• Blog

Thinking Like an Auditor

  • Our goal is to bring you the latest audit and controls industry related content that's essential to all audit and compliance departments regardless of your team size or chosen software solutions. We want to share the best practices and insights that come from our unique global position with everyone in the audit and compliance community.



    Is Your Audit Analytics Program Actually Good?

    December 5, 2019 | By Ken Petersen, MBA, PMP

    Do you ever wonder if your audit analytics program is any good? And, if so, how do you know? Do you even know what a “good” audit analytics program looks like? And how would you know if you are improving?



    Growing Audit Capability for the Future

    November 21, 2019 | By Sio Naidoo, B.Compt, MPA-MBA, PMIIA, CIA

    As organizations navigate increasing complexity and rapidly changing business environments, Internal Audit has to assess its challenges for the future.



    Addressing Emerging Risks with Agile Combined Assurance

    November 14, 2019 | By Toby DeRoche, MBA, CIA, CCSA, CRMA, CICA, CFE

    The world is evolving faster than ever, especially when we consider the impact of technological advancement. The pace of change poses a unique challenge for internal auditors. To meet the challenge, auditors must be agile and always poised to address emerging risks.



    How OKRs will Help Internal Audit Evolve

    October 8, 2019 | By Colleen Knuff, CPA, CIA, CISA, CRMA, NPDP

    In most organizations, with the start of a new calendar year, we are asked to set goals for the upcoming year. Hopefully, we meet with our managers on a regular basis to review these goals, and at the end of the year, we self-report on the achievement of goals.



    Coordinating your Lines of Defense: A Critical Imperative

    September 19, 2019 | By Toby DeRoche, MBA, CIA, CCSA, CRMA, CICA, CFE

    Combined Assurance has been a topic of conversation in audit for the last few years. Now with the pending updates to the Three Lines of Defense model, the topic is even more critical.



    How to Find Talent Elasticity

    August 20, 2019 | By Colleen Knuff, CPA, CIA, CISA, CRMA, NPDP

    Is your department short staffed right now? Guess what, it's not just you. Four out of five CAEs report challenges in filling open positions. If those open positions require specialized skills, well now that just got twice as hard.



    Getting on Board the Blockchain Train

    July 31, 2019 | By Colleen Knuff, CPA, CIA, CISA, CRMA, NPDP

    Internal audit cannot avoid thinking about and planning for blockchain, that train is coming full steam ahead. The biggest questions are how to educate yourself about blockchain, how to identify and assess risk, and how to know if process controls in this new blockchain world are designed effectively and efficiently.



    75% of Your Audits aren’t Based on Data. Does the Audit Committee Know?

    July 10, 2019 | By Ken Petersen, MBA, PMP

    75% of your audits aren’t based on data. Don’t believe me? Great! I’d like for you to go back through your audits from the last year and count how many you performed and how many contained an analysis of data.



    Is Your Audit Department “Highly Effective”?

    June 6, 2019 | By Toby DeRoche, MBA, CIA, CCSA, CRMA, CICA, CFE

    Today's fast-paced and evolving business environment requires an internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”?



    Making the Complex Simple: Seeing Your Organization Through Multiple Lenses

    May 30, 2019 | By Andy Broughton, CIA, CRMA

    Despite an organization’s complexity, it’s the role of internal audit to provide assurance to audit committees and executive stakeholders. To do that, internal audit needs a view of the business that allows them to assess risks, prioritize audits, understand how much coverage the audit plan provides, and what parts of the organization have high-risk audit findings.



    How do you get all your auditors doing analytics?

    April 24, 2019 | By Ken Petersen, MBA, PMP

    Many audit teams are performing analytics in a centralized manner. Meaning they have one or a few people performing all their analytics and the rest of the team really aren’t doing much and unfortunately, aren’t expected to. But what if they had more resources capable of performing analytics on more audits?

    Continue Reading...



    Embracing Multigenerational Teams in Audit

    March 27, 2019 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA, CFE

    We currently have 5 distinct generations in the workplace, including in internal audit and compliance departments. While much of the focus is on the two younger generations, the inclusion of millennials and Gen Z into the existing team structure affects everyone.

    Continue Reading...



    Wear Your SOX Well

    March 7, 2019 | By Curt Barnhill, CICA, BBA

    Good resources coupled with a good tool can lead to a good SOX process, but a great tool will lead to a great SOX process. Whether you’re a team of 3 or a team of 50, if the goal is to “wear your SOX well,” then incorporating a controls management tool into your process can get you there quickly and efficiently.

    Continue Reading...



    Time and Expense Fraud – Expense Abuse – Gaming the Limits

    February 15, 2019 | By Lyle Jacon, BBA, MBA

    There are many ways that companies may lose money through Time and Expense fraud – some intentional, others accidental. But, putting in place certain tests and ensuring employees know that all expenses are monitored could reduce losses related to non-supported expense reimbursements.

    Continue Reading...



    Top 3 Areas for Improving Your Audit Department

    January 30, 2019 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA, CFE

    In the past eight years, I have worked with more than 500 audit departments. Most of the people I talk to every day are looking for a solution to their unique requirements. When I look back across all those departments, they definitely have unique needs, but in general, they are vastly more similar than different.

    Continue Reading...



    Top 7 Analytics Tests for T&E Expenses

    January 16, 2019 | By Jen Terry

    All expense policies have their own nuances, but there are some simple tests that we should include in every T&E audit analytics program.

    Continue Reading...


    Twas the Night Before Christmas (Audit Edition)

    December 13, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA, CFE

    The classic story retold with a bit of audit humor.

    Continue Reading...


    Same Audit Technology – Different Results

    November 23, 2018 | By Mike Gowell

    Are you getting the maximum return from your technology investment?

    Continue Reading...


    Data Analytics vs. Big Data and How Both are Evolving

    October 25, 2018 | By Ken Petersen, MBA, PMP

    The audit industry is being pushed for more data analytics, so does this mean that auditors need to be able to work with big data? The two terms are often used interchangeably, but they really mean two different things.

    Continue Reading...


    A Successful Analytics Program is More Than Just Software

    September 13, 2018 | By Ken Petersen, MBA, PMP

    Six months ago, you bought your audit analytics software and had it installed so everyone can access it. Yet a look at the audits coming in since that time, you haven’t seen a noticeable change in the use of analytics in the audits. What could be wrong?

    Continue Reading...


    The 7 Habits of Highly Ineffective Auditors

    August 17, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Despite all the books, articles, training, and guidance available from The IIA, not everyone in internal audit is a superstar. In most audit departments, some individuals are great examples of what not to do. They may be ineffective as leaders, have weak technical skills, or poor soft skills. Let’s look deeper into the habits that make them less than stellar.

    Continue Reading...


    Audit Analytics – Matching Addresses

    July 20, 2018 | By Lyle Jacon, BBA, MBA

    One of the most common questions we receive on Audit Data Analytics is how to match addresses. It is a source of frustration with many of our clients and auditors in general. Most of the time it is to help with fraud prevention by identifying employees that are also vendors or, in instances where fraudulent companies are set up using the same business address.

    Continue Reading...


    Future-Proof Audit Solutions

    June 21, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Technology changes faster than most of us can react. Even for the most responsive audit departments, it is very difficult to keep up with all of the changes that are available to us. As auditors, we depend on three key pieces of technology including audit management software, data analytics, and reporting tools. Over the years, these three tools have gone through huge changes, so how do you keep up with the pace of technology?

    Continue Reading...


    Analytics – Aggregating Spend by Matching Records that Don’t Match

    May 1, 2018 | By Lyle Jacon, BBA, MBA

    My job is to talk to auditors about using data analytics software every day. Many are working on their audit analytics programs and most have issues with data preparation before even conducting audit analytics.

    Continue Reading...


    Combined Assurance Led by Internal Audit

    April 5, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    We’ve been talking about internal audit as a trusted advisor for a few years now. Many departments have excelled in increasing the presence of internal audit in their organizations by taking on a risk and control advisory role, while maintaining independence, to deepen the trust in the auditors as risk and control experts. It’s time for us to evolve beyond trusted advisor to relevant partner.

    Continue Reading...


    The Opportunity for Internal Audit Teams in Activity Based Working

    March 1, 2018| By Sio Naidoo, B.Compt, MPA-MBA, PMIIA, CIA

    Globally, organizations are responding to changes in global trends in the workforce, the impact of new and innovative technologies by exploring new ways employees work and interact. This is also driven by organizations’ need to reduce costs and manage risks in new and innovative ways – management is realizing that work is what you do and not where you go.

    Continue Reading...


    Why Auditors Clash with Management

    February 15, 2018| By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The audit is over, it’s time for the closing meeting, and the battle lines have been drawn. In the tension filled moments before the meeting begins, audit stands resolute, ready to argue with management, armed with the fully supported, cross-referenced audit report.

    Continue Reading...


    Audit Analytics – Understanding Your Data

    January 31, 2018 | By Lyle Jacon, BBA, MBA

    As part of your Standard Operating Procedures or best practices, we suggest you start every audit with testing five key areas to get a better understanding of the data you’ve received.

    Continue Reading...


    The Value of Assurance Mapping

    October 20, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    As we look for ways to provide relevant risk information to the audit committee and adopt a combined assurance approach, a valuable way we can highlight the current state of our organizational risk profile is with a risk coverage map.

    Continue Reading...


    Agile Auditing: Rethinking the Audit Plan

    July 11, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Every year, most audit departments dust off the previous year’s risk assessment as a starting point for the upcoming year. With some variations, we all do basically the same thing. Update the audit universe, engage with management to discuss the risks in their areas, score and rank the audit universe, and then pick areas to add to the plan. We then present the plan to the audit committee, and commit to getting it all done in the next year. Some departments will proactively revisit the audit plan each quarter, but we rarely deviate from the audit plan we presented.

    Continue Reading...


    10 Steps to Solving Market Problems in Internal Audit

    May 19, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    I recently spoke with an auditor who was lamenting about his organization hiring a team of consultants to evaluate how well a business unit was addressing process changes needed to better solve a set of client problems. He thought internal audit should have been tasked with this work.

    Continue Reading...


    Audit Analytics: Is Sampling Enough for Internal Controls Testing?

    April 21, 2017 | By Stefan Davis MEng, MBA

    Virtually every auditor, whether internal or external, has to test the effectiveness of internal control procedures. For an external auditor, internal controls effectiveness testing allows you to have comfort over an assertion without needing to test substantively. For an internal auditor, a significant part of their role is providing assurance to management .

    Continue Reading...


    The Importance of Good User Interface Design

    April 4, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    Like so many internal auditors, my career started in internal audit with columnar paper and red/ green pencils as the basis of how to record my work. I took great pride in the neat and tidy appearance of my writing, page referencing and tickmark placement. Even twenty years ago, user interface mattered to me.

    Continue Reading...


    Continued Education – the Value of Staying Relevant

    February 21, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    We made it to another year and memories of December are already fading. The end of the year is a special time in audit departments. Most departments are trying to wrap up their annual audit plan, put together a draft of the January audit committee report, some are thinking about holiday parties, and everyone with a certification is trying to figure out how they are going to get enough Continuing Professional Education hours (CPEs) to meet year-end reporting deadlines.

    Continue Reading...


    #UnderstandingSocialMediaRisk – Beware of Rogue Posters

    February 7, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Identifying and assessing risk is the basis of most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. In today’s environment, new risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.

    Continue Reading...


    Share Your Toys :Leveraging Audit Technology across the Three Lines of Defense

    January 18, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal auditors have traditionally led the charge in risk assessment and control monitoring and testing techniques. We have excelled in adopting new technology designed to improve our testing effectiveness and efficiency. It’s time for us to share our tools with other risk and control functions in our organizations.

    Continue Reading...


    The Holidays – A Time for Giving – or Taking?

    December 15, 2016 | By Stefan Davis MEng, MBA

    During the holidays, many people take the opportunity to share their time and talents with others. Unfortunately, some people see the holidays as a perfect opportunity to take advantage of others. In any organization, the holiday season could bring numerous additional fraud risks and fraud indicators that businesses and their auditors should bear in mind.

    Continue Reading...


    Auditing Culture Part 3: Unique Challenges

    November 29, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In the previous installments on this topic, we defined culture for the purpose of understanding the nature of the audit, and we discussed applying a red flag approach as a methodology to performing the audit. In this third installment, we will discuss a few unique challenges presented by auditing culture.

    Continue Reading...


    Auditing Culture Part 2: Where to Begin

    November 16, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In our first installment on this topic, we defined the term culture for the purpose of performing an audit. With an understanding of culture in place, we can discuss an approach to performing the audit.

    Continue Reading...


    Auditing Culture Part 1: Defining Culture

    October 31, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. At first glance, culture may seem like just another risk factor to consider in a governance audit.

    Continue Reading...


    Top 3 Concerns When Choosing a Cloud Vendor

    August 19, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent article in CNN’s Money, there was a discussion about IBM shifting its corporate strategy away from hardware in favor of cloud computing services.

    Continue Reading...


    A Lesson on the Nature of Control

    July 8, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    On July 4th, a day when all service professionals are on vacation, my refrigerator stopped working. My wife and I ran to a store to buy a mini fridge and crammed all of the food for a family of four into an appliance meant for a dorm room...

    Continue Reading...


    5 Critical Steps to Applying Data Analytics

    June 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Toby DeRoche looks at the five critical steps to applying data analytics and understanding and overcoming the challenges.

    Continue Reading...


    Demystifying Data Analytics

    May 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Despite the fact that data analytics has been part of the audit conversation for almost 30 years, most audit departments are still struggling with implementing an effective data analytics strategy. The two main contributing factors causing this problem are software and culture. To help everyone understand this issue and how we can all be part of the solution, let’s look at this as if it were an issue in an audit report.

    Continue Reading...


    Internal Audit and EH&S – A Natural Partnership

    April 7, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Often when we discuss the duties of various groups within an organization, there are clear, distinct functions. For example, there are distinct differences between accounting and operations. Even within departments, there are discreet boundaries between accounts payable and accounts receivable teams. Under the umbrella of corporate governance, however, we find overlapping responsibilities.Given the level of risk inherent to corporate governance, we can argue that the overlap is by design.

    Continue Reading...


    The Millennial Evolution

    March 1, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Millennial generation is now firmly embedded in the workplace, including in internal audit and compliance departments. A recent Deloitte Millennial Survey predicts that “Millennials, who are already emerging as leaders in technology and other industries, will comprise 75 percent of the global workforce by 2025”. From a management perspective, we need to blend the realities of the work we do with the sociable, optimistic, collaborative, tech savvy, and achievement oriented Millennial staff.

    Continue Reading...


    GRC & Audit-The Right Tool for the Right Job

    January 22, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent blog posting, The Audit Department's Unseen Risks, we discussed the problem of overreliance on Microsoft Office, specifically Word and Excel, for performing audit and compliance work. With these applications, we find that the tools are not complex enough for our needs. EVERY AUDIT AND COMPLIANCE DEPARTMENT’S NEEDS ARE COMPLEX, AND YOU NEED COMPLEX TOOLS DESIGNED FOR THE JOB. As an audit or compliance professional, what type of software do you really need? At what point does your software solution go from being complex to simply confusing?

    Continue Reading...


    Presentations that Impress Your Audit Committee

    December 1, 2015 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal Audit departments have a unique position within an organization. Audit is one of the only groups in any organization with direct access to the board, and in particular to the audit committee. A good internal audit department is one that can effectively work with the audit committee as a partner in enterprise governance. A world-class internal audit department goes much further. As a best practice the audit committee should be educated on the state of the organization and the work performed by audit. The Institute of Internal Auditors (The IIA)1 even states that “the critical connection between audit committee effectiveness and internal auditing mandates that committee members maintain an in-depth understanding of internal audit best practices and how their internal audit activity is functioning”.

    Continue Reading...


    The Holy Grail of Internal Audit

    August 13, 2015 | by: Brad Zolkoske

    With risk continually at the forefront of the profession, having been incorporated into our authoritative guidance, why is it that I run across so few people who are satisfied with their risk program and the role it plays in the work of internal audit? With effective risk programs remaining elusive I am reminded of King Arthur’s search for the Holy Grail.

    Continue Reading...


    Risk and Control Self-Assessment: Beyond the Survey

    June 17, 2015 | by: Toby DeRoche

    At some point in the last decade, auditors seem to have forgotten a major aspect of the Risk and Control Self-Assessment (RCSA) . Lately, it seems like the RCSA has become only a control focused survey, or even just another word for Internal Control Questionnaires (ICQs). It is true that RCSA's have a survey element, but a true self-assessment can be so much more.

    Continue Reading...


    The Audit Department's Unseen Risk

    May 7, 2015 | by: Toby DeRoche

    Internal Audit Departments around the world have an obligation to inform management about the risks inherent to their organizations, but what about the risks inherent to the audit department itself. The Institute of Internal Auditors (IIA) points out several high level issues commonly identified during the Quality Assurance and Improvement Program.

    Continue Reading...


    The COSO Compliance Struggle

    March 24, 2015 | by: Toby DeRoche

    The deadline for meeting the guidance from the updated 2013 COSO Framework has come and gone, but many organizations are still struggling to understand exactly what they were supposed to do to meet the requirements. Many are not even sure what the requirements really were since there is conflicting information being passed from company to company. Find out what the update entailed, why there are misconceptions, and how to move forward.

    Continue Reading...


    Increasing Internal Audit Effectiveness with Data Analytics

    February 25, 2015 | by: Toby DeRoche

    In the past few years, big data and data analytics have become buzz words in nearly all business settings. Experts estimate that there will be 35 trillion gigabytes of stored data in the world by 2020. Many organizations have been reacting quickly to the big data growth trend by increasing the capacity for reporting on the information and analyzing the data.

    Continue Reading...


    Welcome to the Thinking Like an Auditor Blog

    February 25, 2015

    All audit and compliance professionals are expected to keep up with trends and challenges in our industry. With the all demands on our daily lives, it is hard to find the time to do the research and reading. We have the answer. Welcome to Thinking like an Auditor, the audit and compliance blog sponsored by TeamMate. Our goal with this blog is to bring you the latest audit and controls industry related content

    Continue Reading...