December 31, 2018

8 Headlines That Defined 2018 for Internal Audit

With the end of the year it’s time to look back at the headlines that should have attracted internal auditors’ close attention. Like recent years, 2018 saw a number of big stories about high-profile corporate scandals. Several may have sown the seeds for the next wave of regulations that could impact the work of internal audit.

Risk Management Chickens Came Home to Roost in 2018

Fines and regulatory settlements of past scandals made for many more headlines in 2018 involving Equifax, Wells Fargo, and Volkswagen. They also provided important lessons about risk management.

The settlement of a class action suit brought against Equifax by eight American states signaled what I described in a July blog post as “a bold statement about the importance of internal audit.”…

December 26, 2018

​”We Are Here to Help You”: Managing Relationships When Management Is Skeptical

“We are here to help you!” This phrase is often uttered at the opening meeting of a new internal audit engagement. The words seem so innocent, but in a 2012 blog post, I first explored the challenge for internal auditors to make those words more than a hollow promise. The phrase is often referred to in jest as “the oldest lie in the world.” As the old joke continues, the second oldest lie is management’s response: “We are glad you are here!” Unfortunately, as with many jokes, there is just enough truth in the punchline to make for some discomfort.

The great majority of internal audit professionals are truly collegial in their relationships with clients, and hopefully most of our clients really are glad to see us.…

December 17, 2018

​My Top 10 Blog Posts of 2018: What They Say About Internal Auditors

End-of-year stories and blog posts can serve an important purpose: They allow us the opportunity to reflect on the past 12 months and put issues into perspective. Last year, I introduced my own end-of-year review by identifying my most-viewed blog posts of 2017 and speculating on what that reflected about internal auditors.

This year’s most-read list offers a similar look back. Before I reflect on the most popular subjects of 2018, however, I should note how much interest in my blog on internal audit has increased overall.  Through November, “Chambers on the Profession” blog posts were viewed more than 215,000 times — more than double the number recorded in 2017.…

December 12, 2018

If Internal Audit Is Not Making an Impact, Roll Up Your Sleeves

If you occasionally have doubts about the impact of internal audit on your organization, you are not alone. According to Deloitte’s 2018 Global Chief Audit Executive Survey, a staggering 60 percent of chief audit executives (CAEs) believe the internal audit function does not have a strong impact and influence within their organization. And, while that’s obviously bad news for internal auditors, it was actually an improvement from 72 percent in Deloitte’s 2016 survey.

Internal audit’s impact and influence are strengthening at many organizations, but obviously there is still a lot of room for improvement. When I saw the survey results, I posted a question on LinkedIn asking whose fault was it if internal audit did not exert a strong influence on the organization.…

December 5, 2018

Will The IIA Redraw the Lines of Defense?

Good governance is part art, part science, and probably a bit of luck and magic. But the payoff when it is achieved is an organization that consistently achieves goals, serves stakeholder interests, supports long-term value creation, and nurtures a healthy culture. 

The problem is that there can be no one-size-fits-all approach. Each organization faces unique risks, challenges, and opportunities that add variability to the struggle. But the importance of finding the right combination of rules, practices, controls, structures, and processes that support good governance is worth the effort. Not surprisingly, many tools and models have been developed over the years to explain or promote best practices that position organizations to succeed.…

November 26, 2018

When Executives Go Rogue — It’s Too Late to Point Fingers

Once again, excesses in the boardroom are putting a globally recognized organization in the white-hot glare of unwanted publicity. Nissan Motors board Chairman Carlos Ghosn was arrested and fired last week after an internal investigation revealed he underreported his compensation to Japanese authorities by 5 billion yen — about $44 million — over a five-year period.

It didn’t take long for critics to start asking how such misdeeds could happen and speculating as to why the board or internal audit failed to uncover it sooner. Answers may be forthcoming as additional information becomes public, but the simple answer is that there is no simple answer.…

November 19, 2018

​An Early Look at Internal Audit Priorities for 2019

Like the speed of risk, the end of 2018 is approaching very rapidly. That means many of you are putting the finishing touches on your 2019 annual internal audit plan. I am sure that your process has been exhaustive, and you are preparing to present a plan for your audit committee that will reflect the risk-based priorities appropriate for your organization. However, before the ink dries on your plan, I thought you might find it useful to take an early look at the priorities your peers are planning to address in the year ahead.

Risk defines the world of the internal auditor.…

November 12, 2018

When the SEC Speaks About Cybersecurity, We’d All Better Listen

I often find myself talking with reporters about internal audit’s role regarding risks, particularly cybersecurity. Recently, a rep​orter asked me about a new U.S. Securities and Exchange Commission (SEC) investigative report, “Cyber-Related Frauds Perpetrated Against Public Companies.” The report describes investigations at nine publicly traded companies that were victims of cyber fraud.

In each case studied by the SEC, employees were tricked into sending large sums to bank accounts controlled by fraudsters. Some of the scams continued for months, and often they were detected only after intervention by law enforcement or other outside parties. The nine companies wired a total of nearly $100 million to the criminals, most of which was unrecoverable, according to the SEC.…

November 5, 2018

5 Future Developments That Could Elevate Internal Audit’s Stature

I have written extensively about the work internal auditors must do to fulfill their own potential and that of the profession in enhancing and protecting the value of the organizations they serve. As the risk landscape changes and the speed of risk increases, internal auditors must expand their skills, update their processes, and embrace a mindset of being flexible, agile, and open to responding quickly to disruptive threats and to​ new and emerging risks.

Of course, internal audit cannot do this on its own. It is, after all, one part of a complex governance process that relies on others, including risk managers, senior management, and the board.…

October 29, 2018

Internal Auditors Must Live in a Shatterproof House

I have long believed that internal auditors have a tougher challenge than many others in an organization. It’s difficult to sustain a reputation for objectivity when we live and work in the same environment where we perform our audit responsibilities — sometimes for a few years, sometimes over an entire career. Everyone is watching internal audit to see if we are walking the talk. I have heard of us referred to as “example setters for an organization,” and that we are “constantly assessed by those we audit.” I call it having a target on our back. If internal audit is not following organizational policies, or even appears to not be following policies, the fallout will affect trust in the department and every internal auditor in it. …