Internal Audit Insights

The Coronavirus Crisis has precipitated a dramatic downturn in economic activity, which has the potential to increase the risk of fraud and wrongdoing. A new report on fraud highlights the important role that internal audit can play in detecting and deterring fraud.

Ever since Congress passed the Sarbanes-Oxley Act in 2002—a response to major accounting scandals at such companies as Enron, WorldCom, Adelphia, Tyco, and others—internal auditors have been wringing their hands over their role in assuring compliance with the complex law.

Here are eight primary steps internal audit teams can apply to assist management and stakeholders throughout the organization to continuously improve accounting, financial reporting, audit, and governance initiatives.

Internal auditors maybe sitting in their home offices in pajamas, but that doesn’t mean they aren’t hard at work on helping their organizations’ respond to the coronavirus crisis. Instead, they are shifting into high gear to deal with the onslaught of issues the pandemic has wrought.

Dr. David Duke to lead portfolio innovation and product expansion for the global Audit, Cyber and IT Learning entity

In the course of their work internal auditors often encounter resistance that can create friction with business units and other entities in the organization. The keys to eliminating hostilities can be found in the people, processes, communication, and relationships with audit clients.

Smart companies and total quality auditors focus on inherent conflicts of interest during risk assessments, before a crisis occurs. They are not auditors who walk right by a high-risk environment on the way to audit a low-risk situation.

As the situation regarding the coronavirus continues to deteriorate, organizations face supply chain disruptions, the challenge of employees working from home, and plunging demand for many products and services. Internal audit can position itself as part of the solution by tackling these five critical to-dos.

In the typical internal audit department, it’s hopefully rare that an auditor would purposefully turn a blind eye toward material weaknesses. There are, however, other, more subtle ways that bias can creep into the audit process. Knowing them can help you avoid them.

Ratings in audit reports can help focus stakeholder attention where it is needed. But some worry that they oversimplify findings or paint audited units in an unfair light.

An anonymous whistleblower hotline should be a critical piece of any organization’s anti-fraud efforts. Likewise, since the effectiveness of anti-fraud controls is a key area of concern for internal audit, auditors can and should be looking into company hotlines to ensure they are operating effectively.

A more agile internal audit function that can shift focus as risks evolve and organizational needs change isn’t just the audit function of the future; it’s what is needed right now.

As a newly appointed internal auditor, you might find yourself a bit lost. It’s not an easy job, and working with experienced colleagues might be a little intimidating. There is so much to learn. Here are ten basic things that as a new auditor you should expect to follow when that first assignment comes your way.

It’s becoming clear to most internal auditors that the profession is changing very rapidly. The strategies that have worked in the past will no longer be enough to carry out internal audit’s new mandate. To meet these challenges, internal audit must improve on three major fronts: innovation, new technology, and talent management.

It’s more important than ever to have a robust recruiting and retention program for internal audit to hire the right candidates with the right set of skills and to keep star performers from leaving for other jobs.

It’s mid-January and the holidays are behind us, winter is in full swing, and, for many of us, our New Year’s resolutions to get to the gym more often or do a better job saving money have fallen by the wayside. It’s not too late, however, to set some goals for internal audit to reach in 2020.

Tech-based processes can often seem like black boxes that are too complex for process improvement. It doesn’t have to be that way. In fact, there’s a lot of waste and inefficiency that gets built-in along the way, and internal audit can play a big role in identifying and eliminating it.

Is it possible to combine the role of chief audit executive with other jobs, such as the head of corporate compliance or risk management, without sacrificing the independence that’s a cornerstone of the audit function? Opinions are divided.

A risk assessment should be conducted during the planning phase of an audit engagement in order to identify and analyze all the risks towards the achievement of the objectives of an activity.

Boathouse Capital, a Philadelphia-based Private Equity firm, today announced that its Board of Directors has appointed Brett Shively as Chief Executive Officer for the MIS Training Institute (MISTI) and its partner company, LeaderQuest.  

Internal audit departments that want to ensure their companies stay out of trouble with regulatory agencies over bribery and corruption laws will want to ensure that they have solid programs in place with the proper and functioning internal controls.

Given the intense focus on corporate culture in the last few years as an important component in risk management, more companies are looking to behavioral science to get a better understanding of what drives human behaviors, both good and bad.

Companies are rapidly finding applications for blockchain technology, meaning internal auditors will need to assess those applications. To do so will require some foundational knowledge of how blockchain works and the risks associated with its use.

Risk culture is no longer perceived to be a compliance box to be ticked. Companies are lifting the lid on cultural and behavioral issues that affect the way people make decisions and manage risks as part of their day-to-day work.

Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do.

A slew of new studies and reports find that companies still struggle mightily to get a handle on IT-related risks, such as cybersecurity, data governance, and digital privacy.

HR audits have evolved from a simple checklist of dos and don’ts or periodic affirmative action plans to a comprehensive, sustainable process that is an integral part of the organization’s internal controls, due diligence, and risk management function.

Ten things that internal audit can do when working with compliance to leverage the qualities of both functions and create value for the organization.

Internal audit leaders must be more resourceful in acquiring needed skills and capabilities to conduct audits in areas of emerging risk and new technologies.

Many internal audit shops are adopting Agile principles in an attempt to create a more flexible and customer-oriented audit function. And while the results have been promising, expect a few bumps along the way.

Many internal audit departments are struggling to keep up with fast-moving technologies and widespread change in the profession. Staying on track will require more than adopting new technology, it will involve adopting a new mindset.

Could a decades-old management strategy that helped U.S. and European companies respond to the gains in quality made by Japanese manufacturers in the 1980s somehow help internal audit shops improve their game? 

Where, exactly, does responsibility lie in a modern corporation for ensuring that risks are being identified and managed?

A definitive guide to producing, using, and improving a risk heat map at your organization.

In this Internal Audit Insights interview, MISTI's Dr. Hernan Murdock discusses how the internal audit function can benefit from the Three Lines of Defense Model.

In the full video interview below, MISTI's Director of Instructional Technologies and Innovation, Shawna Flanders, discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions. 

It's not only the information security department that needs to stay on top of cybersecurity regulations. Internal audit also plays a big role. In this interview with MISTI's Shawna Flanders, she discusses the regulations internal audit should keep top of mind.

There’s a big difference between a few butterflies and paralyzing fear when it comes to public speaking. When it comes to giving a great presentation, it’s not just what you say, it’s not just how you say it, but it’s the combination of those two things along with the experience you provide and the feeling you leave your audience with that creates results.

Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.

In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.

Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.