GUEST BLOG POST The Institute of Internal Auditors regularly publishes useful Global Technology Audit Guides (GTAGs), available to members on their website under Standards and Guidance. They are considered recommended rather than mandatory guidance for internal auditors. As part of that effort, the IIA recently published a second edition of Read More
Last October, the Securities and Exchange Commission sent a clear message to companies with significant operations overseas: ensure that a robust anti-bribery program is in place and functioning properly or pay the price. The SEC sent that message via a $10 million fine against Sussex, Wisconsin-based printing and marketing company Read More
GUEST BLOG Remote internal auditing is largely a product of the pandemic, an invention mothered by necessity as audit teams were forced to work remotely and travel was restricted. It is becoming clear now, though, that they are here to stay. I must admit that not all of us were Read More
GUEST BLOG POST When I became a chief audit executive (CAE) for the first time in 1990, I determined that a risk-based internal audit approach was not sufficient. A risk-based approach focuses on how well management can handle a potentially bad event or situation. It assesses the design and operation Read More
GUEST BLOG May is International Internal Audit Awareness Month. Each year, the internal audit community supports efforts to spread the word about the great work that internal auditors do at their companies, public entities, and organizations. The aim is to promote the profession, dispel misconceptions, and remind everyone of the Read More
GUEST BLOG POST With the increased focus on adding value and using more technology in internal audits, the lines have been blurred somewhat on the role internal audit should play in the organization. Internal audit functions are undertaking a wide variety of tasks and spreading themselves thin as they try Read More
GUEST BLOG POST Last spring, I read an article on using automation technologies, such as robotic process automation (RPA) and process mining, in internal audit. It was an eye-opening experience. In all fairness, I had not really put RPA into practice at that time. I had read about it and Read More
GUEST BLOG What is risk appetite? It is defined by COSO as the “amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” Before analyzing that nebulous statement, it is useful to consider why we are even thinking about risk appetite statements. Basically, Read More
Certainly, 2020 will go down as the “Year of Covid,” when a pandemic disrupted our personal and professional lives as no other force we have seen in most of our lifetimes. From an internal audit perspective, it meant scrambling to help the organizations we work for stay on their feet Read More
GUEST BLOG: Here is an obvious point—internal controls are intended to ensure compliance with relevant policies and procedures. Internal controls are not just for show, or not just limited to financial reporting. A compliance program is a subset of a company’s internal controls. So, all this is well and good. Read More
