Internal Audit

There are similarities between the GDPR and the CCPA, but there are some key departures as well. Nielsen’s Kevin Alvero and Michael Velasco detail the differences internal auditors should be aware of to ensure compliance. On May 25, 2018, the General Data Protection Regulation (GDPR) was implemented, providing European Union citizens unprecedented protection and privacy regarding organizational use of their personal information. For California businesses and those that serve California residents, the GDPR turned out to be a harbinger of...

Mariette Cutler, Managing Director of The Risk Navigation Group, discusses how relative inexperience in the audit profession can be a real asset – salve to the souls of those still gaining a footing in the GRC space. Early morning paired with the brisk fall air to set the tone for a third-quarter audit committee meeting. Most of us have been there: dry commentary interspersed with the occasional cold remark and a generous sprinkling of buzzwords. Audit committee meetings can be...

Nielsen’s Kevin Alvero and Randy Pierson explore the fundamental elements that should be included in any approach to doing internal audit of artificial intelligence. Many internal audit departments are in the process of developing approaches to auditing their company’s artificial intelligence (AI) activities. There is no single, definitive framework yet for auditing artificial intelligence, although organizations such as the Institute of Internal Auditors and ISACA have issued guidance on the matter. Regardless of what approach internal audit departments choose to...

Ron Kral espouses the benefits of a well-designed system for financial reporting controls and provides five ways organizations can improve the effectiveness of their ICFR process. When Congress first mandated SOX for public companies, requiring them to document and assess internal controls over financial reporting (ICFR), many executives viewed the requirement simply as a compliance exercise. While some may continue to feel this way, the more successful companies have recognized that a well-designed control system can deliver greater efficiencies to...

Internal audit must know how to respond when business process owners want to go faster and document less (such as in Agile environments). Nielsen’s Kevin Alvero and Wade Cassels discuss what IA can do to meet these seemingly contradictory goals. In the five months between the crashes of the Boeing 737 Max 8 airplanes in Indonesia and Ethiopia that resulted in the deaths of 189 people and 157 people respectively, Boeing received multiple complaints from pilots about the Max 8’s...

Experts at Nielsen discuss how the internal audit profession is evolving to best suit board and senior leadership needs, as well as where IA is lagging.

Firms are increasingly leveraging transcription technologies to gain data insights, but they need to understand these applications to make informed choices.

The Fourth Industrial Revolution is coming, and organizations must bolster their internal audit and compliance functions now to keep pace and minimize risk.

The audit profession is facing unprecedented demands, but there are a host of tools available to help. James Bone outlines the benefits to automating audit tasks.

An organizations’ weakest link is most often human, not technological. Moss Adams’ Francis Tam explains why, when it comes to cybersecurity, anomalies like daily logins, users and infrastructure changes should be an organization’s main concerns.

Gartner surveyed over 300 Chief Audit Executives (CAEs) in 2018 on their resource and time investments, priorities and challenges in 2019. Gartner VP Malcolm Murray examines the report’s key findings on the impact to the audit function.

Riskonnect’s Dawn Ward compares the traditional GRC view versus the integrated risk management (IRM) view of risks as they relate to internal audit and information systems teams. As Gartner continues to shift its focus from governance, risk and compliance (GRC) toward a focus on integrated risk management (IRM), many corporate functions are recognizing the operational significance. The shift doesn’t negate the relevance of GRC, but it does start the conversation about how IRM enhances GRC programs. One department poised to...