First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

internal audit

Internal audit and ERM accused of failing to hit the mark

The consulting firm CEB (now part of Gartner) published a piece in 2014, Executive Guidance: Reducing Risk Management’s Organizational Drag. It has been used recently to support an argument by a critic that both internal audit and ERM are failing.

 

, , , ,

Deloitte on internal audit and the path forward

Nine areas of focus have come out of the results of Deloitte’s latest survey of chief audit executives (CAEs) with recommendations for action. The survey, which has been widely reported, indicated that in the opinion of the responding CAEs only 28% of them “believe their functions have strong impact and influence in their organizations, while 16 percent felt that Internal Audit has little to no impact and influence”.

 

, , ,

Are your internal auditors present?

The audit plan should reflect reality, not ivory tower beliefs. How confident are you that your audit plan addresses the risks as they appear in the front lines? Is that acceptable? If not, what are you doing about it?

 

, ,

The state of the internal audit profession

I don’t believe internal audit is “losing prestige”. My belief is that internal audit can and should do more to deliver the value that our stakeholders need. Unfortunately, internal audit at many if not most organizations does not have a lot of prestige and the argument should be about increasing rather than losing it.

 

, , ,

How to mess up your risk management program

Does your risk management activity ‘check the box’, or does it help the organization succeed by making more intelligent and informed decisions?

 

, , , , ,

How much cyber risk should an organization take?

I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.

 

, , , , , , , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Deloitte predicts change for Internal Audit

A new report from Deloitte has some interesting conclusions—plus predictable ones. 2016 Global Chief Audit Executive Survey: Internal Audit at a crossroads has some provocative content. Deloitte says there is a choice to be made: “Evolution or irrelevance”.

 

, , , ,

The astonishing Wells Fargo fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

 

, , , , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

 

, , , , , , , ,

How to assess internal audit effectiveness and value

How should this be done? Some would say that the IIA’s quality assurance standards, which require both ongoing and periodic quality reviews, are the answer. I am not one of those people.

 

, ,

Survey results: Risk-based internal audit planning

Clearly, the great majority base their audit plan on some combination of (macro) enterprise-level risks and (micro) risks at a lower level of the organization. Somewhat more have weighted their plan towards the micro level than the macro level. So what does this all mean?

 

, , , , , , , ,

Internal audit: Essential to minimizing risk

Managing risk in today’s business environment has become a far more complex process than it ever has been. This can be attributed to a number of factors, such as increased government regulation and cyber-based issues. Other factors include uncertain political and economic situations that can arise, sustainable development and environmental concerns. These issues can have a substantial impact on small, medium and large organizations.

 

, , , , ,

Should we take this risk?

Who takes risk? The correct answer is ‘everybody’; everybody who makes a decision and everybody who acts. Every decision and action creates or modifies risk and has the potential to influence the achievement of objectives. Whether it is deciding to go through with an acquisition or to hire this candidate instead of an alternative, risk is being taken.

 

, , , , , , , , , , ,

Misunderstanding risk and internal audit

There are many voices urging people to act when it comes to the topics of risk management and the role of internal audit. Unfortunately, most of these voices are like sirens, tempting you to go the wrong way.

 

, ,

Previous Posts