Internal Audit Insights

Risk culture is no longer perceived to be a compliance box to be ticked. Companies are lifting the lid on cultural and behavioral issues that affect the way people make decisions and manage risks as part of their day-to-day work.

Internal audit departments that pursue data analytics without fear will soon be expanding their capabilities and unlocking the powerful potential of what it can do.

A slew of new studies and reports find that companies still struggle mightily to get a handle on IT-related risks, such as cybersecurity, data governance, and digital privacy.

HR audits have evolved from a simple checklist of dos and don’ts or periodic affirmative action plans to a comprehensive, sustainable process that is an integral part of the organization’s internal controls, due diligence, and risk management function.

Ten things that internal audit can do when working with compliance to leverage the qualities of both functions and create value for the organization.

Internal audit leaders must be more resourceful in acquiring needed skills and capabilities to conduct audits in areas of emerging risk and new technologies.

Many internal audit shops are adopting Agile principles in an attempt to create a more flexible and customer-oriented audit function. And while the results have been promising, expect a few bumps along the way.

Many internal audit departments are struggling to keep up with fast-moving technologies and widespread change in the profession. Staying on track will require more than adopting new technology, it will involve adopting a new mindset.

Could a decades-old management strategy that helped U.S. and European companies respond to the gains in quality made by Japanese manufacturers in the 1980s somehow help internal audit shops improve their game? 

Where, exactly, does responsibility lie in a modern corporation for ensuring that risks are being identified and managed?

A definitive guide to producing, using, and improving a risk heat map at your organization.

In this Internal Audit Insights interview, MISTI's Dr. Hernan Murdock discusses how the internal audit function can benefit from the Three Lines of Defense Model.

In the full video interview below, MISTI's Director of Instructional Technologies and Innovation, Shawna Flanders, discusses where internal audit stands today as it relates to cybersecurity, and offers up some tips on increasing collaboration between the audit and information security functions. 

It's not only the information security department that needs to stay on top of cybersecurity regulations. Internal audit also plays a big role. In this interview with MISTI's Shawna Flanders, she discusses the regulations internal audit should keep top of mind.

There’s a big difference between a few butterflies and paralyzing fear when it comes to public speaking. When it comes to giving a great presentation, it’s not just what you say, it’s not just how you say it, but it’s the combination of those two things along with the experience you provide and the feeling you leave your audience with that creates results.

Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.

In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.

Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.