Internal Audit

Global consulting firm Protiviti and global business technology professional association ISACA have released their annual report, A Global Look at IT Audit Best Practices. Key findings from the survey of more than 1,300 IT audit and internal audit leaders and professionals include: Privacy/cybersecurity was cited as the top concern for the second year in a row 37% percent of businesses did not address cybersecurity within their audit plans, citing lack of resources as the primary reason Half of all organizations polled have a dedicated IT audit director (or equivalent...

Take These Steps Now to Minimize Risk Later When it comes time for a FINRA audit, financial organizations can spend a significant amount of resources gathering and producing the necessary data. It can be a challenge to do this without damaging the metadata or overlooking privileged items while also ensuring you meet all regulations and compliance rules. Rather than waiting to receive a request or inquiry from FINRA before getting your data in order, invest the time now in effective data management.   Each year, Financial Industry...

Global consulting firm Protiviti has recently released results of its annual Internal Audit Capabilities and Needs Survey. Over 1,500 Chief Audit Executives (CAEs) were surveyed globally, the majority representing organizations with more than $1 billion in revenue. According to this year’s survey, utilizing data analytics in the audit process is far more common in Europe (76 percent) and APAC (also 76 percent) than in North America (just 63 percent). Additionally, one-in-three organizations globally still have no plans to implement audit analytics within the...

Section 404 of the Sarbanes-Oxley Act continues to be in the news and be a challenge for some companies. We now have Section 404(c), as well as a recently issued SEC Staff Study thanks to Dodd-Frank. We found expert accountant Ron Kral to provide the latest landscape on SOX 404 and break down the recent study.

In October, the Securities and Exchange Commission (“SEC”) approved the new auditor reporting standard, proposed by the Public Company Accounting Oversight Board (“PCAOB”). While the standard was implemented to make the auditor’s report more relevant to investors, commenters are concerned that the new requirements may result in a number of unintended consequences. Brett Kumm, a Managing Director in the Forensic & Litigation Consulting segment at FTI Consulting, examines five of these potential consequences in the following article.

As Audit teams start thinking about their 2018 plans, being able to identify new trends in emerging risk areas that threaten to disrupt enterprise performance over the next year is critical. This explains 12 risks, connected by four major risk themes, that organizations need to have on their radar and what Audit teams need to do to more effectively identify and communicate these risks to their organizations and stakeholders.

The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs in prior years. Here are the particular areas that PCAOB has marked for scrutiny that public companies should focus on this year.

Part 3 in a Series Exploring the “Auditor of the Future” In this series, Protiviti’s Jim DeLoach and Brian Christensen have put forth 20 potential ways the Chief Audit Executive or internal audit lead can advance his or her relationship with the audit committee. Parts 1 and 2 focused on risk and value, respectively; this installment details strategies for making the most of communications. with co-author Brian Christensen Read Part 1 and Part 2. In this three-part series, we have...

Part 2 in a Series Exploring the "Auditor of the Future" Part 2 of this series from Protiviti’s Jim DeLoach and Brian Christensen discusses several ways auditors can add value to the organization beyond the scope of the audit plan. with co-author Brian Christensen Read Part 1 here. Last week, we explained our vision of the future auditor, or the CAE who takes definitive steps to apply the full scope of The IIA’s definition of internal auditing. CAEs who embrace...

Part 1 in a Series Exploring the "Auditor of the Future" In this first installment, Protiviti's Jim DeLoach and Brian Christensen discuss the nature of the relationship between the "auditor of the future" and the board of directors with respect specifically to risk – which remains central to the internal audit function. with co-author Brian Christensen Just over three years ago, Protiviti released an issue of The Bulletin which introduced what we called the “future auditor” vision. This vision was then (and...

Rethinking Independence in Internal Investigations Demonstrating and ensuring independence in internal investigations is a critical issue for corporate counsel to consider, especially when facing or anticipating parallel regulatory probes. How to properly do so is a nuanced process: as this piece explores, it is not as simple as the binary question of whether counsel conducting an internal investigation had a previous working relationship with the company. with co-authors Nell Clement and Josh Malone For a company under actual or potential...

Preparing Your Organization for GDPR Compliance The threat of a $24 million fine is enough to make any organization sit up and listen to what changes they must make to adhere to new European Union laws on data protection. But, in preparing for General Data Protection Regulation (GDPR), are U.S. companies focused too much on the “data” in their big data clusters? David Dingwall, of Fox Technologies, believes so. He says putting these clusters through GDPR compliance is dependent on...