internal audit
How effective is your internal audit function? Is it world-class?
When I became a CAE, I started by benchmarking against firms that had a great reputation, either for their business practices or internal audit departments. That is still a good idea and I recommend it.
Allegations and investigations
What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.
The next generation of internal auditing
I want to congratulate Workiva and Jose Tabuena for Internal Audit’s Guide to Planning, Managing and Addressing Risks. I want to focus on the first piece in that publication, Planning to Do the Right Audits: An Effective Internal Audit Risk Assessment. Here are some excerpts, with comments by me:
Elevating internal audit’s role
For many years, PwC has shared with us their view of the State of the Internal Audit Profession. They have some useful words, but it is mixed in with an agenda with which I don’t totally agree. I will come to that later. But first, the good stuff:
Scratching the surface on Facebook and its problems
Facebook Data Exposure Offers Critical Lesson for Internal Auditors makes some good points, including:
Effective monitoring of internal controls is critical
If the most serious internal control violation is a failure to implement internal controls in the first place, the failure to monitor existing internal controls is a close contender. Identify where in the organization effective monitoring occurs and leverage those successes.
Is internal audit being distracted by consultants bearing sparkling new toys?
In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.
Talking about software for GRC
The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.
Focusing board attention on management
Rather than trying to make sure themselves that everything is right, the board should focus its limited time on gaining comfort that it has the right management team in place, a team capable of getting things right.
Why is internal audit not seen positively?
One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.
Deloitte Internal Audit 3.0 has major flaws
Earlier this year, Deloitte published Internal Audit 3.0, The future of Internal Audit is now. It’s great that they are encouraging internal audit departments to change so they can meet modern demands, but their presentation that they are offering something novel and disruptive is way off the mark.
Why are SOX compliance costs increasing so much?
From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.
Talking about inherent and residual risk
Are organizations unnecessarily risk averse? That can be crippling in many ways, including slowing agility and decision-making as well as failing to take advantage of opportunities.
The role of internal audit in risk management
If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?
Is it a management or board failure when no action is taken on audit findings?
How effective are your organization’s internal audit reports? An effective internal audit report and proper communication on the part if IAs can promote appropriate action on the part of management and the board.
Resources and offers
