July 31, 2014

Auditing at the Speed of Risk!

Well into the 21st century, businesses worldwide are focusing more and more on managing risks, be they internal or external, financial, operational, strategic, involve technology or regulations, or related to reputation.

While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. Just this year, global financial and business markets have been rocked by spectacular cybersecurity breaches, geopolitical instability in the Middle East and Eastern Europe, refugee crises, and more.

Internal auditors working from risk-based annual plans developed before March are increasingly finding themselves addressing yesterday’s challenges.

All of this reinforces my long-held belief that internal audit must take a more continuous approach to risk assessment.…

July 29, 2014

Auditing the Organizational Culture: A New Frontier for Internal Audit

When I think about how the role of internal auditing is evolving, I am struck by the diversity of issues we address. Internal auditors deal with an ever-expanding portfolio of challenges that encompass operational risk, strategic decision-making, compliance, technology vulnerabilities, security threats, fraud prevention and detection, environmental risks, disaster preparedness . . . the list goes on and on.

Even once-unthinkable subjects like corporate culture are now subject to audit. This is as it should be. We can’t deliver fully effective risk-based audit services if we ignore critical issues, such as a toxic corporate culture.

But I wonder sometimes how comfortable we are when internal audit tackles a new challenge.…

July 21, 2014

Creating Awareness With Internal Audit’s Stakeholders: Sometimes It Takes “Marketing”

At The IIA’s recent International Conference in London, I heard a colleague mention that he absolutely hated explaining internal auditing to non-auditors. “When I have to ‘sell’ people on the internal audit function,” he said, “it feels too much like what a used-car salesman does. It just doesn’t feel professional to me.”

His comments didn’t come as a surprise to me. I know there are many who don’t like the idea of having to “promote” their internal audit functions. But his words still concern me. Because my blog is intended primarily for internal auditors, I will skip past the issue of professionalism among those who routinely “sell” as part of their job and cut to the chase about our profession.…

July 15, 2014

The Dangers to Internal Audit of Donning a “Black Hat”

As if we don’t have a tough enough time clarifying to stakeholders what exactly we bring to the table, I am seeing an increasing number of instances in which internal auditors are being asked to assume responsibilities related to corporate investigations.

In 2012, 71 percent of North American CAEs surveyed indicated that internal audit conducted confidential investigations on behalf of the audit committee alone. Even more internal audit departments conduct investigations on behalf of executive management. In some cases, internal auditors are called upon by the general counsel or CEO to assist with specific investigations, such as investigating allegations of fraud or other misconduct by a member of management or staff.…

July 3, 2014

5 Sure Signs You Are Well-suited For a Career in Internal Auditing

Job growth for auditors is projected to outpace overall employment gains over the next decade, according to the U.S. Bureau of Labor Statistics. That makes internal auditing a great option for those enterin​g the workforce or considering a career change. However, picking a job and flourishing in it is about more than opportunity alone. Is the position a right fit for you, and are you the right fit for the company or organization?

We all seek jobs that we will enjoy and that we will be good at, but one size doesn’t fit all. Based on my years in internal auditing and observing the experiences of others in our profession, I’ve developed a list of five signs that indicate you are likely to be a great fit for a career in internal auditing.…

June 25, 2014

Are Organizations and the Media Playing “Fast and Loose” With Headlines About “Internal Audits”?

As part of my​ ongoing engagement in social media, I routinely monitor the media for references to stories involving “internal audit.” The past few weeks it seems that the media has been overrun with headlines involving internal audits. Normally, I would be encouraged with such coverage. However, where recent headlines have been concerned, I suspect the “internal audits” weren’t actually internal audits at all. I believe this happens more often than many people realize, sometimes showing up in the media when internal reports generated by management or “second line-of-defense” oversight functions are mistakenly depicted as “internal audits.”

The distinction is significant: When an investigation is performed by an entity other than by internal auditors, it is important to know whether it was done independently and objectively and in accordance with professional standards.…

June 16, 2014

5 Things Management is Reluctant to Say to Internal Auditors

A few months ago, I wrote about Five Things the Audit Committee Won’t Tell Internal Auditors. Based upon feedback I received from around the world, it appears that many chief audit executives shared my perspectives. While I continue to believe we need to work on communications with our audit committees, that is not the only area in which we face communication challenges. Internal auditors typically have a strong working relationship with management, but managers also don’t always tell us everything we need to hear — and know.

When the topic is fraud management or internal controls, most management executives will speak up without hesitation.…

June 10, 2014

Revenue Recognition: “The Next Big Thing” Is Here. Are You Ready?

Every few years, a game-changing event materializes that generates a significant impact on the internal audit profession. Take, for example, the U.S. Sarbanes-Oxley Act of 2002 and similar legislation around the world enacted more than a decade ago. Usually, we immediately recognize the importance of such an event, the risks it creates for our organization, and how it will impact our internal audit functions.​

When Sarbanes-Oxley became the “Next Big Thing” in internal auditing, almost all of us anticipated the call for immediate action. We sharpened our pencils, headed off for training, and renewed our focus on assessing the effectiveness of financial controls.…

June 3, 2014

10 Characteristics That Weak Internal Audit Leaders Demonstrate

Internal auditors tend to be very good at most managerial tasks. We understand the importance of budgets and schedules, and we believe in developing clear policies and procedures. We undertake regular planning activities, we require periodic performance evaluations, and we institute strict quality-control mechanisms that help ensure the value of our work.

Internal audit training programs are typically designed to teach each of these tasks, and most of us learn these lessons well. But even in larger internal audit departments with extensive training and development programs, it’s not unusual to find that, in one area, we sometimes pay scant attention: and that’s to leadership skills.…

May 28, 2014

Whose Risk Is It, Anyway? When Management Says ‘No’ to Internal Audit

One of the most frustrating events in my career was one of the first times an internal audit client firmly and repeatedly said “no” to one of my recommendations. It was an important point and I tried to explain my reasoning. Management agreed with the finding, but believed corrective action would be too time consuming and resource intensive. My supervisor also supported me, and we believed the risks of not implementing corrective action would be very high for the enterprise. But neither of us could persuade management to implement the recommendation or even find an acceptable alternative course of action.

When management says no and refuses to budge, you realize that it makes no difference how valid your recommendations are, or how hard you worked on the audit.…