2015

March 23, 2015

There Is Plenty to Celebrate About the State of Internal Audit

It is the time of year when there is a seemingly endless number of white papers and research monographs being published on the internal audit profession. In the past month or so, no fewer than seven new papers have explored the current state of the profession. Much of the thought leadership published annually on the internal audit profession is designed to coincide with The IIA’s General Audit Management (GAM) conference, typically held in March. All of this leads to what I call “internal audit white paper season.”

Media coverage related to the recent white paper epidemic could lead one to believe that the profession is under siege.…

March 16, 2015

Pulse of Internal Audit Reveals Strong Workout May Be in Order

This year marks the 40th since I began my career in internal auditing. I have seen huge changes over that time, not only in technology and a global marketplace that drive and influence risks to organizations, but also in how our profession is viewed by those in the C-suite, the boardroom, and even the media and public.

As our profession evolves and matures, we are taking on more and more responsibilities. Key among them is the constant battle against emerging risks. Simply put, if we are to serve our organizations well, we must identify and address major risks on a continuous basis.…

March 3, 2015

Internal Audit Enjoys Home-field Advantage in the Fight for Cybersecurity

Cybersecurity continues to be a major concern for businesses, with seven in 10 chief audit executives surveyed identifying it as a high or critical priority, according to the just-released 2015 North American Pulse of Internal Audit report. This is not unexpected, but what I do find troubling is something that I’m hearing more and more in my discussions with CAEs around the world.

There appears to be a growing view that cybersecurity issues should reside in the domain of IT and security experts, with internal audit providing little more than support. The question I’m hearing too often is, “What can internal audit contribute?”…

March 2, 2015

Contributing Your Voice to Internal Auditing’s Body of Knowledge

Professions that do not grow and evolve are doomed to irrelevancy. The profession of internal auditing is no different. If internal auditors in the 21st century focused on the same topics and leveraged the same methodologies as our predecessors 75 years ago, we would be relegated to the back office of our organizations — or worse. In fact, basic technology today can perform many of the tasks carried out by internal auditors in the middle of the 20th century.  

The IIA is committed to leading the profession and advocating its value around the world. But it would be difficult, if not impossible, for The IIA, educators, trainers, thought leaders, and others around the world to forge a future for the profession without keen insights into the practices, issues, and challenges facing the profession in 2015.…

February 23, 2015

Clawbacks on Executive Pay: Where Does Internal Audit Fit In?

A recent report in the Wall Street Journal once again brings into sharp relief just how the repercussions of a crisis can play out. The Feb. 17 article, “U.S. Regulators Revive Work on Incentive-pay Rules” (subscription required) outlines how regulators are considering “clawback” provisions in compensation packages for certain employees of Wall Street firms. The idea is to require organizations to structure compensation so that executives would have to return bonuses if they are found to have committed an egregious error or fraud during their tenure.

The 2008 financial crisis had a significant impact on internal audit’s scope of work and influence.…

February 16, 2015

When It Comes to Risk-based Auditing, Don’t Let the Tail Wag the Dog

At last count, more than 80 percent of internal audit departments assess risks as part of their audit planning process. So, why is it that legitimate risks to the organization are often glossed over, or overlooked entirely, when internal audit is assessing risks? I fear this happens far too often, and that it poses a huge and potentially growing exposure both for internal audit’s clients and for the reputation of the profession.

I have looked under the hood of scores of internal audit functions over the past decade, and I have engaged dozens of other CAEs in discussions regarding their risk-assessment practices.…

February 9, 2015

Are There Things Audit Committees Would Rather Not Hear From Internal Audit?

In Extraordinary Circumstances, Cynthia Cooper’s riveting account of internal audit’s role in unraveling the financial reporting fraud at WorldCom, she recounts the challenges she had in securing an audience with the company’s audit committee so that she could share the internal audit results. After prolonged foot-dragging by the audit committee chairman, her patience finally wore out. In a line worthy of a ​Clint Eastwood film, she sent word to the chairman that, “if he doesn’t call a meeting today, I’m going to get on the phone and call one myself.” I often wonder how many of us would have such courage, how many of us would ever need to go to such lengths.…

February 3, 2015

How Are Audit Committee Views of Internal Audit Shaping Up in 2015?

Welcome to what I call “white paper season” for internal auditors. Around this time each year, a number of survey-based white papers are released that provide insight into key challenges and opportunities facing our profession and include the perspectives and expectations of our key stakeholders. Internal auditors should make a point of seeking these out and absorbing the key messages before crafting strategies for the year ahead.

There is no more enduring challenge for internal auditors than achieving and maintaining alignment with the expectations of our key stakeholders. As I have noted before, these expectations are dynamic and definitely prone to change.…

January 27, 2015

What Internal Auditors Can Learn From the Blizzard, Measles, and Underinflated Footballs

During the early years of my intern​al audit career, the Internet did not exist. In some ways, those were the “good ol’ days!” Today, social media and the Internet make information sharing nearly instantaneous. Unfortunately, bad news often travels even faster. Therein lies a huge challenge for organizations and the internal auditors who serve them.

It would seem counter-intuitive to think that organizations would struggle with communications in today’s highly interconnected world. In reality, organizations large and small are under great pressure to communicate their key messages quickly, accurately, and efficiently — especially in times of crisis. The potential for reputational harm caused by poor crisis communications is often a bigger risk than the crisis itself.…

January 21, 2015

Internal Audit Credibility Springs From Objectivity

In an effort to raise awareness about objectivity, I often pose a series of questions to internal auditors. Have you ever been called upon to direct or conduct an audit in a department where a friend or relative works? Have you ever participated in an internal audit of a program, function, or business unit in which you worked at one time?

How about an audit of a finance function that aligns under the same CFO as internal audit? Have you ever audited the expense reports of the CEO?

I could go on, but the point is this: Every day, internal auditors are faced with potential conflicts of interest that could impair objectivity.…