Latest Audit Information & News

This week our Internal Audit colleagues are kindly sharing their personal experiences on how they have increased the level of client buy-in upon presentation of your findings and recommendations?

How Internal Auditors can change how audit clients listen to them?

You’ve done your initial meeting. You’ve done your investigations. You’ve written your findings. Now the last piece of the puzzle is how you present those findings, and recommendations, to the audit client.

In a perfect world, the client is receptive, understands each recommendation, and takes immediate corrective action. But we all know that perfect world doesn’t exist. So how can we hedge our communicative bets so that we come as close to that perfect scenario as possible? What tools can we employ to ensure that we’ve done everything we can to set the client up for success?

By understanding how the audit client is listening to you

Of course how you’re listening to the client is important, but that’s not the focus here. Let’s flip the listening paradigm upside down and focus instead of how to tell how your client is listening to you. In order to be able to move people to action, you need to know how people are listening to you. Are they listening for information, or are they listening for knowledge? The answer is the difference between action and inaction.

Instead of a goal of your report presentation is to provide information, think of your goal as asking the right questions and then providing relevant answers that drive the conversation away from merely giving facts or data points, and instead helping your audience envision the recommended change in their world. Anyone can read a report. Not anyone can put the information into a specific context that drives targeted action.

Here’s how you can figure out how your clients are listening to you and then let your expertise and hard work shine like it deserves by changing the way people listen to you from listening for information to listening for knowledge.

Listening for Information

When someone is listening for information, they’ll very rarely follow-through. The only case where this isn’t the truth is if they’re just looking for one key piece of information to complete a puzzle.

When you’re communicating recommendations, think of asking questions that will move your audience members beyond the data that you’re presenting and into thinking creatively of how they might solve their own problems. Here are some starts to questions that could help.

  • What do these numbers mean to?
  • What was the different between?
  • How did the change occur from?
  • What, in your opinion, caused?
  • Would you share with me what you think?

What these questions will do is start helping your audience contextualize knowledge. They’ll stop going through the act of listening and move towards active interpretation. Once someone starts to put the data into real situations in their world, the impact becomes clear. And they’ll start to listen in a different way. They’ll start to pay more attention. They’ll start to listen for knowledge.

Listening for Knowledge

When people are listening for knowledge they’re actively processing and trying to make sense of what you’re saying and how it relates to their situation. You’ll know if someone is listening for information if they’re asking you questions that go beyond facts and figures and instead of putting that data in a context.

When you’re presenting recommendations, it helps to get buy-in from the audience. One way to do this is to position your recommendations in their world, but in their words. You can do this by asking questions like the following:

  • How would your business change if?
  • What would it look like if your organization used?
  • How would your job be easier if?
  • What would be the best outcome for you if?
  • How would you react if?
  • What would it take for this to work in your way?
  • Can you see this working for your business?
  • Do you see this solving your problem?
  • Are you comfortable recommending this to?

The other magical side to these questions is when you can get your audience to tell you what they’d do in situations that you’ve presented, using their own data. This is because people support what they help create. If you allow them to come up with the conclusions and recommendations before you present them, you’re then instead agreeing with them instead of directing them. It’s a subtle shift, but I believe you’ll find it will make quite a big difference.”

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95

This week, our team are discussing the importance of persuasion and just how important it is in order to obtain high levels of buy-in when presenting your findings to Senior Management.

How to Make Findings and Recommendations More Persuasive

Persuasion is an important aspect of internal auditing that doesn’t receive enough attention or coverage. It’s internal audit’s job to verify that conditions and practices are as expected, and to identify opportunities for improvement within organizations. If the internal auditor identifies issues but is unable to convince the relevant stakeholders to take action, how effective is that?  From an output perspective, the auditor could be producing many reports, maybe even voluminous ones. But from an outcome perspective, that same auditor could be considered ineffective due to the inability to get the right reaction from the board and management.

The difference is persuasion

Persuasion is not manipulation. It is the ability to get others to do something that is in their own best interest, but also in the internal auditors’ interest. In this case we are referring to enhancing the organization’s governance, risk management, compliance and operational excellence.

Furthermore, audit testing is generally done to answer some key questions:

Ø  Are we achieving our mission and objectives?

Ø  Are the right risks identified and mitigated appropriately?

Ø  Are controls doing what they are supposed to do?

The testing done answers those questions. If all is satisfactory, then there isn’t much more that needs to be done. But if the pursuit of the mission and objectives, or the dynamics surrounding risks and controls can be improved upon, then findings should contain the necessary details, and they should be presented clearly and concisely so that the recommendation is aligned with what the audit client is most interested in. After all, it is extremely difficult to persuade someone who is not interested in what you’re saying. So, findings and recommendations must be presented in the context of business goals and the entity’s mission if we hope to be convincing and compel management to take remedial action.

Persuasion is accomplished by appealing to:

Ø  Reason:  Derived from the Greek, Logos. People generally think they are logical and reasonable.

Ø  Character: Derived from the Greek word Ethos: People are more likely to be persuaded when the presenter (or source of the information) is considered trustworthy, honest, intelligent and credible.

Ø  Emotion: Derived from the Greek, Pathos: The ability to persuade increases when the presenter expresses feelings on a subject, get an emotional reaction, or both.

We must remember that many audit clients are apprehensive of internal auditors. They also fear the consequences of audit findings, so they say as little as possible and provide as little information as possible. So, when trying to mobilize the organization, internal auditors should consider not only the rationale for the work done, the methodology followed, and the quantitative and qualitative benefits of recommendations. They should leverage their reputation as subject matter experts in the field of governance, risk management, and compliance. But internal auditors should also build up the image of being friendly, caring, and approachable. This does not mean that internal auditors should get into a personality contest.

Internal auditors also refer often to the main driving force for their work: Determine if the organization is achieving its objectives and if controls are effective mitigating risks. But when writing audit reports, quite often the focus is on the failed controls, without explaining the link between the failed controls, the exposure to the risks if they occur, and the threat to the achievement of the organization’s objectives and possibly, the mission itself. That story should be told. The message that “we’re all in this together” should be conveyed often and consistently.

Displaying confidence is also important. When internal auditors do good work, have evidence and facts to support their position, it is time to embed the emotional element of confidence into the equation. This confidence about the issues and recommendations will project onto the client and persuade them to take action. So, by demonstrating their competence, focusing on the facts, showing that they genuinely care about their clients, and appropriately referring to the emotional impact of errors on the individuals, teams, customers, vendors, and other stakeholders, internal auditors will be able to make their observations, findings, and recommendations more persuasive.

Another important aspect of persuasion is promoting a sense of urgency. To compel action, soon, internal auditors must instil a sense of urgency in their clients. Not by fearmongering, but by demonstrating the value lost, the opportunity cost or the increased exposure if action is delayed.  If the individuals are not motivated enough to do something immediately, it is unlikely that person will be motivated in the future. But, internal auditors should also act with a sense of urgency in their work, so they lead by example.

Internal auditors usually focus on reason (e.g. logic), character (e.g. credibility) and emotion in that order (with emotion often playing a distant third), but should use a balanced approach whenever possible to appeal more effectively to their stakeholders and persuade them to take the appropriate actions to meet the organization’s governance, risk management and compliance requirements. After all, people are emotional creatures and to persuade them to act we must appeal to their emotional needs too.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95


The internal audit profession is made up of many diverse personalities and professional capabilities.

This week, we have taken a deeper look at the key competencies required by Internal Auditors in order to achieve the highest levels of quality.

Internal auditing requires a unique set of characteristics and competencies that differentiate the profession from others. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Key attributes essentials for internal audit success are :

1.       Professionalism grounded in ethics: Professionalism refers to the knowledgeable use of significant skills, and performing work at the highest of levels. As trusted advisors, internal auditors should aspire to become certified and fulfil internal audit’s mission to “enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

2.       Management anchored by planning: The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing).

3.       Communication and delivery require connection and mindfulness: Final communication of engagement results must include applicable conclusions, as well as applicable recommendations and/or action plans. Where appropriate, the internal auditors’ opinion should be provided. An opinion must take into account the expectations of senior management, the board, and other stakeholders and must be supported by sufficient, reliable, relevant, and useful information.

4.       Collaboration unimpeded by independence: The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfil its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity. The chief audit executive must communicate and interact directly with the board. Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.

5.       Critical thinking promotes agility and flexibility: “The ability to think critically involves three things: (1) an attitude of being disposed to consider in a thoughtful way the problems and subjects that come within the range of one’s experiences, (2) knowledge of the methods of logical inquiry and reasoning, and (3) some skill in applying those methods.”

6.       Improvement and change spur high performance: The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider the future impact.

7.       Learning requires self-commitment: Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development.

8.       GRC must meet expectations of boards and stakeholders: The internal audit activity must assess and make appropriate recommendations to improve the organization’s governance processes for:  Making strategic and operational decisions, Overseeing risk management and control, Promoting appropriate ethics and values within the organization, Ensuring effective organizational performance management and accountability, Communicating risk and control information to appropriate areas of the organization.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95


Sustainability: The Environment & Social Ethics (Risk in focus – 2019)

Companies are increasingly expected to behave in an environmentally and socially responsible manner, both by regulators and the public. This is creating sustainability reporting challenges and is influencing the strategic decisions companies must take to achieve future growth.

Some 27% of our interviewee cohort cited environmental and social ethics as an area of focus, and this is the first time that this topic has made it into Risk in Focus; there was a notable bias towards the Netherlands, with half of CAEs in the country highlighting this as an area in need of attention. Further, in our quantitative survey nearly one in ten (8%) respondents cited environment and climate change as a top five risk faced by their organizations.

The EU’s Non-Financial Reporting Directive, applicable since 2017, requires that listed companies and banks with more than 500 employees publish reports on various policy implementation, relevant risks and performance results. These policies concern:

  1. Environmental protection
  2. Social responsibility and treatment of employees
  3. Respect for human rights
  4. Anti-corruption and bribery
  5. Diversity on company boards

Sustainability reporting requirements are clearly a welcome development — they help to improve corporate transparency and highlight the efforts companies are making to meet environmental and social targets. However, a major challenge is in providing accurate information. The maturity of sustainability reporting is far behind financial reporting and not all organizations are well equipped to measure and report on KPIs. This increases reputational risk as there is potential for a company’s behavior to be found to contradict or fall short of its claims. Even if sustainability reporting is deemed to be sufficiently accurate, any KPIs that show the organization has low standards relative to its peers will be looked upon unfavorably by investors, who increasingly benchmark companies’ environmental and social governance (ESG) performance

Social Impact: The increased impetus on organizations to be socially responsible and protect human rights represents another challenge. Compulsory non-financial reports must be published annually, and should include what steps are taken to identify risks to human rights in the company’s operations and how these are managed.

An internal audit perspective

Organizations must now report on what they are doing to identify and mitigate sustainability risks and should look to the Global Reporting Initiative’s Sustainability Reporting Standards (GRI Standards) for guidelines on how to achieve this.

Internal audit can assist by simply ensuring that this reporting requirement is being fulfilled, although it can go deeper by seeking evidence that what the company claims in its non-financial reports is accurate, complete, up to date and being put into practice. There is also value in seeking evidence of how processes are being developed to improve the maturity of such reporting, such as the number of KPIs measured and the accuracy of data collection. The deepest audits may assess sustainability reports within the relevant industry to benchmark both the organization’s reporting and its performance relative to its peers.

Key questions the Internal Auditor needs to look at:

  • Is the organization publishing non-financial reports as required by the EU?
  • Is there scope for internal audit to assess the maturity of sustainability reporting and review the extent to which the company’s environmental and social ethics statements reflect reality?
  • Does the organization benchmark sustainability performance against sector-specific KPIs? Is there a gap between both the organization’s sustainability reporting and performance compared with that of its industry peers?
  • Is the organization complying with all relevant environmental laws in all territories?
  • To what extent is tightening environmental regulation likely to impact the company’s strategy, e.g. targets to reduce carbon emissions? Is senior management aware of this likely impact?
  • Does senior management understand the importance of continuously improving operations in order to minimize environmental and social harm?

Is there value in internal audit assessing progress and providing evidence of relevant sustainability improvements?

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95

What is the Internal auditor’s role when it comes to changes in Regulatory Compliance?

The role of Compliance has expanded enormously at most organizations due to the effect of globalization and international growth. In France, for example, Internal Compliance and Control Managers are among the top seven most in-demand jobs. This process has been boosted in recent years by a number of scandals across the globe, often leading regulators to intervene in order to protect stakeholders and the public interest, in turn contributing to an increasingly complex multinational legislative environment.

Regulators lack the resources required to exhaustively supervise all organizations. Therefore, a different approach is being sought after, focusing on self-regulation, implementing a corporate culture of integrity, and employing ethical programs that offer sufficient confidence to all.

In spite of the efforts made, the “ethical blindness” effect – a concept coined by Professor Guido Palazzo (the commercial priorities of an organization push towards bribery and corruption among employees) – will not disappear. It is no surprise that an increasing number of organizations are making an effort to raise their global corporate governance standards and are dedicating more resources to the development of whistle-blowing programs. These programs enable companies to detect and correct internal deficiencies before they become known by the public, thus protecting the value of the interested parties.

Driving force for Regulatory Compliances:

·Ensuring compliances with number of regulations, both domestically and abroad: New regulations places growing pressure on Executive Management and their employees, increasing the possibility that certain compliance requirements may be unintentionally missed.

·Controlling the costs of complying with a growing numbers of regulations e.g. Forthcoming EU GDPR in 2018: Complying to the growing number of regulations increases compliance costs and adds complexity to the internal organization governance and controls structure.

·Developing a strategy to minimize the burden of compliance activities on business operations:

· Ensuring the alignment of compliances operation following a merger or acquisitions:  Compliance functions require alignment and consolidation to ensure a holistic and effective approach to integrated corporate compliances.

How Internal Auditor can assists:

· Perform an inventory over existing regulatory bodies and their requirements applicable to the organizations.

· Assess the organization’s approach to managing its global compliances activities, including integration of newly acquired organizations.

·Evaluation the organization’s response to any notable instances of non-compliance.

·  Review compliance training programs offered to employees and other stakeholders and evaluate appropriateness for the respective role and geography.

What is needed by Internal Audit:

· Sound understanding of internationally applicable compliance frameworks and assurance standards (e.g. ISO 19600, ISO 37001, COSO) as well as any additional internal, local or global regulatory requirements. (e.g. Sunshine Act, Dodd-Frank Act, EMIR, REMIT).

· Expertise in auditing compliance management systems and drawing a comparison to good organizational business practices.

· Ability to assess the content and delivery structure of any internal or external compliance training programs and tools.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.



Internal audit – Managing the Next Generation

It is estimated that 27% of the world’s population (two billion people) belong to the so-called Generation Y or “Millennials” (19-35 years old) and another 32% (2.4 billion) belong to the following generation, known as Generation Z or “Centennials” (0-18 years old).

In total, they account for 59% of the global population and in 2020 they will make up 60% of the workforce.

According to the World Economic Forum 2016, 86% of “Millennials” have a favourable attitude towards technology and believe it is creating jobs rather than destroying them. They are therefore open to creating new business models such as those launched by benchmark figures -teenage businessmen that include Mark Zuckerberg, Wang Xinwen, Tavi Gevinson, Elon Musk, Robert Nayo and Maddie Robinson, among others- who became multimillionaires doing something they liked and believed in.

Approximately 55% of 10,000 young people from Generation Z surveyed by Universum are interested in setting up their own business, with this figure rising to 75% of those surveyed in such regions as the Middle East, Central Europe and Eastern Europe. The greatest goals are to become one’s own boss and have an impact on society. As workers, they are non-conformist professionals who demand employment flexibility and value quality of life over and above their professional career. At the same time, they are highly pro-active, have the energy to propose change and are not afraid of presenting innovative ideas.

New Challenges and Implications :

Both the “Millennials” and the “Centennials” face a significant challenge from a demographic point of view due to a falling birth rate and rising life expectancy. In 2020, for the first time ever, the number of people over the age of 65 will be higher than the number of children aged 5 or less. In 2050, the “Silver” Generation (65 years old and above) will have increased from 885 million people to 3.4 billion.

These problems could mean that Generations Y and Z will end up being poorer than their parents and grandparents, with the corresponding problem for economic growth and creating a future scenario in which we will be forced to seek solutions to the problems affecting health, housing, pensions, labor markets, public finances and other types of risks that will transform the economy as we know it today.

For this reason, organizations that fail to consider this reality will face serious problems. Nowadays, HR managers are highly conscious of this transformation and are working hard to manage the special features of these professionals.

The Role of Internal Audit:

These changes at organizations also affect Internal Audit, requiring the Head of Internal Audit to check the measures being adopted by the organization to adapt its image, to develop new products and services aimed at younger generations, and to incorporate a new way of interacting with them.

They are also being required to properly manage their teams and, as stated by the study entitled The Millennial Auditor (Source: Wolters Kluwer), harness the skills of these new generations with new technologies and their relationship with the environment.

On the other hand, they will also need to strengthen other aspects related to the soft skills that have been gradually lost and are indeed important, such as interview skills, the ability to communicate via the written form effectively, and drawing up an internal audit report.

Furthermore, in order to retain the talent that these generations possess, efforts should be made to strengthen the working environment.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.


Top considerations in Internal audit in the Cloud Computing environment

Cloud computing is the provision of hardware and software services by a third party company accessed over the internet. A survey in 2014 by the Cloud Industry Forum (CIF) based in the UK has shown that 78% of organizations have adopted one or more cloud services representing growth of 61.5% since 2010 when their annual study first began. Furthermore, the study found that large enterprises showed the highest rates of cloud adoption (80%), while small and medium businesses stood at 75% with the public sector at roughly 68%.

Cloud computing technology is deployed in four general types, based on the level of internal or external ownership and technical architectures:

Public Cloud: services from vendors that can be accessed across the Internet or a private network

Private Cloud: Built, managed and used internally by an enterprise

Hybrid Cloud: Mix of vendor Cloud services, internal Cloud computing architectures, and classic IT infrastructure

Community Cloud: Infrastructure is shared by several organizations and supports a specific community that has shared concerns

Cloud computing services are grouped into specific categories: Infrastructure, Platform and Software services.

Internal audit consideration will be required for the following in Cloud Computing:

Data Security : Ask the Cloud Service Provider (CSP) whether it receives a Service Organization Controls (SOC) 2 report, which is a third-party attestation report regarding the CSP’s controls relating to security, availability, processing integrity, confidentiality or privacy.  Verify that the scope of the SOC 2 report adequately covers the cloud services provided to your company, data security controls and that the auditor’s opinion is unqualified

Regulatory Compliance: Determine where the company’s data will be stored and the form of the data (e.g., production, backup, cache)

Availability: Verify that your company’s contract with the CSP includes provisions relating to system availability

Business Continuity and Disaster Recovery Planning: Verify that your company’s business continuity and disaster recovery plans are updated to incorporate the risks relating to the outsourcing of IT services to the CSP and that there are adequate plans in place to mitigate these risks

Return on Investment: Understand and review your company’s business case for moving to the cloud.  Verify that your company has clearly documented the cost and benefits and that it is tracking these to verify that they are realized.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.

GDPR moves into the next phase and the needs of Internal audit

Europe’s General Data Protection Regulation came into effect on 25 May, 2018 after a mammoth effort by organizations throughout Europe and beyond to prepare for the launch date. The regulations give greater protection for individuals over how their data can be collected, processed and retained.

While internal auditors in many organizations will have been helping their organizations prepare for the new requirements, now that the legislation is live, they are more likely to be providing assurance. It is critical that organizations do not lose impetus after all of the hard work it has taken to get their processes off the ground.

“Now that GDPR is live, internal auditors will need to ensure that people throughout their organizations do not become complacent because the new rules are here to stay,” ECIIA President Farid Aractingi says. “Internal auditors are likely to move from a more consulting role to providing assurance over the processes that are now in place.”

Typical areas on which audit can provide assurance include:

How adequate and effective are the policies and processes in place as controls?

How robust is the organization’s data governance?

Are the right people in the right roles to promote sound data controlling and processing?

How rigorous and timely is the reporting of data breaches?

Are we fully compliant?

How do we learn from incidents?

Auditors will need to consider how GDPR is reflected in their annual audit planning. For example, should GDPR be a consideration for every audit engagement, in the way culture now should be? Is auditing the GDPR control framework also something that should happen across the organization every two to three years?

Internal auditors are likely to give greater focus on specific areas after implementation. IT and GDPR-specific change programmes are obvious examples, but organization-wide communications will need to ensure that GDPR stays topical even after the initial rush of activity. That could mean ensuring that human resources and learning and development teams have plans to amend training for existing staff and new joiners. GDPR should remain a significant topic for induction and refresher training.

There are currently gaps in the guidance available, but this will develop as everyone gets to grip with GDPR. Internal auditors should stay abreast of any changes to legislation, guidance and good practice.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.


Cyber risk and internal audit: An urgent call to action

Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls, and helping the audit committee and board understand and address the diverse risks of the digital world.

The threat from cyber attacks is significant and continuously evolving. Many audit committees and boards have set an expectation for internal audit to understand and assess the organization’s capabilities in managing the associated risks. Our experience shows that an effective first step for internal audit is to conduct a cyber risk assessment and distill the findings into a concise summary for the audit committee and board which will then drive a risk-based, multiyear cyber security internal audit plan.

Business units and the information technology (IT) function integrate cyber risk management into day-to-day decision making and operations and comprise an organization’s first line of defence. The second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations and take action as needed.

Increasingly, many companies are recognizing the need for a third line of cyber defense–independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.

Cybersecurity assessment framework

Several factors are noteworthy as internal audit professionals consider and conduct a cybersecurity assessment:

  1. Involve people with the necessary experience and skills. It is critical to involve audit professionals with the appropriate depth of technical skills and knowledge of the current risk environment. A tech-oriented audit professional versed in the cyber world can be an indispensable resource.
  2. Evaluate the full cybersecurity framework, rather than cherry-pick items. This evaluation involves understanding the current state against framework characteristics, where the organization is going, and the minimum expected cybersecurity practices across the industry or business sector.

The initial assessment should inform further, more in-depth reviews. It is not intended to be an exhaustive analysis requiring extensive testing. Rather, the initial assessment should drive additional risk-based cybersecurity deep dive reviews.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.

Key questions Internal Audit need to ask to ensure future talent  proofing by HR?

Whether your company is comprised of mainly older workers or millennia’s or a good mix of both there is no doubt that the skills gap is widening. Any lack of future planning to ensure that the right talent is recruited and retained in order to fill this gap is a significant operational risk and internal audit need to ensure that businesses are future proofing their talent.

A recent report compiled in association with the Chartered Institute of Internal Audit called Risk in Focus identifies key trends in internal audit across Europe for 2018 identified several trends. One of these trends identified that only 13% of companies believe that they have planned for the future with their workforce despite 88% believing that creating the organization of the future is a priority. The way we work is changing with flexibility and work life balance key factors for workers millennial are also more likely to look externally for new roles, which makes retention a key part of company planning.

The report identifies key questions that Internal Audit functions need to ask when reviewing HR against the future planning risks:

  1. Whether consideration has been given to the future skills gap any organization faces?
  2. Digital and IT skills are seen as key areas of development where skills are often lacking. Has your business specifically reviewed these skills and how they can develop them through recruitment and training?
  3. Is the HR strategy in line with the organization’s plans and are they ready to support through recruitment and retention where the company plans to be in 5 years time?
  4. What consideration has been given to the demographic mix of the workforce?
  5. As many baby boomers head towards retirement organizations need to ensure that they are ready to replace them at a rate that will ensure continuity within the organization. Has enough been done to attract and retain young talent with flexible working and career opportunities?
  6. In industries likely to be disrupted by automation and technology advances, of which financial services is seen to be a key candidate, have HR considered the effect this may have on the workforce and are they prepared for it?
  7. A ‘liquid workforce’ where companies hire on a more ad hoc basis the skills they require is becoming more of a requirement and a more common way of employing. Is your HR department ready and able to deal with identifying and hiring a liquid workforce to meet the organizations changing demands?

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.