April 2016

April 25, 2016

”Where Was Internal Audit” – Hopefully Following the Risks

As a global leader in the internal audit profession, among the questions I dread hearing the most is: “Where was internal audit?”

When the whereabouts of internal audit is pondered by media and others, there has typically been a high-profile corporate failure that has impacted a company’s share value and investor confidence. The question also arises when there has been a scandal or highly publicized failure in government that has rattled public trust.

The question itself clearly suggests that an organization’s last line of defense failed to do its job. While I acknowledge that sometimes internal audit does drop the ball, I am often troubled by how quickly the question is posed.…

April 18, 2016

Internal Audit Should Be on Alert for “Phishy” Business

It is no longer news that cybersecurity is one of the top risks facing organizations today. Cyber criminals are exhibiting increasingly ingenious tactics to hack public and private databases that contain millions of individuals’ private records.

Organizations globally are working diligently to gird themselves against these increasingly sophisticated cyberattacks and developing crisis management plans to deal with any attacks that succeed. Yet there is a growing threat from cyber criminals that requires little more than access to the Internet, a bit of brazen ingenuity, and the hope that some overworked finance executives might not be on their toes. I’m talking about a basic email scheme that has resulted in billions of dollars in business losses.…

April 11, 2016

The Dangers of Assessing Risks Through a Political Lens

Earlier this year, I wrote how the Uber phenomenon should raise awareness of the risks associated with disruptive innovation. I noted that deciding whether Uber fits the textbook definition was not as important as understanding the risks associated with it.

I have since been struck by the growing chorus around potential business risks that do fit more closely with disruptive innovation’s definition – the U.S. presidential campaigns of Donald Trump and Bernie Sanders. Disruptive innovation keys on an upstart competitor that taps into an unserved or underserved market. The Trump and Sanders campaigns appear to be doing just that.

I’ll leave it to the political pundits to determine if the campaigns truly represent innovation, and I am not weighing in here on one side or the other of either of these campaigns.…

April 4, 2016

Internal Audit’s Role When Activist Investors are at the Door

At The IIA’s recent General Audit Management conference, the leader of a group representing corporate directors characterized investor activism as one of the main things that keep them up at night. Indeed, Peter Gleason, National Association of Corporate Directors president, told attendees that for directors this concern ranked second only to cyberattacks.

​This revelation generated considerable discussion at The IIA’s global headquarters about where internal audit fits into the issue. In the eyes of our stakeholders, investor activism is a substantial risk; yet rarely, if ever, does it show up on internal audit’s radar.

Let’s look at why this issue generates so many sleepless nights for corporate directors.…