Internal Audit

Global consulting firm Protiviti and global business technology professional association ISACA have released their annual report, A Global Look at IT Audit Best Practices. Key findings from the survey of more than 1,300 IT audit and internal audit leaders and professionals include: Privacy/cybersecurity was cited as the top concern for the second year in a row 37% percent of businesses did not address cybersecurity within their audit plans, citing lack of resources as the primary reason Half of all organizations polled have a dedicated IT audit director (or equivalent...

Take These Steps Now to Minimize Risk Later When it comes time for a FINRA audit, financial organizations can spend a significant amount of resources gathering and producing the necessary data. It can be a challenge to do this without damaging the metadata or overlooking privileged items while also ensuring you meet all regulations and compliance rules. Rather than waiting to receive a request or inquiry from FINRA before getting your data in order, invest the time now in effective data management.   Each year, Financial Industry...

Global consulting firm Protiviti has recently released results of its annual Internal Audit Capabilities and Needs Survey. Over 1,500 Chief Audit Executives (CAEs) were surveyed globally, the majority representing organizations with more than $1 billion in revenue. According to this year’s survey, utilizing data analytics in the audit process is far more common in Europe (76 percent) and APAC (also 76 percent) than in North America (just 63 percent). Additionally, one-in-three organizations globally still have no plans to implement audit analytics within the...

Section 404 of the Sarbanes-Oxley Act continues to be in the news and be a challenge for some companies. We now have Section 404(c), as well as a recently issued SEC Staff Study thanks to Dodd-Frank. We found expert accountant Ron Kral to provide the latest landscape on SOX 404 and break down the recent study.

As Audit teams start thinking about their 2018 plans, being able to identify new trends in emerging risk areas that threaten to disrupt enterprise performance over the next year is critical. This explains 12 risks, connected by four major risk themes, that organizations need to have on their radar and what Audit teams need to do to more effectively identify and communicate these risks to their organizations and stakeholders.

The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs in prior years. Here are the particular areas that PCAOB has marked for scrutiny that public companies should focus on this year.

Part 3 in a Series Exploring the “Auditor of the Future” In this series, Protiviti’s Jim DeLoach and Brian Christensen have put forth 20 potential ways the Chief Audit Executive or internal audit lead can advance his or her relationship with the audit committee. Parts 1 and 2 focused on risk and value, respectively; this installment details strategies for making the most of communications. with co-author Brian Christensen Read Part 1 and Part 2. In this three-part series, we have...

Part 2 in a Series Exploring the "Auditor of the Future" Part 2 of this series from Protiviti’s Jim DeLoach and Brian Christensen discusses several ways auditors can add value to the organization beyond the scope of the audit plan. with co-author Brian Christensen Read Part 1 here. Last week, we explained our vision of the future auditor, or the CAE who takes definitive steps to apply the full scope of The IIA’s definition of internal auditing. CAEs who embrace...

Part 1 in a Series Exploring the "Auditor of the Future" In this first installment, Protiviti's Jim DeLoach and Brian Christensen discuss the nature of the relationship between the "auditor of the future" and the board of directors with respect specifically to risk – which remains central to the internal audit function. with co-author Brian Christensen Just over three years ago, Protiviti released an issue of The Bulletin which introduced what we called the “future auditor” vision. This vision was then (and...

Rethinking Independence in Internal Investigations Demonstrating and ensuring independence in internal investigations is a critical issue for corporate counsel to consider, especially when facing or anticipating parallel regulatory probes. How to properly do so is a nuanced process: as this piece explores, it is not as simple as the binary question of whether counsel conducting an internal investigation had a previous working relationship with the company. with co-authors Nell Clement and Josh Malone For a company under actual or potential...

4 Techniques for Auditors While data analytics in audit has been discussed for more than two decades, most internal audit teams are just beginning to make serious investments to embed analytics in their engagements and processes. Vendors highlight techniques such as predictive and prescriptive analytics; however, it is often unclear what these techniques entail and how they can be applied by audit departments. with co-author Barton Edgerton Data analytics has been discussed by the audit community for decades. Auditors and other assurance professionals of a certain age might well remember “computer-assisted auditing...

Moving Beyond Routine Contract Provisions If companies are to maintain a commitment to risk mitigation, they must keep an eye on (and extend its oversight to) distributors – as well as sub-distributors and sub-sub-distributors. This will mean leveraging distributor relationships and using a variety of tools and strategies to conduct compliance and financial audits. Limiting oversight to strictly formal audits is an unnecessary restriction on the company’s ability to mitigate risks. Whether you are in the high-tech industry and managing...