• Blog

Thinking Like an Auditor

  • Our goal is to bring you the latest audit and controls industry related content that's essential to all audit and compliance departments regardless of your team size or chosen software solutions. We want to share the best practices and insights that come from our unique global position with everyone in the audit and compliance community.


    RSS Button Subscribe to this feed.


    10 Steps to Solving Market Problems in Internal Audit

    May 19, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    I recently spoke with an auditor who was lamenting about his organization hiring a team of consultants to evaluate how well a business unit was addressing process changes needed to better solve a set of client problems. He thought internal audit should have been tasked with this work.

    Continue Reading...


    Audit Analytics: Is Sampling Enough for Internal Controls Testing?

    April 21, 2017 | By Stefan Davis MEng, MBA

    Virtually every auditor, whether internal or external, has to test the effectiveness of internal control procedures. For an external auditor, internal controls effectiveness testing allows you to have comfort over an assertion without needing to test substantively. For an internal auditor, a significant part of their role is providing assurance to management .

    Continue Reading...


    The Importance of Good User Interface Design

    April 4, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    Like so many internal auditors, my career started in internal audit with columnar paper and red/ green pencils as the basis of how to record my work. I took great pride in the neat and tidy appearance of my writing, page referencing and tickmark placement. Even twenty years ago, user interface mattered to me.

    Continue Reading...


    Continued Education – the Value of Staying Relevant

    February 21, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    We made it to another year and memories of December are already fading. The end of the year is a special time in audit departments. Most departments are trying to wrap up their annual audit plan, put together a draft of the January audit committee report, some are thinking about holiday parties, and everyone with a certification is trying to figure out how they are going to get enough Continuing Professional Education hours (CPEs) to meet year-end reporting deadlines.

    Continue Reading...


    #UnderstandingSocialMediaRisk – Beware of Rogue Posters

    February 7, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Identifying and assessing risk is the basis of most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. In today’s environment, new risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.

    Continue Reading...


    Share Your Toys :Leveraging Audit Technology across the Three Lines of Defense

    January 18, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal auditors have traditionally led the charge in risk assessment and control monitoring and testing techniques. We have excelled in adopting new technology designed to improve our testing effectiveness and efficiency. It’s time for us to share our tools with other risk and control functions in our organizations.

    Continue Reading...


    The Holidays – A Time for Giving – or Taking?

    December 15, 2016 | By Stefan Davis MEng, MBA

    During the holidays, many people take the opportunity to share their time and talents with others. Unfortunately, some people see the holidays as a perfect opportunity to take advantage of others. In any organization, the holiday season could bring numerous additional fraud risks and fraud indicators that businesses and their auditors should bear in mind.

    Continue Reading...


    Auditing Culture Part 3: Unique Challenges

    November 29, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In the previous installments on this topic, we defined culture for the purpose of understanding the nature of the audit, and we discussed applying a red flag approach as a methodology to performing the audit. In this third installment, we will discuss a few unique challenges presented by auditing culture.

    Continue Reading...


    Auditing Culture Part 2: Where to Begin

    November 16, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In our first installment on this topic, we defined the term culture for the purpose of performing an audit. With an understanding of culture in place, we can discuss an approach to performing the audit.

    Continue Reading...


    Auditing Culture Part 1: Defining Culture

    October 31, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. At first glance, culture may seem like just another risk factor to consider in a governance audit.

    Continue Reading...


    Top 3 Concerns When Choosing a Cloud Vendor

    August 19, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent article in CNN’s Money, there was a discussion about IBM shifting its corporate strategy away from hardware in favor of cloud computing services.

    Continue Reading...


    A Lesson on the Nature of Control

    July 8, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    On July 4th, a day when all service professionals are on vacation, my refrigerator stopped working. My wife and I ran to a store to buy a mini fridge and crammed all of the food for a family of four into an appliance meant for a dorm room...

    Continue Reading...


    5 Critical Steps to Applying Data Analytics

    June 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Toby DeRoche looks at the five critical steps to applying data analytics and understanding and overcoming the challenges.

    Continue Reading...


    Demystifying Data Analytics

    May 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Despite the fact that data analytics has been part of the audit conversation for almost 30 years, most audit departments are still struggling with implementing an effective data analytics strategy. The two main contributing factors causing this problem are software and culture. To help everyone understand this issue and how we can all be part of the solution, let’s look at this as if it were an issue in an audit report.

    Continue Reading...


    Internal Audit and EH&S – A Natural Partnership

    April 7, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Often when we discuss the duties of various groups within an organization, there are clear, distinct functions. For example, there are distinct differences between accounting and operations. Even within departments, there are discreet boundaries between accounts payable and accounts receivable teams. Under the umbrella of corporate governance, however, we find overlapping responsibilities.Given the level of risk inherent to corporate governance, we can argue that the overlap is by design.

    Continue Reading...


    The Millennial Evolution

    March 1, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Millennial generation is now firmly embedded in the workplace, including in internal audit and compliance departments. A recent Deloitte Millennial Survey predicts that “Millennials, who are already emerging as leaders in technology and other industries, will comprise 75 percent of the global workforce by 2025”. From a management perspective, we need to blend the realities of the work we do with the sociable, optimistic, collaborative, tech savvy, and achievement oriented Millennial staff.

    Continue Reading...


    GRC & Audit-The Right Tool for the Right Job

    January 22, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent blog posting, The Audit Department's Unseen Risks, we discussed the problem of overreliance on Microsoft Office, specifically Word and Excel, for performing audit and compliance work. With these applications, we find that the tools are not complex enough for our needs. EVERY AUDIT AND COMPLIANCE DEPARTMENT’S NEEDS ARE COMPLEX, AND YOU NEED COMPLEX TOOLS DESIGNED FOR THE JOB. As an audit or compliance professional, what type of software do you really need? At what point does your software solution go from being complex to simply confusing?

    Continue Reading...


    Presentations that Impress Your Audit Committee

    December 1, 2015 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal Audit departments have a unique position within an organization. Audit is one of the only groups in any organization with direct access to the board, and in particular to the audit committee. A good internal audit department is one that can effectively work with the audit committee as a partner in enterprise governance. A world-class internal audit department goes much further. As a best practice the audit committee should be educated on the state of the organization and the work performed by audit. The Institute of Internal Auditors (The IIA)1 even states that “the critical connection between audit committee effectiveness and internal auditing mandates that committee members maintain an in-depth understanding of internal audit best practices and how their internal audit activity is functioning”.

    Continue Reading...


    Audit Analytics Offer Perspective

    November 16, 2015 | by: Claudio de los Rios, CPA, CA

    I’ve often been asked, “What do you do”? Sometimes I reply simply, “I’m an internal auditor.” Other times, I might feel like stirring the conversation and say something along the lines of how I try and help keep the CEO and CFO out of prison. Ultimately though, what we do as auditors is communicate. We help put into words what is happening in an organization and make sure the right people are aware of it. But we need to do more than simply relay the facts. We need to interpret those findings in such a way, as our audience understands why it matters.

    Continue Reading...


    The Holy Grail of Internal Audit

    August 13, 2015 | by: Brad Zolkoske

    With risk continually at the forefront of the profession, having been incorporated into our authoritative guidance, why is it that I run across so few people who are satisfied with their risk program and the role it plays in the work of internal audit? With effective risk programs remaining elusive I am reminded of King Arthur’s search for the Holy Grail.

    Continue Reading...


    Risk and Control Self-Assessment: Beyond the Survey

    June 17, 2015 | by: Toby DeRoche

    At some point in the last decade, auditors seem to have forgotten a major aspect of the Risk and Control Self-Assessment (RCSA) . Lately, it seems like the RCSA has become only a control focused survey, or even just another word for Internal Control Questionnaires (ICQs). It is true that RCSA's have a survey element, but a true self-assessment can be so much more.

    Continue Reading...


    The Audit Department's Unseen Risk

    May 7, 2015 | by: Toby DeRoche

    Internal Audit Departments around the world have an obligation to inform management about the risks inherent to their organizations, but what about the risks inherent to the audit department itself. The Institute of Internal Auditors (IIA) points out several high level issues commonly identified during the Quality Assurance and Improvement Program.

    Continue Reading...


    The COSO Compliance Struggle

    March 24, 2015 | by: Toby DeRoche

    The deadline for meeting the guidance from the updated 2013 COSO Framework has come and gone, but many organizations are still struggling to understand exactly what they were supposed to do to meet the requirements. Many are not even sure what the requirements really were since there is conflicting information being passed from company to company. Find out what the update entailed, why there are misconceptions, and how to move forward.

    Continue Reading...


    Increasing Internal Audit Effectiveness with Data Analytics

    February 25, 2015 | by: Toby DeRoche

    In the past few years, big data and data analytics have become buzz words in nearly all business settings. Experts estimate that there will be 35 trillion gigabytes of stored data in the world by 2020. Many organizations have been reacting quickly to the big data growth trend by increasing the capacity for reporting on the information and analyzing the data.

    Continue Reading...


    Welcome to the Thinking Like an Auditor Blog

    February 25, 2015

    All audit and compliance professionals are expected to keep up with trends and challenges in our industry. With the all demands on our daily lives, it is hard to find the time to do the research and reading. We have the answer. Welcome to Thinking like an Auditor, the audit and compliance blog sponsored by TeamMate. Our goal with this blog is to bring you the latest audit and controls industry related content

    Continue Reading...