This has been a year for the record books for Internal Audit Insights. Our library of content continues to grow on a weekly basis, with each piece of content aiming to provide answers to internal auditors that help them enable positive change within their organizations.
As is tradition, we’ve looked through our metrics to compile a list of the top ten most read articles on the site. We hope you enjoy and also prepare for more to come your way in 2018!
Internal auditors realize they must pay closer attention to what their stakeholders—namely boards and executive management—expect of them and whether these expectations are being met. A panel of experts identified the following eight messages from stakeholders that internal audit must take heed of and respond.
#9 - Strategies for Building Sweet Audit Teams
Adam Rutan, Director of Internal Audit at Cardinal Health, has probably always been an approachable, amicable person with a whole lot of common sense. When I met Adam several years back, not only did his natural qualities come across easily, but also his commitment to people and audit was obvious. Creating audit teams that work well together is one of Rutan’s passions. And what he reveals about how to build a good team requires introspection on the part of the director and manager.
#8 - 8 Things Every Internal Auditor Should Know About Sarbanes Oxley
In a certain sense, Sarbanes-Oxley compliance is an annual rite of passage, akin to the arrival of spring or the fall television season. The exact experience changes from year to year, but it always happens. Indeed, for SOX compliance professionals under the age of 35 or so, it might seem like documenting and testing of internal controls is all there is to SOX compliance. Nothing could be further from the truth.
Tony Redlinger has spent most of his career as an IT auditor for such organizations as Aegon, CoBank, and the Los Alamos National Laboratory. These days, he serves as a senior manager for internal audit at IHS Markit, a global information and analytics services provider. Tony is also a senior instructor for MISTI's IT Audit and Controls, an integrated auditing course for today's internal auditor. As part of a special series for Internal Audit Insights, we recently sat down with Tony to talk about the challenges of being an IT auditor, what's next for cybersecurity, integrated auditing, and more.
#6 - Spotting Potentially Fraudulent Shell Companies During Audits
Boards of directors, stockholders, management teams, and professional standards all expect internal auditors to respond to the risk of fraud in core business systems. Within a company's accounts payable file, shell companies are being used to steal millions of dollars from companies or to conceal bribery payments which violate anti-bribery and corruption laws. This article explains the methodology and experiences in detecting shell companies without a lead or clue as where to look in a company's database.
#5 - Could Trump’s Regulatory Rollback Include Changes to SOX?
Less than two weeks after taking the oath of office, President Donald Trump set about fulfilling one of his oft-repeated campaign promises: dismantling the Dodd-Frank Act. For internal auditors, the fate of efforts to gut Dodd-Frank or roll back regulation more generally has substantial significance, since providing assurance over regulatory compliance has been near the top of most internal audit plans. Along with calls to eliminate several Dodd-Frank rules, there has begun, in some circles, calls to re-examine provisions of the Sarbanes-Oxley Act, including Section 404: Management Assessment of Internal Controls.
#4 - How to Write an Audit Report That Gets Results
Why do so many audit reports fail to achieve results? The main problem stems from the fact that, all too often, reports focus on the writer instead of the reader. Audience consideration is vital when it comes writing a robust, useful audit report. In this special contributed article by one of MISTI’s instructors, he offers up practical advice for keeping your audience your central focus, and for writing tools and strategies that will help ensure an effective audit report.
As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the bard and senior management. While many internal auditors find it difficult to keep up with the cycle of risk-and-control reviews, there is no alternative. Failure to demonstrate how we add value will eventually result in stakeholders viewing internal audit as irrelevant. The following actions are crucial to avoid this outcome.
How do our stakeholders on the board and in top management assess the value of internal audit? What do we give them? What do they have on which to base their assessment? While they probably rely to a great deal on their direct interaction with the chief audit executive (CAE) and perhaps some of his or her team, the primary internal audit product is the audit report. The typical audit report is boring, does not provide the reader in top management with the information they need to run the organization, and is viewed as documentation of the work performed and results obtained. But what do you do about it?
Internal auditors with data analytics experience are becoming the rock stars of the profession. Not only are they in high demand among leading companies and can earn a premium over internal auditors without data analytics capabilities. Candidates who know they can earn a premium by acquiring data analytics skills are looking to boost their capabilities, and while it’s not something you are going to pick up overnight, most experts we talked to say someone who is driven and smart can learn the essentials and become proficient in as little as 6 to 12 months. So where to begin?