Posts Tagged ‘internal audit’
Why Internal Auditors Are Annoyed
Today I want to circle back to that proposal from the Public Company Accounting Oversight Board about third-party confirmations in financial audits, a seemingly reasonable idea that in practice has alienated legions of internal auditors. We should take a few minutes to understand why that is. For those who missed our first post on this…
Read MoreConfirmations Contretemps in Audit World!
The internal auditing world is in an uproar this week over a proposed new auditing standard from the Public Company Accounting Oversight Board — one that throws some notable shade at the internal audit profession, and prompted the Institute of Internal Auditors to declare that it is “deeply concerned” about the idea. The proposed standard…
Read MoreGetting a Better Grip on IT Controls
Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …
Read MoreThoughts on ESG Controls & Reporting
I spent several days last week attending the annual user conference for Workiva, maker of audit and risk management software. ESG was all over the agenda, with numerous speakers talking about how to integrate ESG concerns into your annual audit and reporting. I took detailed notes, and my recap is below. First, I was struck…
Read MoreFresh Approaches to Cybersecurity Risk
Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…
Read MoreOn Wisconsin and Cyber Risks
IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…
Read MorePointers on Preventing Ransomware
Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…
Read MoreDispatches From IIA Conference
The Institute of Internal Auditors held its global annual conference this week in Chicago, drawing together more than 1,700 audit professionals for its first in-person conference since 2019 to talk about internal controls, audit reports, working with boards, and lots more. Yours truly was on the scene, and I’ve pulled together some dispatches from social…
Read MoreSome Thoughts on IT Workforce Risks
Looking for another reason to worry about the long-term success of your compliance, audit, or risk management efforts? Fear not! A recent report on workforce development in cybersecurity paints a stark picture of just how challenging it is these days to build and maintain a good team. The report comes from ISACA, the professional association…
Read MoreCitigroup Internal Audit Hiring Spree
Citigroup announced today that it plans to hire at least 100 additional internal auditors next year, one of the largest single hiring sprees we’ve seen in the field in years. If any audit professionals out there like the banking sector and want a change of pace, here’s your big chance. Citi already has more than…
Read More