Internal Audit

Driving Change to Improve Resilience and Agility Enterprise risk management (ERM) is a framework organizations use to manage risks and seize opportunities related to the achievement of their objectives. More and more frequently, upper-level management refuses to acknowledge ERM properly, which leads to missed opportunity and lost revenues. Read more to find out what world-renowned entrepreneur Peadar Duffy has to say about ERM and its business implications. ERM is Dead! I spent a couple of hours talking with the senior independent...

Not all forms of intellectual property are important to every company, but some form of intellectual property is important to virtually every company.

Building Risk Awareness and Aligning with Business Strategy MetricStream’s latest survey on the state of internal audit finds auditors focused on delivering timely insights on key risks, aligning audit planning with business strategy, and improving audit processes and operational effectiveness Palo Alto, California (July 10, 2018) – As part of its ongoing efforts in understanding industry trends,  MetricStream Research announced today the findings of its latest survey, State of Internal Audit 2018 - Impact and Opportunities. The survey evaluated 600 organizations from 15...

(And That’s OK) The penalties for GDPR violations can be ruinous. But do organizations need to worry? Terry Ray suggests that while compliance is necessary, most companies can rest easy. May 25 has come and gone. The European Union's General Data Protection Regulation (GDPR) has gone into effect. The first GDPR lawsuits have already been filed. And the world still turns. GDPR promises to be the furthest-reaching and most complex data-protection regulatory scheme the world has known, for the following...

Robotic Process Automation and Other Key Advances A number of technological advances are emerging that, when implemented by IT audit, will upend the traditional approach to IT auditing. Among the advances: robotic process automation, advanced analytics, and process mining. Protiviti’s Andrew Struthers-Kennedy and Ashley Cuevas explore several changes coming to the IT audit function, and how each will increase the department’s business value. with co-author Ashley Cuevas Organizations everywhere are progressing on their digital journeys at a healthy clip. They’re...

Given its tendency to be overshadowed by the more exciting aspects of the M&A process, internal auditors can contribute significant value by ensuring that a vibrant due diligence process is in place and operating as intended. A rigorous audit of the M&A due diligence process can help companies take advantage of legitimate new business opportunities, while at the same time help them minimize risks.

How to Overcome Technological Roadblocks What a time to work in the GRC field: new technologies are constantly emerging to help companies meet their regulatory obligations. At the same time, many fragmented requirements have piled up over time. Chris Ekonomidis, Head of U.S. Business Consulting at Synechron, discusses the three main hurdles organizations must overcome to ensure Consolidated Audit Trail (CAT) compliance. In order to keep track of the plethora of data generated every day across different trading markets, many...

Global consulting firm Protiviti and global business technology professional association ISACA have released their annual report, A Global Look at IT Audit Best Practices. Key findings from the survey of more than 1,300 IT audit and internal audit leaders and professionals include: Privacy/cybersecurity was cited as the top concern for the second year in a row 37% percent of businesses did not address cybersecurity within their audit plans, citing lack of resources as the primary reason Half of all organizations polled have a dedicated IT audit director (or equivalent...

Take These Steps Now to Minimize Risk Later When it comes time for a FINRA audit, financial organizations can spend a significant amount of resources gathering and producing the necessary data. It can be a challenge to do this without damaging the metadata or overlooking privileged items while also ensuring you meet all regulations and compliance rules. Rather than waiting to receive a request or inquiry from FINRA before getting your data in order, invest the time now in effective data management.   Each year, Financial Industry...

Global consulting firm Protiviti has recently released results of its annual Internal Audit Capabilities and Needs Survey. Over 1,500 Chief Audit Executives (CAEs) were surveyed globally, the majority representing organizations with more than $1 billion in revenue. According to this year’s survey, utilizing data analytics in the audit process is far more common in Europe (76 percent) and APAC (also 76 percent) than in North America (just 63 percent). Additionally, one-in-three organizations globally still have no plans to implement audit analytics within the...

Section 404 of the Sarbanes-Oxley Act continues to be in the news and be a challenge for some companies. We now have Section 404(c), as well as a recently issued SEC Staff Study thanks to Dodd-Frank. We found expert accountant Ron Kral to provide the latest landscape on SOX 404 and break down the recent study.

In October, the Securities and Exchange Commission (“SEC”) approved the new auditor reporting standard, proposed by the Public Company Accounting Oversight Board (“PCAOB”). While the standard was implemented to make the auditor’s report more relevant to investors, commenters are concerned that the new requirements may result in a number of unintended consequences. Brett Kumm, a Managing Director in the Forensic & Litigation Consulting segment at FTI Consulting, examines five of these potential consequences in the following article.