Internal Audit Insights

A more agile internal audit function that can shift focus as risks evolve and organizational needs change isn’t just the audit function of the future; it’s what is needed right now.

As a newly appointed internal auditor, you might find yourself a bit lost. It’s not an easy job, and working with experienced colleagues might be a little intimidating. There is so much to learn. Here are ten basic things that as a new auditor you should expect to follow when that first assignment comes your way.

It’s becoming clear to most internal auditors that the profession is changing very rapidly. The strategies that have worked in the past will no longer be enough to carry out internal audit’s new mandate. To meet these challenges, internal audit must improve on three major fronts: innovation, new technology, and talent management.

It’s more important than ever to have a robust recruiting and retention program for internal audit to hire the right candidates with the right set of skills and to keep star performers from leaving for other jobs.

It’s mid-January and the holidays are behind us, winter is in full swing, and, for many of us, our New Year’s resolutions to get to the gym more often or do a better job saving money have fallen by the wayside. It’s not too late, however, to set some goals for internal audit to reach in 2020.

Tech-based processes can often seem like black boxes that are too complex for process improvement. It doesn’t have to be that way. In fact, there’s a lot of waste and inefficiency that gets built-in along the way, and internal audit can play a big role in identifying and eliminating it.

Is it possible to combine the role of chief audit executive with other jobs, such as the head of corporate compliance or risk management, without sacrificing the independence that’s a cornerstone of the audit function? Opinions are divided.

A risk assessment should be conducted during the planning phase of an audit engagement in order to identify and analyze all the risks towards the achievement of the objectives of an activity.

Boathouse Capital, a Philadelphia-based Private Equity firm, today announced that its Board of Directors has appointed Brett Shively as Chief Executive Officer for the MIS Training Institute (MISTI) and its partner company, LeaderQuest.  

Internal audit departments that want to ensure their companies stay out of trouble with regulatory agencies over bribery and corruption laws will want to ensure that they have solid programs in place with the proper and functioning internal controls.

Given the intense focus on corporate culture in the last few years as an important component in risk management, more companies are looking to behavioral science to get a better understanding of what drives human behaviors, both good and bad.

Companies are rapidly finding applications for blockchain technology, meaning internal auditors will need to assess those applications. To do so will require some foundational knowledge of how blockchain works and the risks associated with its use.

Risk culture is no longer perceived to be a compliance box to be ticked. Companies are lifting the lid on cultural and behavioral issues that affect the way people make decisions and manage risks as part of their day-to-day work.

Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do.

A slew of new studies and reports find that companies still struggle mightily to get a handle on IT-related risks, such as cybersecurity, data governance, and digital privacy.

HR audits have evolved from a simple checklist of dos and don’ts or periodic affirmative action plans to a comprehensive, sustainable process that is an integral part of the organization’s internal controls, due diligence, and risk management function.

Ten things that internal audit can do when working with compliance to leverage the qualities of both functions and create value for the organization.

Internal audit leaders must be more resourceful in acquiring needed skills and capabilities to conduct audits in areas of emerging risk and new technologies.

Many internal audit shops are adopting Agile principles in an attempt to create a more flexible and customer-oriented audit function. And while the results have been promising, expect a few bumps along the way.

Many internal audit departments are struggling to keep up with fast-moving technologies and widespread change in the profession. Staying on track will require more than adopting new technology, it will involve adopting a new mindset.

Could a decades-old management strategy that helped U.S. and European companies respond to the gains in quality made by Japanese manufacturers in the 1980s somehow help internal audit shops improve their game? 

Where, exactly, does responsibility lie in a modern corporation for ensuring that risks are being identified and managed?

A definitive guide to producing, using, and improving a risk heat map at your organization.

In this Internal Audit Insights interview, MISTI's Dr. Hernan Murdock discusses how the internal audit function can benefit from the Three Lines of Defense Model.

In the full video interview below, MISTI's Director of Instructional Technologies and Innovation, Shawna Flanders, discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions. 

It's not only the information security department that needs to stay on top of cybersecurity regulations. Internal audit also plays a big role. In this interview with MISTI's Shawna Flanders, she discusses the regulations internal audit should keep top of mind.

There’s a big difference between a few butterflies and paralyzing fear when it comes to public speaking. When it comes to giving a great presentation, it’s not just what you say, it’s not just how you say it, but it’s the combination of those two things along with the experience you provide and the feeling you leave your audience with that creates results.

Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.

In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.

Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.