Once again, excesses in the boardroom are putting a globally recognized organization in the white-hot glare of unwanted publicity. Nissan Motors board Chairman Carlos Ghosn was arrested and fired last week after an internal investigation revealed he underreported his compensation to Japanese authorities by 5 billion yen — about $44 million — over a five-year period.
It didn’t take long for critics to start asking how such misdeeds could happen and speculating as to why the board or internal audit failed to uncover it sooner. Answers may be forthcoming as additional information becomes public, but the simple answer is that there is no simple answer.…
Like the speed of risk, the end of 2018 is approaching very rapidly. That means many of you are putting the finishing touches on your 2019 annual internal audit plan. I am sure that your process has been exhaustive, and you are preparing to present a plan for your audit committee that will reflect the risk-based priorities appropriate for your organization. However, before the ink dries on your plan, I thought you might find it useful to take an early look at the priorities your peers are planning to address in the year ahead.
Risk defines the world of the internal auditor.…
I often find myself talking with reporters about internal audit’s role regarding risks, particularly cybersecurity. Recently, a reporter asked me about a new U.S. Securities and Exchange Commission (SEC) investigative report, “Cyber-Related Frauds Perpetrated Against Public Companies.” The report describes investigations at nine publicly traded companies that were victims of cyber fraud.
In each case studied by the SEC, employees were tricked into sending large sums to bank accounts controlled by fraudsters. Some of the scams continued for months, and often they were detected only after intervention by law enforcement or other outside parties. The nine companies wired a total of nearly $100 million to the criminals, most of which was unrecoverable, according to the SEC.…
I have written extensively about the work internal auditors must do to fulfill their own potential and that of the profession in enhancing and protecting the value of the organizations they serve. As the risk landscape changes and the speed of risk increases, internal auditors must expand their skills, update their processes, and embrace a mindset of being flexible, agile, and open to responding quickly to disruptive threats and to new and emerging risks.
Of course, internal audit cannot do this on its own. It is, after all, one part of a complex governance process that relies on others, including risk managers, senior management, and the board.…