First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

internal audit

Scratching the surface on Facebook and its problems

​Facebook Data Exposure Offers Critical Lesson for Internal Auditors makes some good points, including:

 

, , , , , , ,

Effective monitoring of internal controls is critical

If the most serious internal control violation is a failure to implement internal controls in the first place, the failure to monitor existing internal controls is a close contender. Identify where in the organization effective monitoring occurs and leverage those successes.

 

, , , , , , , , , , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

Focusing board attention on management

Rather than trying to make sure themselves that everything is right, the board should focus its limited time on gaining comfort that it has the right management team in place, a team capable of getting things right.

 

, , , ,

Why is internal audit not seen positively?

One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.

 

, ,

Deloitte Internal Audit 3.0 has major flaws

Earlier this year, Deloitte published Internal Audit 3.0, The future of Internal Audit is now. It’s great that they are encouraging internal audit departments to change so they can meet modern demands, but their presentation that they are offering something novel and disruptive is way off the mark.

 

, , ,

Why are SOX compliance costs increasing so much?

From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.

 

, , , , ,

Talking about inherent and residual risk

Are organizations unnecessarily risk averse? That can be crippling in many ways, including slowing agility and decision-making as well as failing to take advantage of opportunities.

 

, , ,

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

Is it a management or board failure when no action is taken on audit findings?

How effective are your organization’s internal audit reports? An effective internal audit report and proper communication on the part if IAs can promote appropriate action on the part of management and the board.

 

, , , ,

How significant is the risk of fraud?

fraud

The best resource for understanding the level of fraud risk is the Association of Fraud Examiners’ (ACFE) annual Report to the Nations, their global study of occupational fraud and abuse. Their 2018 Report is now available and, as always, shares some useful and important insights. The ACFE analyzed 2,690 cases from January 2016 to October 2017 from around the world (48% from the USA, the rest evenly split among other regions).

 

, , , , , , , ,

The worst audit report I have seen

I have seen a few candidates for this title, but one stands out. This is how I described it in my best-selling book, World-Class Internal Audit: Tales from my Journey:

 

, , , , ,

Can you manage technology risk in today’s environment?

This is a new world and we need to re-examine traditional techniques for addressing technology risk. Before assessing and testing controls, challenge management on whether they believe effective security is in place and why. An internal audit team can help with this.

 

, , , , , ,

Internal audit and ERM accused of failing to hit the mark

The consulting firm CEB (now part of Gartner) published a piece in 2014, Executive Guidance: Reducing Risk Management’s Organizational Drag. It has been used recently to support an argument by a critic that both internal audit and ERM are failing.

 

, , , ,

Previous Posts