Loading ...
Sorry, an error occurred while loading the content.
 

The Audit Report

Expand Messages
  • Dan Swanson
    fyi.  Regards.DanDan Swanson and Associates, Ltd.We are what we repeatedly do. Excellence, therefore, is not an act but a habit. AristotleThe Internal Audit
    Message 1 of 25 , Jan 25
      fyi. 

      Regards.
      Dan
      Dan Swanson and Associates, Ltd.
      We are what we repeatedly do. Excellence, therefore, is not an act but a habit. Aristotle




      Click here to view this message in a browser window.
      Ethics and the Internal Auditor
      In these turbulent times, ethics continues to be a frequent topic of corporate, shareholder, stakeholder, and regulatory conversations. Meanwhile, companies continue to look for ways to emphasize the importance of strong ethics, integrity, and proper conduct and seek strategies to embed processes within their organizational structure. Yet, as we know, incidents of bad behavior still occur. It is an ever-evolving phenomenon. Once we find the answer to address a specific issue, another question or problem arises.
      Spotting Potentially Fraudulent Shell Companies During Audits
      Within a company's accounts payable file, shell companies are being used to steal millions of dollars or to conceal bribery payments which violate anti-bribery and corruption laws, so spotting them is critical.
      Are You Ready for Data Privacy Day?
      This Saturday, January 28, is Data Privacy Day. Intended as a day to raise awareness and promote good data privacy practices, it offers a unique opportunity to drive home the best practices message.
      Survey of Internal Auditors on Audit Planning and Staffing Priorities
      MIS Training Institute has launched a survey to gather the views of internal auditors on what areas they are auditing and what their priorities are in 2017. The survey is currently open and we are inviting North American internal auditors to complete it.
    • Dan Swanson
      fyi. Regards.DanDan Swanson and Associates, Ltd.We are what we repeatedly do. Excellence, therefore, is not an act but a habit. AristotleThe Internal Audit
      Message 2 of 25 , Feb 2
        fyi.

        Regards.
        Dan
        Dan Swanson and Associates, Ltd.
        We are what we repeatedly do. Excellence, therefore, is not an act but a habit. Aristotle




        Click here to view this message in a browser window.
        Five Reasons to Audit the Risk Management Function
        Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive. If a separate risk management department does not exist, the role of internal audit in risk management is even more important as fewer resources are dedicated to the process of identifying and evaluating risks and ensuring appropriate risk responses are intact. With this in mind, here are five ways organizations can benefit from having internal audit evaluate the risk management function.
        Auditing Culture: Taking the Next Steps
        In this podcast, developed in partnership with Experis Finance, we talk to Alec Arons, Experis’ national practice leader of advisory services, to discuss some steps to get started on auditing corporate culture and what companies can do to take those audits to the next level.
        Is the Backlash Against Non-GAAP Earnings Measures Receding?
        The battle over the use of non-GAAP measures in financial reporting has been simmering for well over a year, but now it may be starting to cool off, as new leadership at the SEC may be less inclined to pursue non-GAAP as an issue.
        Going All-In on Internal Audit Training
        Despite the phrase "what happens in Vegas stays in Vegas," there are some events that take place there that you'd be happy to take with you and apply in your professional life. Here’s one of them.

        (Message over 64 KB, truncated)
      • Dan Swanson
        fyi. Regards.DanDan Swanson and Associates, Ltd.We are what we repeatedly do. Excellence, therefore, is not an act but a habit. AristotleThe Internal Audit
        Message 3 of 25 , Feb 7
          fyi.
           
          Regards.
          Dan
          Dan Swanson and Associates, Ltd.
          We are what we repeatedly do. Excellence, therefore, is not an act but a habit. Aristotle


            

           

          Click here to view this message in a browser window.
          Editors Note: The Audit Report is changing its regular publication time from Wednesday afternoons to Tuesday mornings. 
          Study Finds Fractured Approach to Risk Management
          A new report from the Ponemon Institute finds that many companies lack a cohesive approach to risk management. According to the study, three-quarters of the risk management professionals surveyed said their organizations don't have a clearly defined risk management strategy that applies across the full company. Of those, a third (33 percent) said they didn't have a clearly defined strategy at all, and another 43 percent said that while the strategy was defined, it was not applied to the entire enterprise.
          NIST Publishes Update to Its Cybersecurity Framework
          The National Institute of Standards and Technology issued a new update to its Framework for Improving Critical Infrastructure Cybersecurity. The updated framework provides new details on managing online supply chain risks and also clarifies some additional terms and measurement methods.
          Information Security Vs. Cybersecurity: Untangling Misconceptions
          Most experts agree that the characteristic that separates information security from cybersecurity is that information security includes all forms of data, while cybersecurity, focuses on protecting data and information assets that are stored or transmitted via interconnected devices and networks.
          CALL FOR SPEAKERS:

          SuperStrategies & Audit World
          Deadline: February 28, 2017
          Click here to submit your proposal.
          For sponsorship of The Audit Report and/or Lead Generation opportunities, please contact Mike Shemesh at mshemesh@....
                  
        • Dan Swanson
          fyi.  Regards.DanDan Swanson and Associates, Ltd.We are what we repeatedly do. Excellence, therefore, is not an act but a habit. AristotleThe Internal Audit
          Message 4 of 25 , Feb 21
            fyi. 

            Regards.
            Dan
            Dan Swanson and Associates, Ltd.
            We are what we repeatedly do. Excellence, therefore, is not an act but a habit. Aristotle


              
             

            Click here to view this message in a browser window.
            Do Millennials Really Require a Different Management Style?
            Newsflash: Millennials don't stay in their jobs very long. They lack loyalty and focus. And they need oodles and oodles of positive reinforcement. So say the several surveys and reports that portend to put their finger on the pulse of the generation born roughly between 1980 and 2000 and tell us how to relate to these skateboard-riding, texting-obsessed, criticism-adverse, video game junkies with short attention spans. They tell us to throw away the management strategies we've been honing for decades and get ready to do some coddling. Millennials are different, they say, and need a special kind of handling. I might be bucking conventional wisdom here, but I'm not buying it.
            Help Wanted: Internal Audit Talent Gap Widening
            For the last few years internal audit executives have fretted over finding the right people to staff a department that is taking on several new roles. Now, it appears those concerns are only deepening. Among the top problems internal audit shops face is finding good people to hire. "Companies are really struggling to find people with the skill set required for today's internal auditor," says Sandy Pundmann, U.S. internal audit practice lead at Deloitte.
            Where Bribery and Corruption Still Reign
            The U.S. Department of Justice and the Securities and Exchange Commission are on something of a roll lately in bringing corruption cases to fruition under the Foreign Corrupt Practices Act (FCPA). Together, the agencies concluded 26 enforcement actions against companies and individuals—including three cases where regulators declined to prosecute but enforced strict reforms—through the first half of 2016, according to the FCPA Blog which tracks such cases. That's more than the 20 enforcement actions the DoJ and SEC jointly concluded in all of 2015.
            Looking for more knowledge on internal audit? Explore the Internal Audit and IT Audit Book Series. The goal of the series, edited by Dan Swanson, is to produce leading-edge books on critical subjects for internal audit executives and practitioners.
            <

            (Message over 64 KB, truncated)
          • Dan Swanson
                #yiv2032855432 body, #yiv2032855432 table, #yiv2032855432 tr, #yiv2032855432 td, #yiv2032855432 div, #yiv2032855432 textarea, #yiv2032855432 input
            Message 5 of 25 , Mar 2


               

               


              Click here to view this message in a browser window.
              Tell Us How We Did: More Internal Audit Departments Surveying Auditees
              Over the past few years, more internal audit departments are seeking to shed their reputation as the company’s monitors and provide more value and service to those they audit. But how does internal audit know if it’s meeting those goals? Some are simply asking. Borrowing a common tool of the customer service department, more internal audit departments are turning to customer satisfaction or exit surveys to gather feedback on audits from the auditees’ perspective with an eye toward improving the audit experience and proving more value to process and function owners.
              Taking a Novella Approach to Internal Audit
              The few references to internal auditors in television, movies, and books either confuse them with accountants or portray them as nerdy paper-pushers. This non-existent or negative portrayal so bothered Wa'el Bibi, a former internal auditor and current internal audit consultant, that he decided to do something about it. Bibi authored a short book of fiction, The Internal Auditor, which includes a hero internal audit protagonist who draws on his full complex of talents to uncover a burgeoning corporate fraud and save the day.
              Five Reasons to Audit the Risk Management Function
              Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive. If a separate risk management department does not exist, the role of internal audit in risk management is even more important as fewer resources are dedicated to the process of identifying and evaluating risks and ensuring appropriate risk responses are intact. With this in mind, here are five ways organizations can benefit from having internal audit evaluate the risk management function.
              Looking for more knowledge on internal audit? Explore the Internal Audit and IT Audit Book Series. The goal of the series, edited by
            • Dan Swanson
               Regards.DanDan Swanson and Associates, Ltd.We are what we repeatedly do. Excellence, therefore, is not an act but a habit. AristotleThe Internal Audit and
              Message 6 of 25 , Mar 7
                 
                Regards.
                Dan
                Dan Swanson and Associates, Ltd.
                We are what we repeatedly do. Excellence, therefore, is not an act but a habit. Aristotle


                 

                Click here to view this message in a browser window.
                Finding Top Internal Audit Talent
                For internal audit directors and leaders, getting the right mix of skills in the department can be a tricky undertaking. Not only are data analytics and cybersecurity capabilities becoming more important, but internal auditors must continue to demonstrate critical thinking, communicate well, and navigate complex situations with diplomacy as they take on new responsibilities and take internal audit into new areas. To shed some light on these and other issues, we recently caught up with Anne DeTraglia, director of internal audit at United Airlines, to talk about how she finds good internal audit talent, the skills she views as important to taking internal audit to the next level, and how internal audit departments are evolving.
                A Revolution in Risk Management
                Typically, reporting to the management team and the board has been in terms of risks, focusing only on the things that might happen that would be harmful. This allows the consideration of risks, but not how they might affect the achievement of objectives and which ones might be "at risk." Why not turn the information around and use it to indicate the likelihood that the organization will achieve each of its objectives? For each initiative, what is the likelihood of success?
                Understanding Risk-Based IT Audit Planning
                Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around information technology risks confronting their organization. However, internal audit departments can help shed light on the issue through risk-based IT audit planning.
              • Dan Swanson
                #yiv3830130576 body, #yiv3830130576 table, #yiv3830130576 tr, #yiv3830130576 td, #yiv3830130576 div, #yiv3830130576 textarea, #yiv3830130576 input
                Message 7 of 25 , Mar 28



                  Click here to view this message in a browser window.
                  How to Make Sure Every Audit Focuses on What Matters Most
                  An audit is a complex undertaking that requires internal auditors to examine documents, speak with employees, observe business practices, and evaluate controls in business programs and processes. Given these dynamics, is there a document that organizes what needs to be understood and provides a clear roadmap for effective testing? Yes, there is. It's called the Risk and Control Matrix (RCM), and if you aren't taking the time to assemble one, you should.
                  A Day in the Life of an Internal Audit Supervisor
                  Devin Potter is a Supervisor in the Risk Advisory Services business at RSM, where he has worked since 2014. We recently sat down with Devin to talk about the internal audit profession. During this Q&A, Devin weighs in on the typical day of an internal audit supervisor, some myths about internal audit, and where the profession is heading in the next five-to-ten years.
                  Auditing the Use of Open Source Software Code
                  If your organization is developing applications, it's likely that some of the code is borrowed from open source software that can be found freely on the Internet. While such code makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that, if left unmanaged, could pose significant risks to the organization. Conducting an audit of the use of open source software code can help companies get a handle on this emerging risk area.
                  This year’s data revealed that organizations with advanced approaches to third party risk management noted a significant difference in their program’s outcomes – 
                  including accurately scoring third party risk, compliance with laws and regulations, monitoring all third parties and documented processes and controls.
                  Those with automated due diligence systems report even better results, despite major challenges such as increasing legal impacts and lack of resources. Download this whitepaper to get the benchmark data to measure your own third party risk management program’s effectiveness. 
                • Dan Swanson
                    #yiv3187540976 body, #yiv3187540976 table, #yiv3187540976 tr, #yiv3187540976 td, #yiv3187540976 div, #yiv3187540976 textarea, #yiv3187540976 input
                  Message 8 of 25 , Apr 4


                     


                    Click here to view this message in a browser window.
                    Eight Things the Board and C-Suite Want from Internal Audit
                    Internal auditors realize they must pay closer attention to what their stakeholders—namely boards and executive management—expect of them and whether these expectations are being met. During a recent internal audit conference by the Institute of Internal Auditors, Larry Harrington, vice president of internal audit at Raytheon, and Angela Witzany, head of internal audit at Sparkassen Versicherung AG, a large insurance provider in Austria, examined eight important messages that stakeholders are sending to internal audit, and how the function can respond.
                    Auditing the Online Marketing Program
                    In this digital age online marketing activities, including e-mail marketing, search engine advertising, and social media are among the most important ways to connect with customers and promote products and services. We recently spoke to Dan Tsang, director of internal audit at Expedia, for this podcast about why companies should audit the digital marketing program, how to get started on such an audit, and what to look for in terms of key risks.
                    Survey Finds Directors Lack Understanding of Cyber-Risks
                    Cyber-risk oversight is becoming an increasingly critical job for corporate boards. Yet a recent survey finds that many directors may not be equipped with the knowledge and understanding they need to provide that oversight. A lack of knowledge can create a disconnect between technology professionals and directors leading to the potential for breakdowns in IT risk management and cybersecurity.
                    Screening your third party vendors and business partners for risk can be a challenging process. With so many different factors to consider, where do you even begin? The Anti-Bribery and Corruption Risk Assessment Checklist outlines how to implement an effective anti-bribery compliance program using a protect, detect and correct methodology to manage core program components including, but not limited to:
                    • Policies
                    • Risk Assessment
                    • Corrective Action
                    This checklist will enable you to design and implement an effective, global and consistent anti-bribery compliance program.
                  • Dan Swanson
                      #yiv1806203855 body, #yiv1806203855 table, #yiv1806203855 tr, #yiv1806203855 td, #yiv1806203855 div, #yiv1806203855 textarea, #yiv1806203855 input
                    Message 9 of 25 , Apr 11
                       



                      Click here to view this message in a browser window.
                      Turning Front-Line Internal Auditors into Customer Service Envoys
                      First-rate internal audit departments are working to foster better relationships and achieve smoother audits by treating process owners and others in the functions and departments they audit more like customers. For the strategy to work, they must ensure that internal auditors in the field—those staffers and audit seniors who interact most with auditees—are prepared and empowered to act as customer service agents. (Part three of our four-part series.)
                      Is Internal Audit Neglecting Environmental, Health, and Safety Risks?
                      According to the Institute of Internal Auditors' annual "Pulse of Internal Audit" survey, EHS risk is one of two areas—along with company communications outside of financial reporting—that "have fallen just below or somehow dropped off the radar." According to the IIA report, only 23 percent of chief internal auditor respondents said they were well-informed about EHS risks.
                      Ethics and the Internal Auditor
                      In these turbulent times, ethics continues to be a frequent topic of stakeholder and regulatory conversations. Meanwhile, companies continue to look for ways to emphasize the importance of strong ethics, integrity, and proper conduct and seek strategies to embed processes within their organizational structure. Yet, as we know, incidents of bad behavior still occur. Once we find the answer to address a specific issue, another question or problem arises.
                      In this guide, learn everything you need to know about effectively managing your third-party risk—from defining a due diligence process to creating risk-based strategy.
                      The Definitive Guide to Third-Party Risk Management is a comprehensive resource full of insight, advice and examples to help organizations recognize and address their third-party risk.
                      A strong third-party risk management program will help your organization make smart choices when it comes to engaging with business partners. It will also protect your organization from the risks that third parties can present.
                      Click here to download this whitepaper.
                    • Dan Swanson
                        #yiv7999557482 body, #yiv7999557482 table, #yiv7999557482 tr, #yiv7999557482 td, #yiv7999557482 div, #yiv7999557482 textarea, #yiv7999557482 input
                      Message 10 of 25 , Apr 18

                         



                        Click here to view this message in a browser window.
                        What Internal Audit Leaders Can Do to Foster a Customer Service Approach
                        Adopting a customer service mindset for internal audit starts at the top. Chief audit executives and other internal audit leaders who want to change the perception of internal audit must create a culture of treating auditees as customers that includes changes to internal audit processes, communication of what is expected of rank-and-file internal auditors, and examples of taking a customer service approach through actions. Once established, a customer service approach can help internal audit break down barriers and win the trust of business units and the other functions it audits.
                        Four Internal Audit Lessons from the United Airlines Viral Video Fiasco
                        United Airlines is no stranger to viral videos and social media kerfuffles that cast the company in a poor light. A video uploaded to You Tube in 2009 called "United Breaks Guitars" has more than 17 million views. Yet when fellow passengers filmed a man being violently dragged off a plane, and it quickly circulated on social media sites, it was immediately clear that this was different. For internal auditors, who are concerned with processes, policies, and risks, there are plenty of lessons to sift through. Here are four lessons for internal audit from the United Airlines incident.
                        What Internal Auditors Must Do to Remain Relevant
                        As internal auditors, we work in complex and demanding environments where business, technological, social, and other dynamics challenge us to meet the increasing expectations of the board and senior management. While many internal auditors find it difficult to keep up with the cycle of risk-and-control reviews, there is no alternative. Failure to demonstrate how we add value will eventually result in stakeholders viewing internal audit as irrelevant. The following actions are crucial to avoid this outcome.
                        Screening your third party vendors and business partners for risk can be a challenging process. With so many different factors to consider, where do you even begin? The Anti-Bribery and Corruption Risk Assessment Checklist outlines how to implement an effective anti-bribery compliance program using a protect, detect and correct methodology to manage core program components including, but not limited to:
                        • Policies
                        • Risk Assessment
                        • Corrective Action
                        This checklist will enable you to design and implement an effective, global and consistent anti-bribery compliance program.
                                
                         
                      • Dan Swanson
                        MISTI.com s new look
                        Message 11 of 25 , May 2
                          MISTI.com's new look


                           
                          Click here to view this message in a browser window.
                          We are proud to share MISTI.com's new look with our audience -
                          Check it out here!
                          Four Communication Tips to Increase Internal Auditor Effectiveness
                          Why do some internal auditors effectively prepare workpapers and write audit reports with ease, yet stumble when it comes to most other forms of communication? Whether speaking with teammates, meeting with audit customers, or presenting to the Chief Audit Executive or audit committee, an internal auditor will find the job extremely difficult if he or she cannot be clear and concise when trying to make a point.
                          Are You Ready for the New EU Data Privacy Protections?
                          In a little more than a year, U.S. companies that do business in Europe or have customers or employees there will need to comply with a new set of European Union data protection and privacy laws. The EU General Data Protection Regulation (GDPR), will take effect in May 2018, subjecting most companies to its somewhat onerous provisions. The GDPR was designed to enhance data protections for EU residents and to provide a framework for company use of their personal data. It also comes with hefty penalties for non-compliance.
                          Auditing the Use of Open Source Software Code
                          If your organization is developing applications, it's likely that some of the code is borrowed from open source software that can be found freely on the Internet. While such code makes developing applications much easier, its use can come with legal hoops to jump through and security vulnerabilities that, if left unmanaged, could pose significant risks to the organization. Conducting an audit of the use of open source software code can help companies get a handle on this emerging risk area.
                        • Dan Swanson
                            #yiv6151081125 body, #yiv6151081125 table, #yiv6151081125 tr, #yiv6151081125 td, #yiv6151081125 div, #yiv6151081125 textarea, #yiv6151081125 input
                          Message 12 of 25 , May 9
                             



                            Click here to view this message in a browser window.
                            The 2017 Internal Audit Planning and Staffing Priorities Report
                            Is internal audit focusing on the areas that have the greatest impact on the organization? To attempt to answer this question, MISTI partnered with Experis Finance to survey more than 600 internal auditors about their plans, priorities, and concerns for the near future. The survey covered a range of topics, from how internal auditors construct their audit plans to how they’re developing internal auditors who can effectively execute those plans. The full survey report, including findings and resulting action items, is now available for download.
                            Six Best Practices of World Class CAEs
                            It is not uncommon for chief audit executives (CAEs) to read thought leadership that highlights internal audit’s inability to meet stakeholder expectations and areas where there is room for improvement. While these insights may provide specific examples of what internal auditors should do to improve their perceptions, the “how-to” of these articles usually include recommendations that indirectly infer the thought leader should be hired to fix the problem.
                            Spotting Potentially Fraudulent Shell Companies During Audits
                            Boards of directors, shareholders, management teams, and professional standards all expect internal auditors to respond to the risk of fraud in core business systems. Within a company's accounts payable file, shell companies are being used to steal millions of dollars or to conceal bribery payments which violate anti-bribery and corruption laws. Scandals range from thousands to millions of dollars and always result in embarrassing moments for the company and management, so spotting them is critical.
                          • Dan Swanson
                            So, Why Are You Still Not Using Data Analytics?
                            Message 13 of 25 , Jun 28
                              Click here to view this message in a browser window.
                              So, Why Are You Still Not Using Data Analytics?
                              Chief Audit Executives (CAEs) have repeatedly stated that data analysis expertise is a much-needed skill in internal audit, and surveys over the past 10 to 15 years have rated data extraction, data analysis, and analytical software as critical tools for effective internal audit organizations. Why then do more than half of internal audit shops—according to those same surveys—still rate their analytic capability as poor or needing improvement? The answer is that they have not approached data analytics with a clear plan of action.
                              Five Reasons to Audit the Risk Management Function
                              Whether an organization's risk management function is focused on traditional insurable risks or broader enterprise-wide risk management, an audit of the risk management function should be among the first priorities for a chief audit executive. If a separate risk management department does not exist, the role of internal audit in risk management is even more important as fewer resources are dedicated to the process of identifying risks. With this in mind, here are five ways organizations can benefit from having internal audit evaluate the risk management function.