Our goal is to bring you the latest audit and controls industry related content that's essential to all audit and compliance departments regardless of your team size or chosen software solutions. We want to share the best practices and insights that come from our unique global position with everyone in the audit and compliance community.
Subscribe to this feed.
Audit Analytics: Is Sampling Enough for Internal Controls Testing?
April 21, 2017 | By Stefan Davis MEng, MBA
Virtually every auditor, whether internal or external, has to test the effectiveness of internal control procedures. For an external auditor, internal controls effectiveness testing allows you to have comfort over an assertion without needing to test substantively. For an internal auditor, a significant part of their role is providing assurance to management .
The Importance of Good User Interface Design
April 4, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA
Like so many internal auditors, my career started in internal audit with columnar paper and red/ green pencils as the basis of how to record my work. I took great pride in the neat and tidy appearance of my writing, page referencing and tickmark placement. Even twenty years ago, user interface mattered to me.
Continued Education – the Value of Staying Relevant
February 21, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
We made it to another year and memories of December are already fading. The end of the year is a special time in audit departments. Most departments are trying to wrap up their annual audit plan, put together a draft of the January audit committee report, some are thinking about holiday parties, and everyone with a certification is trying to figure out how they are going to get enough Continuing Professional Education hours (CPEs) to meet year-end reporting deadlines.
#UnderstandingSocialMediaRisk – Beware of Rogue Posters
February 7, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Identifying and assessing risk is the basis of most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. In today’s environment, new risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.
Share Your Toys :Leveraging Audit Technology across the Three Lines of Defense
January 18, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Internal auditors have traditionally led the charge in risk assessment and control monitoring and testing techniques. We have excelled in adopting new technology designed to improve our testing effectiveness and efficiency. It’s time for us to share our tools with other risk and control functions in our organizations.
The Holidays – A Time for Giving – or Taking?
December 15, 2016 | By Stefan Davis MEng, MBA
During the holidays, many people take the opportunity to share their time and talents with others. Unfortunately, some people see the holidays as a perfect opportunity to take advantage of others. In any organization, the holiday season could bring numerous additional fraud risks and fraud indicators that businesses and their auditors should bear in mind.
Auditing Culture Part 3: Unique Challenges
November 29, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In the previous installments on this topic, we defined culture for the purpose of understanding the nature of the audit, and we discussed applying a red flag approach as a methodology to performing the audit. In this third installment, we will discuss a few unique challenges presented by auditing culture.
Auditing Culture Part 2: Where to Begin
November 16, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In our first installment on this topic, we defined the term culture for the purpose of performing an audit. With an understanding of culture in place, we can discuss an approach to performing the audit.
Auditing Culture Part 1: Defining Culture
October 31, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. At first glance, culture may seem like just another risk factor to consider in a governance audit.
Top 3 Concerns When Choosing a Cloud Vendor
August 19, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
In a recent article in CNN’s Money, there was a discussion about IBM shifting its corporate strategy away from hardware in favor of cloud computing services.
A Lesson on the Nature of Control
July 8, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
On July 4th, a day when all service professionals are on vacation, my refrigerator stopped working. My wife and I ran to a store to buy a mini fridge and crammed all of the food for a family of four into an appliance meant for a dorm room...
5 Critical Steps to Applying Data Analytics
June 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Toby DeRoche looks at the five critical steps to applying data analytics and understanding and overcoming the challenges.
Demystifying Data Analytics
May 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Despite the fact that data analytics has been part of the audit conversation for almost 30 years, most audit departments are still struggling with implementing an effective data analytics strategy. The two main contributing factors causing this problem are software and culture. To help everyone understand this issue and how we can all be part of the solution, let’s look at this as if it were an issue in an audit report.
Internal Audit and EH&S – A Natural Partnership
April 7, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Often when we discuss the duties of various groups within an organization, there are clear, distinct functions. For example, there are distinct differences between accounting and operations. Even within departments, there are discreet boundaries between accounts payable and accounts receivable teams. Under the umbrella of corporate governance, however, we find overlapping responsibilities.Given the level of risk inherent to corporate governance, we can argue that the overlap is by design.
The Millennial Evolution
March 1, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
The Millennial generation is now firmly embedded in the workplace, including in internal audit and compliance departments. A recent Deloitte Millennial Survey predicts that “Millennials, who are already emerging as leaders in technology and other industries, will comprise 75 percent of the global workforce by 2025”. From a management perspective, we need to blend the realities of the work we do with the sociable, optimistic, collaborative, tech savvy, and achievement oriented Millennial staff.
GRC & Audit-The Right Tool for the Right Job
January 22, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
In a recent blog posting, The Audit Department's Unseen Risks, we discussed the problem of overreliance on Microsoft Office, specifically Word and Excel, for performing audit and compliance work. With these applications, we find that the tools are not complex enough for our needs. EVERY AUDIT AND COMPLIANCE DEPARTMENT’S NEEDS ARE COMPLEX, AND YOU NEED COMPLEX TOOLS DESIGNED FOR THE JOB. As an audit or compliance professional, what type of software do you really need? At what point does your software solution go from being complex to simply confusing?
Presentations that Impress Your Audit Committee
December 1, 2015 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA
Internal Audit departments have a unique position within an organization. Audit is one of the only groups in any organization with direct access to the board, and in particular to the audit committee. A good internal audit department is one that can effectively work with the audit committee as a partner in enterprise governance. A world-class internal audit department goes much further. As a best practice the audit committee should be educated on the state of the organization and the work performed by audit. The Institute of Internal Auditors (The IIA)1 even states that “the critical connection between audit committee effectiveness and internal auditing mandates that committee members maintain an in-depth understanding of internal audit best practices and how their internal audit activity is functioning”.
Audit Analytics Offer Perspective
November 16, 2015 | by: Claudio de los Rios, CPA, CA
I’ve often been asked, “What do you do”? Sometimes I reply simply, “I’m an internal auditor.” Other times, I might feel like stirring the conversation and say something along the lines of how I try and help keep the CEO and CFO out of prison. Ultimately though, what we do as auditors is communicate. We help put into words what is happening in an organization and make sure the right people are aware of it. But we need to do more than simply relay the facts. We need to interpret those findings in such a way, as our audience understands why it matters.
The Holy Grail of Internal Audit
August 13, 2015 | by: Brad Zolkoske
With risk continually at the forefront of the profession, having been incorporated into our authoritative guidance, why is it that I run across so few people who are satisfied with their risk program and the role it plays in the work of internal audit? With effective risk programs remaining elusive I am reminded of King Arthur’s search for the Holy Grail.
Risk and Control Self-Assessment: Beyond the Survey
June 17, 2015 | by: Toby DeRoche
At some point in the last decade, auditors seem to have forgotten a major aspect of the Risk and Control Self-Assessment (RCSA) . Lately, it seems like the RCSA has become only a control focused survey, or even just another word for Internal Control Questionnaires (ICQs). It is true that RCSA's have a survey element, but a true self-assessment can be so much more.
The Audit Department's Unseen Risk
May 7, 2015 | by: Toby DeRoche
Internal Audit Departments around the world have an obligation to inform management about the risks inherent to their organizations, but what about the risks inherent to the audit department itself. The Institute of Internal Auditors (IIA) points out several high level issues commonly identified during the Quality Assurance and Improvement Program.
The COSO Compliance Struggle
March 24, 2015 | by: Toby DeRoche
The deadline for meeting the guidance from the updated 2013 COSO Framework has come and gone, but many organizations are still struggling to understand exactly what they were supposed to do to meet the requirements. Many are not even sure what the requirements really were since there is conflicting information being passed from company to company. Find out what the update entailed, why there are misconceptions, and how to move forward.
Increasing Internal Audit Effectiveness with Data Analytics
February 25, 2015 | by: Toby DeRoche
In the past few years, big data and data analytics have become buzz words in nearly all business settings. Experts estimate that there will be 35 trillion gigabytes of stored data in the world by 2020. Many organizations have been reacting quickly to the big data growth trend by increasing the capacity for reporting on the information and analyzing the data.
Welcome to the Thinking Like an Auditor Blog
February 25, 2015
All audit and compliance professionals are expected to keep up with trends and challenges in our industry. With the all demands on our daily lives, it is hard to find the time to do the research and reading. We have the answer. Welcome to Thinking like an Auditor, the audit and compliance blog sponsored by TeamMate. Our goal with this blog is to bring you the latest audit and controls industry related content