No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Strategically Leverage Compliance Activities to Add Value

by Warren W. Stippich
June 2, 2014
in Uncategorized
Strategically Leverage Compliance Activities to Add Value

Today’s dynamic business environment is a result of customer, technology and regulatory changes. New regulations have added to an already lengthy compliance activity slate, and more regulations keep coming. With limited internal audit resources, compliance requirements often take top priority. If internal audit departments are utilizing a disproportionate amount of resources on compliance activities, there could be significant lost opportunities for value-added governance, operational, strategic and IT audits. The dilemma many chief audit executives face is how to continue adding strategic value given the current compliance-heavy environment. I believe the solution is not to leave compliance behind in place of focusing on strategic and/or operational areas, but instead to understand how you can leverage compliance activities to add value. With the focus firmly on compliance for the foreseeable future, internal audit’s challenge is to get as much value out of its compliance activities as possible. This is not necessarily a bad thing. In Grant Thornton’s 2014 Chief Audit Executive Survey, 45 percent of respondents felt that the impact of regulation on their organizations was improving their governance and rigor of testing1. So the question isn’t about decreasing — or even balancing — compliance activities against other priorities. It is increasingly about how to wring the most value out of testing so that other important risks are simultaneously addressed through compliance. To meet all key risks, the internal audit plan must become more holistic and efficient — internal audit activities simply can’t be segregated as distinct goals anymore for planning purposes. If any risk area is left on the table, it creates more risk for the organization as a whole and puts the internal auditors in a precarious position. CAEs therefore must find a path to success through efficiency and using the right mix of tools and strategy to get the most out of compliance activity.

Maximizing Current Resources

A critical piece of internal audit efficiency is fully utilizing existing resources. Internal audit departments are not identical, so you must determine the right mix for your organization. Consider the following options:

One-to-Many Approach

Leveraging control testing across multiple compliance areas — the “one-to-many approach” — is slowly taking hold. Since last year’s survey, we’ve found 54 percent of respondents indicating they have found ways to implement one-to-many, up from 49 percent. The approach isn’t easy to implement, and internal auditors may be tied to the idea that they must silo the control testing for accuracy. I challenge CAEs to at least take another look at the possibility. Intuitively, “killing two (or more) birds with one stone” is a clear path to efficiency gains, although not an easy one.

Effectively Leveraging Technology

Another path to efficiency gains may be through technology. Allocating an appropriate amount of scarce budget dollars to technology may be a challenge, but the payoff in efficiency gains may quickly offset costs. In the survey, 29 percent of respondents reported that their companies are using GRC-specific technology, up from only 23 percent in last year’s survey. While adoption numbers have increased, however, only 22 percent of respondents believe their organizations effectively leverage GRC technology. Significantly, 36 percent don’t feel their organizations effectively leverage GRC technology.

Data Analytics

Sixty percent of survey respondents reported using data analytics to enhance the internal audit function. CAEs also reported that they used analytics for such other tasks as forensic analysis, predictive analytics and performance measurement. Since these resources are in place, the question is about fully using their capabilities and moving beyond basic analytics into more advanced realms of prescriptive and predictive analytics2. This swiftly evolving field holds major potential for internal audit organizations looking for efficiency and accuracy in choosing testing targets. Data analytics are here to stay. Fully embracing this evolving discipline can be a critical differentiator for internal audit.

The Talent Gap

Part of the equation of getting the most out of an organization’s compliance work is about the people who are doing the work. In fact, for 40 percent of survey respondents, “talent quality or capacity” was seen as a barrier to delivering the greatest value. Internal audit leaders have an ongoing opportunity to upgrade staff skills. When asked to list their top three goals for the internal audit organization in the next 12 months, a solid amount of survey respondents listed “build talent and skills,” making it the third choice in a close category.

Third-Party Risk/Testing

Third-party risk is a topic that is getting major attention from regulators. With billion-dollar settlements being paid out, particularly in the banking industry, it makes sense to thoroughly test any area relating to third parties in any industry. Third-party risk information can feed into GRC efforts, which include the formulation of the internal audit risk universe and annual internal audit plan. When asked if third parties have the potential to impact their organization’s growth, 22 percent of survey respondents felt it was a highly significant risk, a major rise from just 14 percent last year. When asked which risk areas were included in their audit plans, 66 percent of respondents said third parties were currently in scope. Maximizing the use of current resources in this case means the opportunity cost of avoiding regulatory action by building and adhering to a solid internal audit approach around third-party risk.

Conclusion

Less budget for value-added activities due to expanding regulatory requirements means CAEs have additional pressure to work harder and smarter to keep their internal audit organizations moving ahead. It can be done, but significant change means taking significant action. Leveraging current resources means understanding the universe of options and making realistic choices that will move your organization forward. This process is highly company-specific and can be challenging. With the array of available tools, there are solid opportunities for moving forward, however. Internal audit is still an important strategic contributor for any organization. Taking a closer look at technology innovations, analytics, staff training, supplemental specialized resources and any of the other tools available to CAEs is important in embracing this new paradigm, as regulatory expectations will only expand.


1 Read the survey report at grantthornton.com/caesurvey.

2 For more information, see Grant Thornton’s white paper, Prescriptive analytics: Winning in a competitive environment, available at grantthornton.com/issues/library/whitepapers/advisory/2014/BAS-prescriptive-analytics.aspx.


Tags: HIPAA
Previous Post

Essential Requirements For An “Effective” Ethics and Compliance Program

Next Post

In-House Counsel Lack Resources to Reduce and React to Risks

Warren W. Stippich

Warren W. Stippich

warren stippich grant thornton Warren is the National Governance, Risk and Compliance Solution Leader and the Market Leader of the Chicago Business Advisory Services Group at Grant Thornton LLP. He has over 20 years experience working with multi-national, entrepreneurial, and high-growth public companies, including boards of directors and audit committees. Warren brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes-Oxley consulting, internal audit services and SAS 70 projects for a wide-array of publicly traded and private businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in Europe, Russia, China, Southeast Asia, Central and South America and Canada. He has lectured on governance, risk and compliance. Experience Warren began his career with Arthur Andersen in the external audit practice and later in the internal audit services practice. Later, he joined DEKALB Genetics Corporation, a $500 million multi-national public company, as the Vice President of Internal Audit and Worldwide Consulting. Subsequent to DEKALB, Warren was a Managing Director at American Express Tax and Business Services and a Partner in the related attest entity of Altschuler, Melvoin & Glasser LLP and worked in the attest and business consulting areas. Professional certifications

  • Certified Public Accountant (Illinois)
  • Certified Internal Auditor
Memberships
  • American Institute of Certified Public Accountants; Illinois CPA Society
  • Institute of Internal Auditors
  • Board Member and Audit Committee Chair of Gateway Foundation, Inc., Chicago, IL
  • Advisory Board Member of CIBER (Center for International Business Education & Research) at University of Illinois at Urbana-Champaign
  • Board Member of the College of Business Alumni Association of the University of Illinois at Urbana-Champaign
Education Bachelor of Science in Accountancy -University of Illinois at Urbana – Champaign. Warren writes a regular column, Internal Audit Revolution, for CCI.

Related Posts

people waiting in covid line

Did Covid Lead to a Lower HIPAA Fine?

by Rodney King
August 17, 2022

Eye-popping fines over violations of the right of access portion of the federal HIPAA healthcare law aren’t exactly common, and...

medical records hipaa

Survey: Majority Admit Missing Key Piece of HIPAA Compliance

by Corporate Compliance Insights
June 8, 2022

Organizations admit failing to prioritize annual security risk analysis, according to small survey

A masked professional holds up their covid-19 vaccination card.

‘My Employer Can’t Ask for Proof of Vaccination’ and Other Myths Regarding COVID-19 and HIPAA

by K Royal
September 7, 2021

When it comes to COVID-19 and HIPAA, many misunderstand the law’s scope and purview, especially in a professional setting. Privacy...

illustration of cybersecurity concept

VigiTrust Launches VigiOne Cybersecurity Compliance Platform for Managed Security Service Providers

by Corporate Compliance Insights
August 17, 2021

Easy-To-Use, Cost-Effective Solution Enables MSSPs to Keep Pace with Changing Regulations, Scale Effectively and Ensure Ongoing Compliance New York, NY...

Next Post
In-House Counsel Lack Resources to Reduce and React to Risks

In-House Counsel Lack Resources to Reduce and React to Risks

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT