Risk! Auditors are constantly addressing this four letter word. There are unrelenting attempt to better identify, assess and report risks. However, many auditors tend to allocate audit efforts and resources to and concentrate on negative risk impacts. In the planning phase, risks assessments center around negative outcomes. Audit testing is designed to determine
In a recent Harvard Business Review article John Coleman states that “deep, broad reading habits are often a defining characteristic of our greatest leaders and can catalyze insight, innovation, empathy and personal effectiveness”. He also
Social media is a dominate customer engagement tool. It presents great opportunities for organizations. But with these great opportunities come great risks. I recently led a webinar about social media risks, remedies and governance. I believe social media has a huge impact on financial statements, compliance, and reputation. The slide deck below is
Again…better questions to ask your audit clients
I recently wrote an article titled “What Keeps You Up At Night…Who Cares! 6 Better Questions to Ask Audit Clients”. The major premise stressed the fact that auditors truly need to ask the questions they really want answered. Asking a client “What keeps you up at night” is terrible, for one, because
Many organizations ranging from small to large, public to private are investing in internal auditing functions. Some do it only because they are mandated by law, others because it is a good personnel development tool, and still others realize the benefits of having internal consultants. Organizations can reap substantial benefits from an effectively utilized audit function. However, an ineffective internal audit execution strategy can waste money and time and frustrate audit personnel. The following 4 practices can significantly impact
Auditors frequently encounter various types of clients with personalities ranging from shy to overzealous. The personalities and behaviors are oftentimes topics of discussion. However, in this article, I would like to discuss auditor personality types. I believe that there are at least 4
End User Computing (EUC) applications (i.e. Excel, Access, etc) provide great benefits to organizations. Savvy users can create applications that allow them to gather, sort, filter and analyze data. One major benefit is the ability to make quickly make critical decisions based
Dictionary.com defines “world class” as ranking among the world’s best. So what does that really mean for an internal audit department? The scope and nature of an auditor’s job varies by organization, size and region. As a result, “world class” is difficult to clearly define. However, there are a few characteristics that can enhance the value an audit function delivers to an organization. I believe these characteristics surround the Personnel, Practices, Perception and Partnerships
The International Auditing and Assurance Standards Board (IAASB) recently released International Standard on Auditing (ISA) 610, Using the Work of Internal Auditors, which addresses the external auditor’s responsibilities when using the work of an internal audit function. It requires external auditors to “evaluate” the internal audit function. Specifically it states
Criminals and villains are oftentimes portrayed as menacing, ugly figures. Take for example, the Big Bad Wolfe or Goliath. These figures are easy to recognize and the mere thought of them brings fear to many children. In business, we tend to focus on the easily recognized risks while ignoring meek and unassuming items that slowly eat away at the heart of business.
We have all heard the terms outsource and co-source. In its basic form, the words mean that organizations have entrusted parts of their operational processes to others. Sometimes this is done to save money while in other instances it allows organizations to tap into a resource of experts that they may not otherwise have exposure to. Either way, in this marriage of sorts, it is important to understand
The internal audit profession is comprised of Certified Public Accountants (CPA), Information Technology professionals, engineers, lawyers, nurses (remember the medical auditors) and more. In general, we ensure risks are appropriately mitigated. But how would you explain what you do to your grandmother. Here’s what I told mine:
When we reach certain ages and stages in life, it is customary to have specific medical checkups to provide reasonable assurance that we are in good health. Occasionally, there are issues that require follow up in the form of preventive maintenance or corrective action. For example, if your cholesterol numbers are creeping up, she may suggest foods that can naturally stabilize it. Or if the
The Importance of Testing Estimates and Assumptions
Contrary to belief, accounting is not a field that is black and white in application. Organizations are allowed to “estimate” certain items or mark others to fair market value or depreciate some in a manner of their choosing until the book value reaches zero. Each of these has some sort of effect on income statements and balances sheets. In theory, devious organizations can manipulate these items to their benefit. As part of integrated internal audit engagements (i.e. financial, operational, information technology & compliance), it is beneficial for
Observation and Inquiry is an important skill set that must be in every auditors toolkit. It requires us to remain objective at all times. I find it interesting how this skill is not only applicable to auditing, but also in “life outside of audit” interactions. I recently wrote about what appeared to be bribery at the London Olympics. Further inquiry disclosed that this normal and acceptable behavior. Well, I have noticed another instance of good observation, ineffective inquiry.
What happens when your audit clients substantially or fully remediate identified control issues prior to the final report distribution? Do you (1) remove the item from the report, (2) include the item in the report with the management action plan as if no action has been taken or (3) include the item in the report, credit
The role of the Board in organizations is one of oversight. Boards are charged with representing various stakeholder groups to ensure the organization fulfill their mission, vision, goals and objectives. A strong Board provides unparalleled guidance. A weak Board can lead (or oversee) an organization down a path to destruction. Given the significance of the role, there is much discussion about what a successful Board should look like.
As internal auditors, we support the Board by identifying, evaluating and reporting on the
The issue with audit exceptions is that many audit functions include exceptions as the primary theme of audit report reportable items. Okay, there I said it. Now to provide an example.
I was recently reading an internal audit report from a governmental agency in which the auditors reviewed the bank reconciliation process. The report read as follows:
It is essential for business professionals to obtain and maintain sufficient knowledge to perform their job. Many have obtained certifications that demonstrate proficiency in specific areas. To ensure practitioners’ skillsets remain current, many of these certifications require the completion of some sort of continuing education.
Lately many internal audit job postings either prefer or require Big 4 experience. The Big 4 are the four largest firms specializing in accounting or other professional services. They are PwC, Deloitte Touche Tohmatsu (Deloitte), Ernst & Young (EY), and KPMG. They are considered elite when it comes to industry exposure and training. Many new graduates can expect good salaries, long hours, lots of travel and lifelong contacts. Many will function as “external auditors” or financial statement auditors. The work consists of providing some assurance that the financial statements are fairly presented. Most will become familiar with Generally Accepted Accounting Principles (GAA) and will definitely know how to interpret “the numbers” of an organization.