February 2020

February 24, 2020

A QAR Should Never Be Weaponized Against Internal Audit

As The IIA’s president and CEO, I address many audiences about the internal audit profession. When I have the opportunity to speak to members of boardrooms and C-suites, I try to convey to them the value of having their internal audit functions conform to The IIA’s International Standards for the Professional Practice of Internal Auditing.

Indeed, affirming conformance to the Standards through a periodic External Quality Assessment, often referred to as a Quality Assurance Review (QAR), signals to stakeholders that an internal audit function operates at a high level of ethical and professional competencies. A properly executed QAR should be a trusted measure of a function’s conformance to the International Professional Practices Framework, and it should be one that identifies opportunities for improvement.…

February 17, 2020

10 Signs Trouble May Be Brewing for the CAE and Internal Audit

For more than 20 years, I have been cautioning chief audit executives (CAEs) to always be attuned to signals from their stakeholders, whose expectations can vary dramatically from one organization to the next. Every CAE must continuously review current and potential stakeholder groups and reassess their needs.

As swiftly as expectations can change based on risks to the organization, there are also telltale signs that internal auditors may not be getting the full picture. I have learned that there are signs — some big and some small — that stakeholders may be unimpressed or even unhappy with the leadership of the CAE and the value provided by internal audit. …

February 10, 2020

​After 440 Blogs, There Is One Topic I Dread Most

Today marks exactly 11 years since Internal Auditor magazine published the first post of Chambers on the Profession. When I wrote that first blog post on Feb. 10, 2009, I could have never imagined what a powerful way it would become to communicate with internal auditors worldwide. I was simply exploring new ways to communicate critical and timely insights for members of the profession.

Today, the blog is published in English, Spanish, French, Portuguese (and occasionally in Chinese and Turkish). Last year, the blog was read more than 400,000 times by practitioners and others around the world. So, as the anniversary of my blog’s debut approached, I reflected on the many issues and events covered in those past 440 blog posts.…

February 3, 2020

New NIST Privacy Framework: A Tailor-made Resource for Internal Audit

In the 21st century, data is gold. It is what underpins some of the biggest companies in the world, including Amazon, Facebook, and Google. The need for gathering and using data has become a major economic driver, spawned a cybercriminal underworld, and pushed technological advancement to gather ever-increasing amounts of data, faster and more efficiently.

Over the past two decades, most organizations have found ways to adopt information technologies to gather and leverage customer data, but few have taken time to focus on how that data collection affects the privacy of individuals. In the past several years, there have been concerted efforts to control the rampant collection and monetization of personal data.…