2017

Organizations face risks today that are as varied and challenging as ever. Cybersecurity, technology, big data, social and geopolitical dynamics, and other factors are contributing to a complex and evolving risk landscape.

As boards and C-suite executives struggle to manage such risks, they are increasingly turning to internal audit for assurance and advice that fall outside of the more traditional engagements with which many internal auditors are comfortable — assurance on financial reporting and compliance. Higher demands amid limited time and resources, developing new skills, and nurturing out-of-the-box thinking are sure to pose significant challenges for internal audit functions. Indeed, keeping up with growing expectations while delivering high-quality service may be the single biggest threat facing the profession.…

It didn’t take long for social media to adopt #wannacry for last week’s massive cyberattack, which hit computer networks in nearly 100 countries from the U.S. to the U.K. to China. The ransomware virus, called Wanna Decryptor, encrypted valuable data on compromised networks, then threatened to destroy it unless payments were made.

For those of us who have spent our careers promoting good internal controls and risk management, this latest cyberattack could indeed bring tears of frustration because the attack successfully exploited some of the most basic and easily mitigated cyber risks.

First, the perpetrators relied on simple phishing to introduce the virus through an email attachment, according to cybersecurity experts quoted by multiple news outlets.…

In 2013, I published a blog post that resonated widely with readers. In “Do You Live Your Life in Color?” I reflected on the passing of two people — one a friend and one a relative — who lived their lives with vigor and passion, never failing to pursue their dreams and ambitions.

I observed that their passion for their work “inspired me to live my professional life as if I would only live it once.” Unfortunately, far too many professionals today are simply punching the clock when it comes to their careers. Quite frankly, they are pursuing their professional careers in black and white!…

The majority of publicly listed companies in Malaysia (54 percent) fully outsourced their internal audit functions in 2016, according to a survey conducted by The IIA’s affiliate in that rapidly growing country. The survey found that outsourcing is more prevalent in smaller companies and less so in the financial sector.

This survey raises an important age-old question that a growing number of organizations may be facing in the future as the demands of effective governance and risk management become more complex. Is outsourcing internal audit a viable option?

There is little question that the profession will have to expand its skill sets as it pivots to meet stakeholder demands for assurance related to emerging risks and to be trusted advisors when it comes to risk, business, and operating strategies.…

During a recent visit with U.S. Congressional leaders, I explored support for making disclosure of whether a company has an internal audit function a requirement for being publicly traded. I was heartened that most legislators I spoke with said they would consider such a step.

While this would seem to be a minor added condition for allowing a company to be listed on an exchange, in practice it would be a significant step in pulling back the curtain to reveal an organization’s commitment to good corporate governance — particularly risk management and internal controls.

Such a disclosure requirement would stop short of compelling companies to have an internal audit function, but it would deliver important information to prospective investors by providing a glimpse into the culture of the organization.…

The past several weeks will rank among the worst periods ever in which global companies inflicted damage on their brands with clumsy operational, marketing, public relations, and social media actions. Uber, Pepsi, Delta Airlines, and United Airlines have all felt the wrath of consumers, media, and investors as a result of perceived foolish mistakes from the operational front lines to the C-suite. If there are lessons to be drawn by internal auditors, perhaps the best case study is United Airlines.

The world has watched in fascination at the rapid deterioration of the airline’s brand after video of one of its passengers being forcefully removed from an overbooked flight went viral.…

Regular readers of this blog know that many of my posts focus on the changes and challenges facing internal auditing. Indeed, today’s dynamic business environment and growing stakeholder demands on the profession hold the potential to significantly impact its value and future.

This ongoing analysis has generated strong readership and equally strong responses, and not everyone agrees on whether the profession is responding with the urgency necessary to keep up with growing demands.

However, no matter which side of that fence you happen to be on, it should go without saying that every internal audit practitioner should be an advocate for a strong and vibrant profession.…

There is significant disruption in the corporate sector that is impacting internal audit. From potential Trump-era deregulation to the emergence of complex new risks to conjecture about its loss of prestige, internal audit finds itself at the epicenter of issues that influence its scope of work, and could damage its reputation and brand.

In many ways, this is a particularly vulnerable time for the profession. As I wrote in last week’s blog post, there are those who seem all too ready to write off internal audit while others, who are perhaps threatened by the scrutiny that comes with strong and well-resourced internal audit functions, appear ready to act as roadblocks to its evolution.…

It is a truism that negative news tends to generate more attention, and of late there has been too much of it directed at internal audit. I wouldn’t go so far as to characterize it all as “fake news,” but much of it is “hyped news” at best. Whether it’s a media headline trumpeting a purported decline in stakeholder confidence in internal audit or pundits characterizing the profession in such stark terms as the next Blackberry, a few sensational “sound bites” can easily become fodder for those who are quick to relegate the profession to irrelevancy.

Naysayers about internal audit are nothing new.…

When everyone shouts, no one listens. That truism is more relevant today than ever. From politics to social media, the prevailing approach to discourse is to shout down or vilify those who disagree. It seems the art of persuasion has fallen out of favor. But internal auditors cannot allow themselves to be caught up in the fervor of de rigueur intransigence.

In order to effect positive change in organizations, we must make those on the receiving end of our recommendations and reports more open, comfortable, and amenable to what we have to say. Internal auditors must embrace the art of persuasion.…