Internal Audit

Gartner surveyed over 300 Chief Audit Executives (CAEs) in 2018 on their resource and time investments, priorities and challenges in 2019. Gartner VP Malcolm Murray examines the report’s key findings on the impact to the audit function.

Riskonnect’s Dawn Ward compares the traditional GRC view versus the integrated risk management (IRM) view of risks as they relate to internal audit and information systems teams. As Gartner continues to shift its focus from governance, risk and compliance (GRC) toward a focus on integrated risk management (IRM), many corporate functions are recognizing the operational significance. The shift doesn’t negate the relevance of GRC, but it does start the conversation about how IRM enhances GRC programs. One department poised to...

3 Tips to Help Organizations Come Out on Top "Compliance audit" is one of the last things a financial advisory firm hopes to hear, but it’s an inevitable, unavoidable fact of life for most. Fortunately, there are steps financial advisory firms can take to mitigate the requisite time and work of an audit, while paving the way to a successful outcome. Nuance’s Stacy Leidwinger discusses. The words "compliance audit" tend to strike fear and anxiety in even the most reputable,...

Turning a Key Vulnerability into a Victory No matter what an organization’s major market is, it is probably subject to regulatory compliance requirements, such as PCI, SOX, FISMA and HIPAA. Failing to comply with any of these requirements could result in a failed audit, which can incur hefty penalties. This article by Markku Rossi of SSH.COM shares one little-known reason why organizations are vulnerable to failing a compliance audit. No matter your organization’s major market or sector, whether you are...

As 2018 draws to a close, we’re taking a look back at some of the most valuable insights our authors have shared.  In case you missed it, this is one of the articles our readers couldn’t get enough of this year.   Risks Presented in Adopting RPA with co-author Barton Edgerton A large number of organizations are quickly moving to implement robotic process automation (RPA) across a wide variety of corporate functions, ranging from shared services to finance. Most audit...

Study focuses on ensuring widely used model continues to meet needs in a changing organizational climate Lake Mary, FL (December 5, 2018) – For more than 20 years, organizations around the world have turned to the "Three Lines of Defense" model to navigate ever-evolving business challenges toward achieving and sustaining success. Read: Does the New Three Lines Model Give Short Shrift to Compliance? -- a CCI Exclusive A widely used concept designating essential roles and duties in governance, risk management...

Why IA Leaders Should Care About Robotic Process Automation Robotic process automation (RPA) is drawing significant interest from Chief Audit Executives and internal audit leaders seeking to learn more about how to use it from a business improvement standpoint, as well as how to audit RPA in their organizations. Protiviti’s Andrew Struthers-Kennedy and Angelo Poulikakos discuss why RPA use remains low among internal audit departments and how organizations can change the tide to save costs and time. with co-author Angelo...

With 2019 planning on the horizon, audit teams are beginning to consider external factors that threaten to disrupt the success of their organization’s key objectives. Gartner’s Malcolm Murray, Rafael Go and Leslee McKnight analyze 11 key risks, connected by four major risk themes, that can help audit teams more effectively identify risks to their organization and their impact on the audit function and their stakeholders. with co-authors Rafael Go and Leslee McKnight Ongoing favorable macroeconomic conditions have enabled organizations to...

8 Tips to Implement Now Shane Whitlatch, EVP at FairWarning, outlines the key controls companies should have in place to quickly and confidently respond to an OCR audit should they be selected. The best time to prepare for an audit is before you’re in one. Fortunately, requirements for various regulations are widely available so that there’s no guesswork involved and you can make sure you’re compliant ahead of time. So, you can start preparing for an Office of Civil Rights...

Impact and Opportunities MetricStream’s latest survey on the state of internal audit finds auditors focused on delivering timely insights on key risks, aligning audit planning with business strategy and improving audit processes and operational effectiveness. Manu Gopeendran details the survey’s findings. For years, internal auditors have been the eyes and ears of the enterprise, providing assurance around the efficacy of risk mitigation strategies and controls. But today they are being asked to do more – to go beyond simply protecting...

Protiviti’s Jim DeLoach explores how to bolster internal audit’s efforts in providing recommendations that are strong, actionable and in keeping with the board’s expectations. We’ve always believed that boards should ensure that their organizations maximize the full potential of internal audit. There are four C’s directors should consider when evaluating the sufficiency of any risk-based audit plan: culture, competitiveness, compliance and cyber. We’re not suggesting they are the only things a board should consider, but they should be on the...

Key Insights and Trends from the MetricStream GRC Summit 2018 MetricStream’s 2018 Summit in Baltimore saw several hundred business executives, government leaders, GRC practitioners and industry analysts gather to talk GDPR, strategies and solutions for building better governed, more compliant organizations and more. Gaurav Kapoor, MetricStream's Chief Operating Officer, shines a spotlight on some of the event’s key takeaways. From June 3-6, several hundred business executives, government leaders, GRC practitioners, and industry analysts gathered at the GRC Summit 2018 in...