August 2019

August 26, 2019

What Happens When Internal Audit Is Ignored? It Happens Too Often

TheNew York Times reported last week on what it called a “summer of crippling ransomware attacks” on Texas cities. Hackers are simultaneously holding hostage computer systems in 22 cities across the state and demanding millions of dollars. Most of the targets are small towns with limited resources and are least likely to update their cybersecurity systems or back up their data, according to the Times.

This is another reminder of the vulnerability of IT systems. Lean cybersecurity budgets in the public sector make those systems particularly susceptible to breaches. In light of these latest incidences, here is a blog post I published last year about a ransomware attack on Atlanta’s IT system.

August 19, 2019

​Should Internal Auditors Worry About Digital Spies in Our Midst?

During one of the lighter moments of a recent meeting at IIA Global Headquarters, the following joke was shared:

Wife to husband: “Why are you always whispering in the house?”
Husband: “Because I’m afraid the government is listening.”
Wife laughs. Husband laughs. Alexa laughs. Siri laughs.

I’m certain this joke is making the rounds, from boardrooms to bedrooms and across social media. But, as with many topics we joke about, the heart of the subject is not a laughing matter.

According to U.K.-based Juniper Research, there were 2.5 billion digital voice assistants, such as Alexa, Siri, and Google Assistant, in use as of the end of 2018.…

August 10, 2019

How Do You Know When It’s Time to Go?

A recent CNBC report by business journalist and former Harvard Business Review editor Suzy Welch offered 4 signs it’s definitely time to quit your job. This brought to mind one of my blog posts in 2015 that addressed the same question for internal audit practitioners. The observations I made then still hold true today.  

One of the most rewarding aspects of my job as president and CEO of The IIA is the opportunity to meet young professionals just starting their careers in internal audit. These interactions remind me of the reasons I joined the profession, and they never fail to reinvigorate my own passion for what we do.…

August 5, 2019

​Are Companies Capitulating on Cybersecurity Risks?

The latest cyber breach is raising awareness about vulnerabilities involving cloud services, insider threats, and third-party risks, reflecting how complex and intertwined cybersecurity risks can be. It behooves all organizations to have a deep understanding of cyber risks across the enterprise, including understanding their cyber cultures.

In this blog post from 2018, I revisit the importance of internal audit’s relationship with IT leaders and the value in understanding cyber culture.

In the past dozen years or so, cybersecurity has gone from being a mysterious IT concern best left to chief security officers (CSOs) and chief information security officers (CISOs) to a top priority for boards and executive management.…