February 2018

February 26, 2018

Internal Auditors: More Than Cybersecurity Police

New guidance announced by the U.S. Securities and Exchange Commission last week is raising the bar on how publicly traded companies report on their handling of one of the top challenges facing every organization — cybersecurity.

The new cyber-risk guidance, an evolution of guidance first released by the regulator in 2011, boosts reporting requirements in various ways, from disclosures about board involvement in cyber-risk oversight to enhancing internal reporting procedures that more effectively determine when cyber issues rise to the level of materiality and, therefore, should be reported publicly. The new guidelines inevitably will create new compliance challenges and, with that, additional need for internal audit to provide assurance on those compliance efforts.…

February 19, 2018

Internal Audit Must Speak Truth to Power

“Speaking truth to power.” It is an expression that has been around for decades — often used in a social or political context. But it is also a concept with which many internal auditors struggle. In far too many organizations, those in a position of power and influence are simply not open to conversations around high risks or other uncomfortable topics — until it’s too late.

The challenges and risks facing organizations in the 21st century are increasingly complex and, if ignored, potentially lethal. This requires those of us who provide assurance on governance, risk, and control to be unwavering in our conviction to examine all such threats.…

February 12, 2018

Truth Is, Fake News Has Always Been a Risk

Misleading or patently false information has long been a risk for organizations. A disparaging comment, even one with little or no foundation in fact, can leave executives scrambling for a response that will contain and, hopefully, reverse any damage. Usually, the truth will prevail.

But as we are seeing more and more, an unceasing barrage of unsubstantiated and outright phony “news stories” powered by social media and biased websites can quickly overwhelm an organization and influence events.

That’s why it was no surprise to me when Google’s parent company, Alphabet, recently elevated objectionable content — specifically, content spreading across the internet and social media — as a key risk.…

February 5, 2018

Internal Audit Advocacy: Actions Speak Louder Than Words

I am writing my blog this week from Panama, where delegates from more than 80 countries and territories around the world have gathered to discuss vital strategic risks and opportunities facing the internal audit profession. An important topic of conversation at this annual event will be advocating the value of internal audit to key stakeholders and others globally.

One of the principal missions of The IIA is to advocate for the profession. This takes on many forms, from promoting The IIA’s International Standards for the Professional Practice of Internal Auditing as the standards for all internal auditors around the world, to special projects, such as our partnership with The World Bank to measure the maturity of the profession across Africa.…