Internal Audit

COVID-19 has revealed the importance of having an effective business continuity plan. Protiviti’s Matthew Watson discusses the role internal audit should play in escalating and prioritizing business continuity audits given the realities and uncertainties in today’s business environment. With so many uncertainties as we head into 2021 – the wait for an effective COVID-19 vaccine, macroeconomic and geopolitical concerns, increased technology outages and cybersecurity risks to name a few – business continuity programs have taken on new urgency. Business leaders,...

Auditors need a complete understanding of the standard and how it affects their clients’ financial statements. AICPA’s Deana Thorps suggests four considerations auditors need to keep in mind when performing high-quality audits based on common challenges with accounting estimates. One of the most significant changes to U.S. GAAP is FASB’s revenue recognition standard, FASB ASC Topic 606, Revenue from Contracts with Customers. The standard requires an entity to apply a five-step approach, including estimating the revenue recognized for the accounting...

Ron Kral offers an analysis of the SEC’s recent order against BorgWarner, charged for making material misstatements by failing to account for certain asbestos liabilities. “Hindsight is 20/20” can be a profound statement when it comes to loss contingencies, as it is easy to precisely define them once they are settled over time. The statement can also be interpreted as the company should have known something would happen, or the company made a bad decision in hindsight. In applying this...

Ellen McCarthy, Head of Compliance at Computershare, opines on the IIA’s recent updates to its three lines of defense model, positing that they fail to recognize the importance of the independence of the compliance function. The Institute of Internal Auditors (IIA) last month issued a new three lines model, updating its “Three Lines of Defense” model to set forth the IIA’s “latest understanding of governance and risk management.” Below, I have set out my personal view along that, while the...

With digitization fueling innovation and change, two questions arise: Is internal audit adjusting quickly enough to innovate and embrace underlying technologies, and should executive management and the board care? Protiviti’s Jim DeLoach discusses. In a world of rapid change on almost every front, in which organizations must adapt and grow – or risk decline and ultimate demise – everybody faces the same reality: either raise the game to contribute sustainable value or be left at the station. These words could...

Compliance doesn't appear to figure prominently in the update to the Institute of Internal Auditors' 2013 Three Lines of Defense Model. Compliance consultant Nicole Di Schino takes a look here, providing original reporting for CCI as she shares analysis and opinions from compliance pros and IIA CEO Richard Chambers. All images courtesy of Institute of Internal Auditors; used with permission Recent updates to the Institute of Internal Auditors’ (IIA) three lines of defense model offer a refreshing take on corporate...

Protiviti’s Shari Katz and Gina Chaoanw outline steps organizations can take in pursuit of annual SOX compliance and as they use third parties to navigate the challenges arising from COVID-19. More and more companies are outsourcing key business processes to third-party providers to attain cost savings and to focus on core business activities. As a result, when management needs to assess its internal controls over financial reporting (ICFR), many of these outsourced activities fall into scope for Sarbanes-Oxley (SOX) compliance....

The use of AI is projected to grow exponentially in the near future. James Bone discusses what this means for internal audit and outlines the key elements of an AI audit framework. Artificial intelligence has become a national strategic imperative for countries as diverse as China, Russia, the U.K., France, Canada and 13 other nations.,,, In February 2019, President Trump signed an Executive Order (EO 13859) to ensure the U.S. maintains leadership in artificial intelligence and importantly addresses gaps in...

Jim Nortz details the development and implementation of a highly successful Compliance Assistance and Monitoring Program (CAMP) used to evaluate internal controls – while enabling compliance to make friends along the way. A Monster That Had to Be Tamed Several months after we launched the sales and marketing codes and completed our initial live training sessions at Bausch & Lomb, our internal audit team supplemented their routine, countrywide anti-corruption audits with an examination of the existence and adequacy of internal...

There are similarities between the GDPR and the CCPA, but there are some key departures as well. Nielsen’s Kevin Alvero and Michael Velasco detail the differences internal auditors should be aware of to ensure compliance. On May 25, 2018, the General Data Protection Regulation (GDPR) was implemented, providing European Union citizens unprecedented protection and privacy regarding organizational use of their personal information. For California businesses and those that serve California residents, the GDPR turned out to be a harbinger of...

Mariette Cutler, Managing Director of The Risk Navigation Group, discusses how relative inexperience in the audit profession can be a real asset – salve to the souls of those still gaining a footing in the GRC space. Early morning paired with the brisk fall air to set the tone for a third-quarter audit committee meeting. Most of us have been there: dry commentary interspersed with the occasional cold remark and a generous sprinkling of buzzwords. Audit committee meetings can be...

Nielsen’s Kevin Alvero and Randy Pierson explore the fundamental elements that should be included in any approach to doing internal audit of artificial intelligence. Many internal audit departments are in the process of developing approaches to auditing their company’s artificial intelligence (AI) activities. There is no single, definitive framework yet for auditing artificial intelligence, although organizations such as the Institute of Internal Auditors and ISACA have issued guidance on the matter. Regardless of what approach internal audit departments choose to...