Posts Tagged ‘internal audit’
Thoughts on ESG Controls & Reporting
I spent several days last week attending the annual user conference for Workiva, maker of audit and risk management software. ESG was all over the agenda, with numerous speakers talking about how to integrate ESG concerns into your annual audit and reporting. I took detailed notes, and my recap is below. First, I was struck…
Read MoreFresh Approaches to Cybersecurity Risk
Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…
Read MoreOn Wisconsin and Cyber Risks
IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…
Read MorePointers on Preventing Ransomware
Among the many interesting discussions I heard at the Institute of Internal Auditors’ global conference this week, one particularly compelling session was about ransomware: how attackers try to foist it upon companies, and the internal controls you could implement to keep such attacks at bay. Since ransomware risk is going nowhere but up these days,…
Read MoreDispatches From IIA Conference
The Institute of Internal Auditors held its global annual conference this week in Chicago, drawing together more than 1,700 audit professionals for its first in-person conference since 2019 to talk about internal controls, audit reports, working with boards, and lots more. Yours truly was on the scene, and I’ve pulled together some dispatches from social…
Read MoreSome Thoughts on IT Workforce Risks
Looking for another reason to worry about the long-term success of your compliance, audit, or risk management efforts? Fear not! A recent report on workforce development in cybersecurity paints a stark picture of just how challenging it is these days to build and maintain a good team. The report comes from ISACA, the professional association…
Read MoreCitigroup Internal Audit Hiring Spree
Citigroup announced today that it plans to hire at least 100 additional internal auditors next year, one of the largest single hiring sprees we’ve seen in the field in years. If any audit professionals out there like the banking sector and want a change of pace, here’s your big chance. Citi already has more than…
Read MoreGrappling With Artificial Intelligence
Later this week I’ll have the privilege to moderate a panel discussion on artificial intelligence at the Society of Corporate Compliance & Ethics’ 2021 conference — and as fate would have it, COSO published guidance last week on the risk management challenges around AI. So let’s dig into the subject, since clearly the universe is…
Read MorePortrait of Internal Audit Teams, Squeezed
We have two new reports this week on the predicament of internal audit functions, trapped between the need to provide better risk analysis during the pandemic and corporate overlords a bit less than willing to fund your need for better technologies. The first report came from research firm Gartner on Wednesday, and found that for…
Read MoreA Tale: Audit vs. Compliance
My phone rang the other day; it was the U.S. compliance officer at a large global business whom I know quite well. “Hey,” he said, “you know the statistic that more than half of internal audit people have felt pressure to cover up awkward findings in their work? I have a complaint about that.” I…
Read More