Internal Audit

Ron Kral offers an analysis of the SEC’s recent order against BorgWarner, charged for making material misstatements by failing to account for certain asbestos liabilities. “Hindsight is 20/20” can be a profound statement when it comes to loss contingencies, as it is easy to precisely define them once they are settled over time. The statement can also be interpreted as the company should have known something would happen, or the company made a bad decision in hindsight. In applying this...

Ellen McCarthy, Head of Compliance at Computershare, opines on the IIA’s recent updates to its three lines of defense model, positing that they fail to recognize the importance of the independence of the compliance function. The Institute of Internal Auditors (IIA) last month issued a new three lines model, updating its “Three Lines of Defense” model to set forth the IIA’s “latest understanding of governance and risk management.” Below, I have set out my personal view along that, while the...

With digitization fueling innovation and change, two questions arise: Is internal audit adjusting quickly enough to innovate and embrace underlying technologies, and should executive management and the board care? Protiviti’s Jim DeLoach discusses. In a world of rapid change on almost every front, in which organizations must adapt and grow – or risk decline and ultimate demise – everybody faces the same reality: either raise the game to contribute sustainable value or be left at the station. These words could...

Compliance doesn't appear to figure prominently in the update to the Institute of Internal Auditors' 2013 Three Lines of Defense Model. Compliance consultant Nicole Di Schino takes a look here, providing original reporting for CCI as she shares analysis and opinions from compliance pros and IIA CEO Richard Chambers. All images courtesy of Institute of Internal Auditors; used with permission Recent updates to the Institute of Internal Auditors’ (IIA) three lines of defense model offer a refreshing take on corporate...

Protiviti’s Shari Katz and Gina Chaoanw outline steps organizations can take in pursuit of annual SOX compliance and as they use third parties to navigate the challenges arising from COVID-19. More and more companies are outsourcing key business processes to third-party providers to attain cost savings and to focus on core business activities. As a result, when management needs to assess its internal controls over financial reporting (ICFR), many of these outsourced activities fall into scope for Sarbanes-Oxley (SOX) compliance....

The use of AI is projected to grow exponentially in the near future. James Bone discusses what this means for internal audit and outlines the key elements of an AI audit framework. Artificial intelligence has become a national strategic imperative for countries as diverse as China, Russia, the U.K., France, Canada and 13 other nations.,,, In February 2019, President Trump signed an Executive Order (EO 13859) to ensure the U.S. maintains leadership in artificial intelligence and importantly addresses gaps in...

Jim Nortz details the development and implementation of a highly successful Compliance Assistance and Monitoring Program (CAMP) used to evaluate internal controls – while enabling compliance to make friends along the way. A Monster That Had to Be Tamed Several months after we launched the sales and marketing codes and completed our initial live training sessions at Bausch & Lomb, our internal audit team supplemented their routine, countrywide anti-corruption audits with an examination of the existence and adequacy of internal...

There are similarities between the GDPR and the CCPA, but there are some key departures as well. Nielsen’s Kevin Alvero and Michael Velasco detail the differences internal auditors should be aware of to ensure compliance. On May 25, 2018, the General Data Protection Regulation (GDPR) was implemented, providing European Union citizens unprecedented protection and privacy regarding organizational use of their personal information. For California businesses and those that serve California residents, the GDPR turned out to be a harbinger of...

Mariette Cutler, Managing Director of The Risk Navigation Group, discusses how relative inexperience in the audit profession can be a real asset – salve to the souls of those still gaining a footing in the GRC space. Early morning paired with the brisk fall air to set the tone for a third-quarter audit committee meeting. Most of us have been there: dry commentary interspersed with the occasional cold remark and a generous sprinkling of buzzwords. Audit committee meetings can be...

Nielsen’s Kevin Alvero and Randy Pierson explore the fundamental elements that should be included in any approach to doing internal audit of artificial intelligence. Many internal audit departments are in the process of developing approaches to auditing their company’s artificial intelligence (AI) activities. There is no single, definitive framework yet for auditing artificial intelligence, although organizations such as the Institute of Internal Auditors and ISACA have issued guidance on the matter. Regardless of what approach internal audit departments choose to...

Ron Kral espouses the benefits of a well-designed system for financial reporting controls and provides five ways organizations can improve the effectiveness of their ICFR process. When Congress first mandated SOX for public companies, requiring them to document and assess internal controls over financial reporting (ICFR), many executives viewed the requirement simply as a compliance exercise. While some may continue to feel this way, the more successful companies have recognized that a well-designed control system can deliver greater efficiencies to...

Internal audit must know how to respond when business process owners want to go faster and document less (such as in Agile environments). Nielsen’s Kevin Alvero and Wade Cassels discuss what IA can do to meet these seemingly contradictory goals. In the five months between the crashes of the Boeing 737 Max 8 airplanes in Indonesia and Ethiopia that resulted in the deaths of 189 people and 157 people respectively, Boeing received multiple complaints from pilots about the Max 8’s...