016

The Financial Accounting Standards Board issued a proposed Accounting Standards Update that is intended to enhance disclosure requirements on business income taxes. The proposal would require public and private companies to change the way they report income taxes on their financial statements to include more information about country-by-country tax reporting and more about the cash they hold overseas to avoid paying U.S. taxes on foreign earnings.

The proposed update is part of the FASB's broader disclosure framework project to improve the effectiveness of disclosures in notes to financial statements by clearly communicating the information that is most important to users of a reporting organization's financial statements.

Keep reading...

What every internal auditor should know about assessing plans for what to do when there's a data breach

PODCAST

Interview by Joseph McCafferty

July 26, 2016

No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan. Yet too often that plan isn't updated, assessed, and regularly tested for effectiveness. That's where internal audit comes in. Internal auditors have a large role to play in ensuring that the incident response plan is up to snuff and functioning properly.

Keep reading...

Companies—and regulators—are paying more attention to getting culture right

By Jose Tabuena

July 23, 2016

The emerging flavor of the month in regulatory circles is the “culture of compliance” with recognition that corporate culture has a profound influence on how an organization conducts its business.

A culture that consistently places ethical considerations and client interests at the center of business decisions helps protect employees as well as investors and the integrity of the markets. Conversely, significant cultural failures can impose substantial harm on companies themselves including fines, penalties, and loss of reputation.

 

Keep reading...

Internal audit departments having trouble recruiting candidates with the requisite skills

By Karen Kroll

July 22, 2016

For the last few years internal audit executives have fretted over finding the right people to staff a department that is taking on several new roles. Now, it appears those concerns are only deepening. Among the top problems internal audit shops face is finding good people to hire.

"Companies are really struggling to find people with the skill set required for today's internal auditor," says Sandy Pundmann, U.S. internal audit practice lead at Deloitte.

Keep reading...

IIA Says Internal Audit Should Go Beyond Audits to Advising on Cyber-Threats

By Joseph McCafferty

July 20, 2016

There isn't a company out there, big or small, that doesn't have some concerns about cybersecurity. Some have called it the biggest problem of our time for companies. Given the potential for the types of disasters Target, Sony, and so many others have experienced, it's no surprise that internal audit has played an important role in ensuring that cybersecurity systems are in place and functioning.

Yet, that may not be enough. The Institute of Internal Auditors recently called on internal auditors to play a more significant role in protecting companies from hackers and data breaches. A new report, Internal Audit as Trusted Cyber-Adviser, outlines the steps heads of internal audit should take to become significant contributors to cybersecurity efforts.

Keep reading...

Study examines the top indicators that internal audit is functioning at a high level

July 19, 2016

A new research report from The Institute of Internal Auditors Research Foundation finds a wide variety of factors influence the maturity levels of internal audit functions around the world. The age and size of the internal audit function, industry type, organizational size, and other variables often influence how quickly internal audit functions can operate to deliver a high level of value. The study also found a wide disparity in how well audit departments are aligned with the overall strategic objectives of the organization.

The report identified 11 indicators of maturity, then analyzed how internal audit functions stack up against those indicators in seven key areas, such as risk assessment and internal audit planning.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.