September 2013

September 22, 2013

Should Internal Auditors Participate in the Evaluation of External Auditors?

In my recent blog on the uptrend in compliance audits, I wrote that internal audit should be risk-centric, meaning that our focus as auditors should evolve to align with prevailing risks and the concerns of our stakeholders. One risk getting a lot of attention these days from regulators and the media is the quality of external audits.

Wall Street Journal Senior Editor Emily Chasan reports in her Sept. 13 CFO Journal blog that external audits are headed for a new era of disclosure. The U.S. Public Company Accounting Oversight Board (PCAOB) is drafting new auditor identification rules to pierce the veil of anonymity that created the opportunity for some individuals to perpetrate fraud.…

September 16, 2013

The Amazing Growth of Internal Audit in Africa

In my role as the Global CEO of The IIA, I have the great privilege of traveling and meeting people in different sectors and industries from all over the world. Today I embark on a journey to Africa, where I will address the national conference of IIA–Zimbabwe and assist in various programs at IIA–South Africa, among other things. I’d like to dedicate this blog to our colleagues in Africa, who have every reason to be proud of how far the profession has come in the last 10 years alone.

The story of the past decade has been remarkable. As IIA 2012-2013 Global Chairman Phil Tarling reported on his visit to Africa last year, the internal audit profession is thriving in almost every country on the continent.…

September 9, 2013

The Compliance Audit Phenomenon: It Is All About Being Risk-centric

As I have commented often in this blog, one of the remarkable attributes of our profession has been our ability to adapt our coverage to address the emerging risks facing our organizations. Whether it was Y2K risks in the late 1990s, Sarbanes-Oxley compliance in the mid-2000s, or cost reduction and containment at the outset of the global financial crisis, we have repeatedly refocused coverage to address the most critical risks facing our organizations.

When The IIA established The Audit Executive Center (Center) in 2009, it began to closely monitor key trends in the profession and communicate them via semi-annual reports to chief audit executives.…

September 3, 2013

Risky Business: Are You Following the Right Risks?

The guidance I provide most often to internal auditors is to “follow the risk.” It’s easy for internal auditors to go through our own process of assessing risk in an organization and auditing against those risks. But if we are focused on the wrong risks — that is, risks that are different from the ones senior management and the board are worried about — then I think we ought to ask ourselves why.

I’m not saying that you should take management’s assessment of the right risks as gospel. I’m saying that if you’ve compiled a list of things that are keeping your stakeholders awake at night, and that’s not what they say is keeping them awake at night, then you need to be able to speak to why.…