Posts Tagged ‘internal audit’
SOX Costs Drop; Struggles Don’t
Sarbanes-Oxley compliance costs fell for many companies last year, according to an analysis released this week — although time spent on SOX compliance work actually rose, suggesting that many companies are struggling to implement automation technologies even as demands from their audit firms keep rising. In other words, as usual, SOX compliance is a bit…
Read MoreAnother Example of AI’s Issues
If you’ve been following news about artificial intelligence lately, then by now you may already have seen this: an Asian-American computer scientist at MIT, who uploaded a picture of herself into an AI tool and asked it to make her look “more professional.” The software turned the woman white. The computer scientist in question, Rona…
Read MoreA Closer Look at SOC Audits
Anyone involved in cybersecurity or privacy compliance knows that one handy tool to assess your vendor risks is a SOC audit. Now, at long last, we have a report that explores an important question: Just what do all those SOC audit reports actually examine, anyway? The report comes from CBiz MHM, a mid-sized accounting and…
Read MoreNY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read MoreIIA Unveils Proposed New Standards
Calling all internal audit enthusiasts: the Institute of Internal Auditors has released a draft of proposed new standards for the profession and is calling for public comment on the material. So if internal auditing is your career or you deal with internal auditors in some other capacity, put on your thinking cap and download a…
Read More‘Duty of Oversight’ and Internal Audit
Today I want to return to the Delaware Chancery Court and its decision that corporate officers have a “duty of oversight,” this time looking at the implications for internal audit executives. You in the audit crowd have both good news and bad news here. The good news is that this ruling turns up the heat…
Read MoreWhy Internal Auditors Are Annoyed
Today I want to circle back to that proposal from the Public Company Accounting Oversight Board about third-party confirmations in financial audits, a seemingly reasonable idea that in practice has alienated legions of internal auditors. We should take a few minutes to understand why that is. For those who missed our first post on this…
Read MoreConfirmations Contretemps in Audit World!
The internal auditing world is in an uproar this week over a proposed new auditing standard from the Public Company Accounting Oversight Board — one that throws some notable shade at the internal audit profession, and prompted the Institute of Internal Auditors to declare that it is “deeply concerned” about the idea. The proposed standard…
Read MoreGetting a Better Grip on IT Controls
Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …
Read MoreThoughts on ESG Controls & Reporting
I spent several days last week attending the annual user conference for Workiva, maker of audit and risk management software. ESG was all over the agenda, with numerous speakers talking about how to integrate ESG concerns into your annual audit and reporting. I took detailed notes, and my recap is below. First, I was struck…
Read More