2015

Another week, another example of internal control failures hurting an organization and industry.

Details of the scandal engulfing the online fantasy sports company DraftKings should be common knowledge by now. A DraftKings employee admitted to the early release of data not generally available to the public and won US$350,000 on a rival site, FanDuel, that same week. The comparisons to insider trading quickly – and logically – followed.

It didn’t take long for critics to start asking why a major player in the largely unregulated, multibillion-dollar fantasy sports industry didn’t have stronger controls in place to restrict access to protected information or ban its employees from participating in fantasy games elsewhere.…

Internal audit is under great pressure — pressure to meet growing stakeholder expectations, pressure to adapt to new and rapidly emerging risks, pressure to keep up with new technologies and threats.

This is not a new phenomenon with our profession. Over the decades, internal auditing has been under near-constant pressure to meet ever-changing demands. From the beginnings of modern internal auditing in the 1930s and ’40s, one of the great strengths of the profession has been its ability to evolve — growing and becoming better able to meet stakeholder needs as it conquers each new challenge.

Key to this evolution is the ability for internal audit to remain an independent and objective function that provides assurance and advice.…

My first car was a used 1967 Volkswagen Beetle. It was a great little “starter” car, but only a couple of months after I bought it, the car was stolen. Last week, I relived that loss when Volkswagen was stolen from all of us.

The venerable automaker’s shocking admission that it developed and installed software designed to circumvent U.S. emissions rules will forever change how the company is perceived by the public. The phrase “German engineering,” once synonymous with quality, will now be the butt of jokes on late-night talk shows.

What’s more, the scandal once again raises serious questions about the inner workings, and possibly ethical practices, of a respected corporation.…

This week, America lost one of its true icons with the death of former New York Yankees great Yogi Berra. He was 90. While Yogi was widely known and revered as a player then manager in the world of baseball, he became equally famous for his clever comments, sayings, and double entendres, which became known as “Yogi-isms.”

Yogi-isms seemed contradictory or silly on the surface, but they often contained an underlying and powerful message that offered not just levity, but profound wisdom. Journalist and author Allen Barra characterized Berra’s quotes as “distilled bits of wisdom which, like good country songs and old John Wayne movies, get to the truth in a hurry.”…

The IIA’s Financial Services Audit Center recently hosted a well-attended and highly successful inaugural Financial Services Exchange in Washington, D.C., bringing together legislators, regulators, and internal auditors whose work focuses on financial and insurance services.

I found it interesting that one of the guest speakers made a passing reference to internal auditors “checking boxes,” prompting a collective wince from some in the crowd of more than 400 internal audit professionals. It reminded me of an incident a few years ago when a member of U.S. ​Congress, who upon meeting me, referred to internal auditors as “bean counters.” In response, I gently suggested that, “We used to count the beans, but today’s internal auditors are more apt to be examining how the beans are grown, how they are harvested, and how they are taken to market.”…

In a blog earlier this year, I sounded an alarm about the dangers of investing in companies with no internal audit function. Ultimately, the goal was to raise awareness of the risks that accompany the absence of internal audit in publicly traded companies.

That effort took an important step forward last week when The IIA formally recommended to the U.S. Securities and Exchange Commission that all publicly traded companies be required to have an internal audit function.

There have been a number of high-profile financial and corporate governance scandals of late that should hammer home the absolutely necessity of good corporate governance, and it should go without saying that internal audit adds value to that process by providing effective oversight of the control environment.…

Early in my career, my ambition got the better of me, and I left internal auditing for an immediate promotion in an accounting role. Being young and inexperienced, I didn’t appreciate the importance of diversity and challenge in the overall equation of job satisfaction. It didn’t take me long to figure it out in my new role.

The daily grind of reviewing tedious and complex claims for reimbursement by third-party vendors was only interesting and challenging for a few weeks. By the third month, I could only describe the work as “mind numbing.” By the sixth month, I was already talking to my old boss (the CAE in the internal audit department where I worked) about returning.…

From the very beginning of our careers in internal auditing, most of us are trained to audit a handful of “core” risks. We rapidly become comfortable with traditional financial audits, regulatory compliance audits, and various common operational audits. We look at what was done in the past, and often we decide to audit the same things again in the same way – sometimes without even updating the audit plan.

Occasionally, the repetition is justified. After all, some risks are inherently worthy of internal audit coverage. But we now live in an era when risks are extremely dynamic. It is unlikely that all of last year’s risks should be driving this year’s audit plan.…

In the past few weeks, I have written about governance failings that came to light at three disparate organizations — Toshiba, Hertz, and FIFA. These cases, in my view​, have two notable things in common:

• The appearance and indication of a strong and inappropriate tone coming from the top that trumped internal controls to the detriment of the organization and its stakeholders.
• Internal control and governance failures that apparently allowed alleged wrongdoing to continue for extended periods of time.

In each case, we have learned about failures in internal control that manifest themselves in prolonged and systemic accounting irregularities or alleged corruption.…

In a few days, I will celebrate a personal milestone. It was August 1975 when I graduated from college and took my first job as an internal auditor at Trust Company of Georgia, a major regional bank in Atlanta. It is hard to believe it has been 40 years. In some ways, it seems like only yesterday. Looking back over four decades of service in and for our profession, I think about the key moments that defined my career. I also realize that there are a handful of moments in every internal audit career that will define the experience for the professional who lives them.…