2020

March 15, 2020

2020 Pulse of Internal Audit: There’s Good News and Bad News

The fast-spreading coronavirus (COVID-19) has brought into sharp focus risks on many levels, from employee safety and productivity and supply-chain weaknesses to the extent to which modern economies are globally interdependent. From an internal audit perspective, it offers challenges and opportunities to demonstrate the value that independent assurance can provide to crisis management. 

Unfortunately, the coronavirus has also thrown a spanner into the works for The IIA’s annual General Audit Management (GAM) Conference. As many of you know, we have cancelled the in-person gathering planned this week in Las Vegas, but we also are moving ahead with an enhanced virtual conference streaming live starting Monday.…

March 9, 2020

Coronavirus: Life and Death at the Speed of Risk

The coronavirus outbreak is quickly becoming one of the greatest global risks we have seen in a decade. Its rapid emergence and maturation into an imminent health and economic threat is disrupting businesses and markets, slowing productivity, and generating huge public-health expenditures. The possibility that it could usher in a global recession is real.

Yet, the most astounding aspect of this dynamic global threat is that it was not on anyone’s radar three months ago.

While the current outbreak of the COVID-19 virus was unexpected, strains of coronavirus have caused epidemics twice this century: SARS in 2003 and MERS in 2012.…

March 2, 2020

In the Face of the Coronavirus, Internal Auditors Must Do More Than Don Masks

The coronavirus (COVID-19) has transformed from a growing medical crisis to also a macroeconomic one in a matter of days. The potential impact of the virus spooked markets around the world as it spread outside of China. Although no one is sure of the ultimate impact, it would be foolhardy for any nation or organization to ignore the rapidly spreading virus itself, or the indirect effect on global activities.

The virus is a vivid example of the emerging risks that I have written and spoken about extensively over the past several years. Some are very difficult to foresee, and their ultimate impact is hard to judge.…

February 24, 2020

A QAR Should Never Be Weaponized Against Internal Audit

As The IIA’s president and CEO, I address many audiences about the internal audit profession. When I have the opportunity to speak to members of boardrooms and C-suites, I try to convey to them the value of having their internal audit functions conform to The IIA’s International Standards for the Professional Practice of Internal Auditing.

Indeed, affirming conformance to the Standards through a periodic External Quality Assessment, often referred to as a Quality Assurance Review (QAR), signals to stakeholders that an internal audit function operates at a high level of ethical and professional competencies. A properly executed QAR should be a trusted measure of a function’s conformance to the International Professional Practices Framework, and it should be one that identifies opportunities for improvement.…

February 17, 2020

10 Signs Trouble May Be Brewing for the CAE and Internal Audit

For more than 20 years, I have been cautioning chief audit executives (CAEs) to always be attuned to signals from their stakeholders, whose expectations can vary dramatically from one organization to the next. Every CAE must continuously review current and potential stakeholder groups and reassess their needs.

As swiftly as expectations can change based on risks to the organization, there are also telltale signs that internal auditors may not be getting the full picture. I have learned that there are signs — some big and some small — that stakeholders may be unimpressed or even unhappy with the leadership of the CAE and the value provided by internal audit. …

February 10, 2020

​After 440 Blogs, There Is One Topic I Dread Most

Today marks exactly 11 years since Internal Auditor magazine published the first post of Chambers on the Profession. When I wrote that first blog post on Feb. 10, 2009, I could have never imagined what a powerful way it would become to communicate with internal auditors worldwide. I was simply exploring new ways to communicate critical and timely insights for members of the profession.

Today, the blog is published in English, Spanish, French, Portuguese (and occasionally in Chinese and Turkish). Last year, the blog was read more than 400,000 times by practitioners and others around the world. So, as the anniversary of my blog’s debut approached, I reflected on the many issues and events covered in those past 440 blog posts.…

February 3, 2020

New NIST Privacy Framework: A Tailor-made Resource for Internal Audit

In the 21st century, data is gold. It is what underpins some of the biggest companies in the world, including Amazon, Facebook, and Google. The need for gathering and using data has become a major economic driver, spawned a cybercriminal underworld, and pushed technological advancement to gather ever-increasing amounts of data, faster and more efficiently.

Over the past two decades, most organizations have found ways to adopt information technologies to gather and leverage customer data, but few have taken time to focus on how that data collection affects the privacy of individuals. In the past several years, there have been concerted efforts to control the rampant collection and monetization of personal data.…

January 27, 2020

Are Assaults on Truth Hastening a Doomsday?

For billions of people around the world, Jan. 23 was a day like any other. However, for a select group of scientists, public policy experts, and former politicians, the end of the world ticked a little closer to reality. On that day, the Bulletin of the Atomic Scientists pushed the Doomsday Clock up to 100 seconds to midnight.

For those unfamiliar with the apocalyptic timepiece, the Doomsday Clock is a metaphor for nuclear holocaust or some other world-ending event that coincides with the stroke of midnight. Since its creation in 1947, the clock has never been closer to that witching hour.…

January 21, 2020

One Mistake Internal Audit Cannot Afford to Make in 2020

One of the 2020 resolutions I wrote about at the beginning of the month addressed the need for internal audit to communicate its value. This should always be front of mind for internal audit leaders, as failure to do so can prove disastrous during economic downturns.

Now in my fifth decade in the internal audit profession, I have experienced economic recessions in the 1970s, ’80s, ’90s, 2000s and the 2010s. While the cause and extent of each recession was fundamentally different, each had a similar impact on our profession: Internal audit bore a disproportionate reduction in its ranks, because it was often seen as only a convenient “bill payer.”  Our…

January 13, 2020

Internal Audit Alert: The Next Battlefield May Engulf Your Cyber Networks

n the modern risk era, any number of events can accelerate the speed of risks developing or increase the likelihood of their impact on organizations. This can be as diverse as rampant wildfires in Australia to an outbreak of the deadly Ebola virus in West Africa.

For U.S. organizations this month, a lethal strike against an Iranian military target has raised concerns about retaliatory attacks, which the National Terrorism Advisory System (NTAS) advises could come with “little or no warning.” Such attacks are not limited to traditional tactics. They are just as likely to come in the form of cyber terrorism.…