After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.
By improving the tone of the audit report, auditors maintained – if not, increased – the integrity of findings and developed better relationships with their clients. Rather than brutal honesty, auditors became humanely honest. Here are four strategies to improve tone in your audit reports.
If done well and communicated properly, reporting the root cause can be the glue your report needs to tie findings to the overall health of the company and create significant change for the business. This article provides some strategies to use in writing and communicating root cause in audit findings.
In this interview featuring Bob Hirth, Chairman at COSO, he sheds light on the recent updates made to the COSO ERM framework, discusses what those changes mean for internal auditors, and advises on how to best leverage the framework.
Within a communications group, chances are that someone is performing a level of auditing of weekly or monthly online analytics already. But it doesn’t hurt to talk to these people and fill in any gaps you discover. How effective is your social media presence and how do you audit it? This article should get you started on auditing social media within a larger audit.
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Rather than robotic humanoids or machines who have become “self-aware,” artificial intelligence might be better described as computer systems that can predict human behavior. For internal audit, it can be a handy tool for specific processes within audit and analyzing overall sets of data with greater accuracy and even predict risk.
At times, internal auditors don't explain to their clients that processes should be built to operate error-free. Even when controls detect errors, customers report gaffes, or sheer luck saves the day, these events often cause re-work. Here's what you can do to help your clients prevent mistakes.
You picked them! Here's a look at the most read articles published on Internal Audit Insights in 2018. From building great audit teams to writing an audit report that gets results, you'll find a unique mix of some engaging content that answers some of your pressing questions.
For those that do integrated audits, the concept is a no-brainer. Integrated audits are an efficient, holistic approach to the business. But, if the idea of integrated auditing is untapped, then it’s a brave new world to check out. Below are some points to get the conversation started in your company.
Today, we’ll be cleaning out the metaphorical “auditor’s closet.” The auditor’s closet comes stashed with a variety of documents that identify, document, record, and communicate specific controls for both you and whoever needs to review these controls in the future.
If you’re going to audit social media, then develop a method. Kate Mullin, a social engineering expert, shares a formulaic approach to begin thinking like a hacker and doing the reconnaissance a hacker would do so that you can protect your organization.
Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.
Fraud and corruption are all around us. As internal auditors, if we're so heavy handed with the few “sinners” we catch, won’t the large majority who didn't get caught breath a huge sigh of relief and just try even harder to stay hidden?
As internal auditors apply risk-based auditing techniques to their reviews and increase their focus on the needs of customers to achieve organizational aims, it is essential to gain a panoramic understanding of the process. The SIPOC diagram can help.
As an internal auditor, there's nothing wrong with having passion for what you do. Passion supports the search of truth and ensures objective momentum to a conclusion. But it's important to know that emotion, on the other hand, is not passion.
Believe it or not, some orchestral tunes offer up important bits of wisdom that can easily apply to the internal audit function. In part one of this two-part series, Dan Clark describes what internal auditors can learn from Joseph-Maurice Revel's "Bolero."
When is the last time you looked for your name on the internet? Which of the links and images are tied to you? More importantly, where does all this information come from? Here are 13 important tips to leverage at your organization to ensure online privacy.
Where companies may do some variation of a rotational program, perhaps using rotational auditors is an untapped resource in your company. If rotational auditing sounds like something you’d like to try – do it. We put together a few steps to get going in that direction.
The cyber threat landscape is evolving and as an internal auditor it's important to become familiar the risks the organization is facing. Here are 11 helpful tips you can leverage to make sure your company steers clear of known exploits.
As the audit quarterback, you get to work with the entire team to overcome these fears and crush the meeting (in a good way). Here are some points to consider as you huddle up and plan for a successful audit.
Just because a company has a robust risk management system in place doesn't guarantee that it will actually manage risk well. An ineffective manager will mismanage risks, no matter how strong the risk management system is.
Internal audit can provide assurance to their board and executive team whether or not a process is in place to manage risks of third parties maintaining critical data, and that third parties have their data protection controls in place.
Good content is necessary, but ensuring that good content is written well is another experience on its own. Here, we dive into three areas that improve sentence flow: topic sentences, transitions, and filler phrases.
The following seven CAE best practices may help you both better position your team to improve the performance during each of their projects and better position internal audit as a go-to resource for business leaders.
Study after study has shown that data analytics is effective and efficient at detecting risk and identifying control weaknesses, non-compliance, and inefficient business processes. So why have some internal audit departments still not embraced it?
Most companies that have embarked on an enterprise risk management (ERM) initiative are still in the earliest stages or have struggled to demonstrate benefits. Here are five opportunities to enhance ERM and add value.
Data reveals that compliance modernization seems to be eluding most companies due to a host of reasons, and internal audit can play an important role in identifying areas of improvement. Here are five signs the compliance function needs fixing.
According to a recent MISTI survey, internal auditors say their internal audit seniors and managers most lack data analytic skills, understanding of IT auditing concepts, and ability to influence and persuade.
Internal auditor spotlight with Tony Redlinger of IHS Markit: We recently sat down with Tony to talk about the challenges of being an IT auditor, what's next for cybersecurity, integrated auditing, and more.
The high-publicity WannaCry attack has many companies reviewing their protections against ransomware and other cybersecurity attacks. Here we provide five preventative controls that IT auditors should ensure are functioning properly.
As we say goodbye to 2016 and hello to 2017, it’s a good time to reflect on last year’s successes and missteps. The New Year provides a great chance to pause and consider some self-improvement opportunities and goals for the next 12 months.
We recently caught up with Michael Gallagher, managing director at CBIZ Risk & Advisory Services, to talk about how risk silos can crop up at companies, the dangers they present, and how organizations can dismantle them and manage risk in a more holistic way.
In the latest edition of our video series "MISTI on Audit," Joel F. Kramer, vice president of audit curriculum at MIS Training Institute, talks about internal audit's role in detecting and preventing fraud.
Among the most powerful tools these days to detect and deter fraud is data analytics. While some internal audit departments struggle to use sophisticated analytics tools and continuous monitoring, those that do have a leg up on rooting out fraud and finding it in unlikely places.
Cash rebates, free media inventory rebates, markups from 30 to 90 percent, dual rate cards, and non-transparent business practices are all things that can keep senior audit managers and audit committee members of the board awake at night.
By H. David Kotz, Managing Director, Berkeley Research Group, LLC
August 02, 2016
In December 2007, I was appointed as the Inpsector General of the Securities and Exchange Commission and served in that capacity until January 2012. An IG is an internal watchdog for a governmental body with its primary purpose being to identity and reduce waste, fraud, and abuse in the agency. IGs supervise both internal audit and investigative units.
No organization is 100 percent safe from hacks, cybercrime, or boneheaded employee actions that can expose the company to data breaches. Most companies have shifted from a purely prevention mindset to one of a risk-based approach to cybersecurity with a robust incident response plan.
As audit committees work to strengthen how companies approach risk management, corporate reporting, cybersecurity, and other key areas, they are relying on internal audit to provide more value, greater oversight, and better communication about issues of concern.
If you thought that the upheaval in the internal audit profession and the rapid pace of change that has recast the internal audit function at many companies is starting to settle down, think again. A new report from Big Four audit firm EY finds that the transformation of internal audit is really just beginning.
What if access to our online bank accounts was managed the same way we manage access to information systems at work? Would we know who can get into our accounts? Who could see how much we have in what accounts? Who could take money out?
In this podcast, Joseph McCafferty, head of audit content at MIS Training Institute, talks with Michael Volkov, CEO of law firm The Volkov Law Group and author of the Corruption, Crime, & Compliance blog, about the convergence of internal audit and compliance.
A new survey is out about the skills that audit leaders are looking to add to their departments and you may be surprised at what tops the list. Cybersecurity chops? Nope, that ranked twelfth. Financial acumen? Tenth.
Office politics and turf wars are a fact of corporate life. They are also among the most dangerous forces an organization can face, because they pit employees against each other and lead individuals to put their own or their departments' interests ahead of the business as a whole.
Last week the Securities and Exchange Commission approved a $258 million budget for the Public Company Accounting Oversight Board. The PCAOB acts as a check on accounting firms that conduct audits of public companies.
In this podcast, Joseph McCafferty, head of audit content at the MIS Training Institute, talks with Brian Barnier, a principal at ValueBridge Advisors and an OCEG fellow, about the role of controls in audit and risk management and their limitations.
Jose Tabuena, a former internal auditor and compliance executive at various companies including Orion Health and Texas Health Resources, discusses the role of internal audit in influencing and shaping corporate culture.
How can we tell if the external auditors are doing a good job? Often we can’t. Lots of companies have had large accounting and fraud issues blow up shortly after the external auditors issued a clean audit opinion.
Register and save for ITAC 2019!
MISTI's IT Audit & Controls Conference is coming to Arlington, VA on July 16-18, 2019. Register before July 10 and save!