August 2015

From the very beginning of our careers in internal auditing, most of us are trained to audit a handful of “core” risks. We rapidly become comfortable with traditional financial audits, regulatory compliance audits, and various common operational audits. We look at what was done in the past, and often we decide to audit the same things again in the same way – sometimes without even updating the audit plan.

Occasionally, the repetition is justified. After all, some risks are inherently worthy of internal audit coverage. But we now live in an era when risks are extremely dynamic. It is unlikely that all of last year’s risks should be driving this year’s audit plan.…

In the past few weeks, I have written about governance failings that came to light at three disparate organizations — Toshiba, Hertz, and FIFA. These cases, in my view​, have two notable things in common:

• The appearance and indication of a strong and inappropriate tone coming from the top that trumped internal controls to the detriment of the organization and its stakeholders.
• Internal control and governance failures that apparently allowed alleged wrongdoing to continue for extended periods of time.

In each case, we have learned about failures in internal control that manifest themselves in prolonged and systemic accounting irregularities or alleged corruption.…

In a few days, I will celebrate a personal milestone. It was August 1975 when I graduated from college and took my first job as an internal auditor at Trust Company of Georgia, a major regional bank in Atlanta. It is hard to believe it has been 40 years. In some ways, it seems like only yesterday. Looking back over four decades of service in and for our profession, I think about the key moments that defined my career. I also realize that there are a handful of moments in every internal audit career that will define the experience for the professional who lives them.…

There have been few victories of late for supporters of bipartisan governing in Washington, D.C. The often rancorous relationship between the two major parties has redefined congressional brinkmanship and brought us to the edge of government shutdowns numerous times.

Yet, last week saw a measure of nonpartisan cooperation in the U.S. Senate that should encourage even the most jaded observers of government. When the cause is right, Republicans and Democrats can cooperate for the greater good.

The Senate Judiciary Committee hosted a hearing titled, “All Means All: The Justice Department’s Failure to Comply with Its Legal Obligation to Ensure General Access to All Records Needed for Independent Oversight.”…

Filings required by the U.S. Securities and Exchange Commission are always important documents for investors and analysts, but rarely are they must reads.  However, the recent 10-K filing by Hertz Global Holdings Inc. provides an intriguing exception. An explanatory note on the filing effectively makes its former CEO the scapegoat for a hoard of accounting and internal control problems at the multi-billion-dollar company.

The deficiencies described in the 10-K, which forced the restatement of the corporation’s 2012 and 2013 filings, are placed squarely at the feet of — or more precisely heaped on the back of — the former chief executive, whose management style somehow led to extensive material weaknesses and internal control failures at Hertz.…