September 2021

September 30, 2021

For Internal Audit Credibility Must be Rooted in Objectivity

In an effort to raise awareness about objectivity, I often pose a series of questions to internal auditors. Have you ever been called upon to direct or conduct an audit in a department where a friend or relative works? Have you ever participated in an internal audit of a program, function, or business unit in which you worked at one time?

How about an audit of a finance function that aligns under the same CFO as internal audit? Have you ever audited the expense reports of the CEO? Have you been called upon to provide assurance related to the executive compensation program than not only determines your bosses pay, but yours as well?…

September 21, 2021

“Risk in Focus” – New Report Focuses on Internal Audit Priorities in 2022 and Beyond

We are approaching the time of year again when many internal audit departments around the world initiate their audit planning process for the upcoming calendar year. While I strongly advocate a continuous methodology for assessing risks and a dynamic audit plan that is continuously refreshed, I would be the first to acknowledge that undertaking an annual risk assessment that fosters an initial calendar year audit plan is still the most common approach. For that reason, now is the time when CAEs and their teams are rolling up their sleeves to initiate the process.

This is also the time of year when the first clues begin to emerge about where CAEs see risks and internal audit’s focus for the year ahead.…

September 16, 2021

Why Is Internal Audit Still Assessing Risks Like It’s 1999?

For years I have been writing about the need for internal audit to modernize its approach to risk assessment. I authored a blog in 2018 calling on internal auditors to come down from hilltops where our ancestors stood to assess weather risks, and deploy technology and other means to assess future or emerging risks much like meteorologists do to forecast weather risks. In a more recent blog, I shared the results of a poll that indicates that internal auditors believe the #1 strategic risk facing the profession is that we will keep “missing emerging risks.” So, I thought it was timely to share my thoughts on this topic again.…

September 7, 2021

Great Internal Auditors Can “Read the Room” (even online)

It didn’t take long for me as a young internal auditor to realize how important it was that meetings with clients go well. Actually, we called them “auditees” back then. There were typically two critical meetings in our internal audit engagement process: the entrance conference and the exit conference. The entrance conference set the tone for the engagement, and it was very important that we put the clients at ease and inspire confidence and trust. The exit conference was even more important. If we didn’t deliver the right message about the results of the audit with the right tone, we would likely meet resistance and wouldn’t inspire enthusiasm on the part of the client to implement needed corrective actions.…