September 2012

September 25, 2012

Sometimes You Can Be Right or You Can Be Liked

I often post my thoughts on Twitter. Most of the time, my Tweets receive few comments, but last week I heard from a surprising number of auditors after simply posting the thought: “Remember internal auditors: Sometimes you can be right or you can be liked — but you can’t be both!”

I immediately received responses from two different groups. Some said they agreed, stating that internal auditors were the traditional bearers of bad news and that this inevitably leads to acrimonious relationships. Others said they disagreed, stating that auditors with good interpersonal skills could find friends in any business environment.

I think both groups may have missed the point.…

September 17, 2012

Assurance on Risk Management Effectiveness: What Are We Waiting For?

For almost four years now, I have been advocating that the internal audit profession embrace the challenge of providing assurance on the effectiveness of risk management. I believe it is the most significant opportunity for our profession in a generation. Yet, recent survey data would indicate that we are reluctant to make such assurance an integral part of our portfolios of internal audit coverage. I have but one question: What are we waiting for?

There is widespread agreement that failures of risk management in the late 2000s (particularly in the financial services sector) were a major contributor to the lingering global economic crisis.…

September 4, 2012

Is Your Risk Assessment Stuck in Time?

There have been plenty of articles and lectures given on continuous auditing in recent years. There is no question that technology is making continuous auditing a powerful tool for both internal auditors and managers, alike. However, despite the growing popularity of continuous auditing, I believe one of the true challenges in the next decade will be to continuously assess risks.

 As I have observed before, management and the audit committee look to internal audit to ensure there are “no surprises.” While it can be argued that this is an unrealistic expectation in a dynamic environment (particularly in companies with vast complex business models), it is nonetheless an expectation that must be addressed.…