Audit Working Hours
Transit systems. Healthcare facilities. Financial services firms. What do they all have in common? Organizations within these sectors — and essentially all industries, for that matter — have been hit by ransomware, a type of malware where cybercriminals demand a ransom payment to unlock access to your private and confidential systems and files.
While many cybersecurity risks exist, ransomware is often one of the more pressing challenges. Not only can it bring operations to a screeching halt, but it can also cause issues like data leaks and reputational damage. A global survey by cybersecurity software company Sophos finds that 66% of surveyed organizations suffered ransomware attacks in 2021. “It took on average one month to recover from the damage and disruption,” Sophos adds.
Given the severity of ransomware risk, internal auditors should aim to help their organizations reduce these threats, along with overall cybersecurity risks. How? As Audit International will examine in this article, internal audit departments can take steps such as conducting IT/cybersecurity audits and using technology like internal audit management software to improve internal controls and collaboration.
Review IT practices and controls :
Even though internal auditors generally aren’t responsible for choosing cybersecurity software and establishing employee training to recognize ransomware risks, they can still provide assurance over IT practices and controls, such as with an IT audit.
When IT teams conduct phishing tests to see whether employees are tricked by email scams that can cause ransomware issues, internal auditors are then able to review those results and ensure that the organization is meeting a sufficient standard to prevent social engineering. If the results demonstrate gaps in employee preparedness on ransomware risk or other cybersecurity risks, then internal auditors would likely want to communicate that risk to other stakeholders, like boards and senior management.
Internal audit leaders might also review remote work policies to ensure that IT teams are appropriately managing these with ransomware risk in mind, rather than just focusing on the functionality of work-from-home environments. While internal auditors often rely on guidance from IT leaders, they can still audit areas like access logs to ensure that only approved devices, with the appropriate threat intelligence and data protection technologies, are connecting to their networks.
Align key stakeholders :
Improving ransomware protection also means internal auditors need to align key stakeholders, rather than just collaborating with IT. That means pulling together information from multiple departments to make sure everyone’s on the same page.
Internal auditors should check with finance teams to see how they’re accounting for the potential costs of a ransomware attack, and then ensure that other key stakeholders, like boards and senior management, understand and agree with this approach. Otherwise, issues like not having a sufficient budget to recover from a ransomware attack may arise.
“Regardless of their size or revenue, organizations should assume they will be targeted with ransomware, and they should examine their prevention, detection, mitigation, response, and recovery measures,” notes Zachary Ginsburg, research director for the Gartner Audit and Risk practice, in a Gartner press release.
Leverage internal audit management software :
Internal auditors can mitigate ransomware risk by leveraging internal audit management software. Many technologies are designed to assist with cybersecurity risk management, but from an audit perspective, internal audit management software is important for gaining assurance.
Overall, internal audit teams have an opportunity to make a significant impact when it comes to ransomware risk management. Planning ahead and focusing on internal alignment can go a long way toward reducing ransomware attacks and other cybersecurity risks.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
This week Audit International are taking a look at the 4 ways how Internal Audit can get a seat at the table.
When it comes to risk management and compliance, most organizations operate on a 3 Lines of Defense (3LOD) model, in which operational management, compliance, and internal audit work together in tandem to assess and mitigate risk and manage controls and compliance.
This model may be successful in theory, but as the risk management and compliance functions have grown more complex, it doesn’t always work as well as you might hope. Given the rising sophistication of cybersecurity threats and incidents of fraud, and the increasing compliance requirements posed upon organizations of all sizes, it can be difficult to keep an organization-wide pulse on threats and breaches in compliance as they arise.
The problem is, the three branches don’t always collaborate effectively, which may leave internal audit out of the loop and unable to provide much value to the organization. They may not have access to the data they need to generate effective recommendations. The internal audit team’s focus may be simply on checking boxes and ensuring compliance, rather than providing strategic insights that will help your organization understand and take steps to mitigate new threats.
If you want your internal audit team to move the needle at your organization, you need to get the ear of executives who can advocate for your work. By partnering with leadership, you’ll be able to spearhead new initiatives and gain critical access to data that will help your organization save money and reduce risk, proving your team’s value.
Here are four strategies for doing that effectively:
Identify the key people who can support you, and make a plan to build relationships with them
Your audit team will naturally be in touch with the managers who can provide key information needed to conduct your audits—but by focusing only on these contacts, you’re missing out on building relationships with the leaders who will be able to help you gain a more visible role in the organization. Build a plan for conducting periodic outreach to higher-level executives within your organization, such as your chief risk officer or your CTO. You can solicit feedback from them on any open questions they may want your team to review in your audits, or provide high-level executive briefs showcasing work that you’ve done and issues they may want to explore in further detail. Make sure that they know you and your team are available to support them and open for feedback.
Proactively address organization-wide trends
Rather than focusing solely on issues identified in individual audits, start looking at your audit results in aggregate to identify trends. Is a single department or office location having trouble resolving a specific compliance issue, or is it an across-the-board trend that should be shared with your executive team? Review your data frequently to understand risks that should be mitigated, and come up with step-by-step action plans for how they should be addressed, including who’s responsible and what the benchmarks for success are.
Pay close attention to third-party risks
Many audit teams take an insular view of risk management, failing to uncover the external risks brought on by vendors and technology partners. Make sure that you have policies in place to carefully vet and automate compliance on your third-party vendors, pulling in external data that will alert you to any financial or legal issues they may face. Regularly track all of your solutions and technology partners for red flags, and ensure that you have a strategy for mitigating them. You can showcase your findings in sessions with executives and other partners throughout the business, and collaborate to come up with a plan for any of your scenarios. Keep in mind that risks from big providers such as Amazon or Facebook may impact a lot of your customers or partners as well, so ensure that you map out all of the variables that may impact your company’s business model across the board.
Use best-in-class GRC technology to automate compliance and analyze data
In order to provide the most useful insights to your leadership team, it’s important to integrate your entire risk management function across an easy-to-use GRC platform. Your GRC platform should come with pre-built content that will help you automate your controls framework, regardless of your industry. It should make it easy to monitor compliance status and risk levels across the organization at any given time, with triggers prompting action when control levels are not being met. You should be able to easily drill down into your data and generate executive dashboards, so that you can share insights to justify recommendations and help your leadership team make better informed business decisions.
By building a cohesive strategy for integrating with the 3LOD, backed by in-depth data analytics, real-time data feeds, and workflow automation, your audit team will be able to generate insights that can help to identify new risks, and develop new strategies for mitigating risks across the entire organization. This will help you to become a highly visible, influential, and trusted partner to the business.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
The podcast has rapidly become the go-to media for anyone and everyone seeking thought leadership, guidance, advice, or entertainment, especially in a particular niche with particular audience demands.
While far from a flash-in-the-pan trend, podcasts are tapping into what makes radio so timeless – they are familiar, routine, mobile-based and mostly non-committal (compared to TV shows), increasingly well-produced and incredibly varied in content provision and direction.
The state of podcasting in 2022
Podcasting is a rapidly growing, and increasingly lucrative, creative medium for creators and advertisers:
• “In 2021, there (were) 850,000 active podcasts, with over 48 million total episodes”.
• “Each week, more Americans listen to podcasts than have Netflix accounts”.
• “Podcast ad revenue is expected to grow to $1.33 billion in 2022”.
It’s also worth noting why people listen to podcasts, and this is where podcasting really comes into its own:
• “74% of all listeners tune in to learn new things. Other common reasons include entertainment (71%), staying up-to-date with the latest topics (60%), and relaxing (51%)”.
So rather than escaping into stories (which is increasingly the reason why audiobooks are on the rise), or listening to light-hearted comedy to relax at the end of the day (comedy still stands as the most popular podcast genre), learning is the primary reason why people listen to podcasts.
Finance podcasting and the future of the medium
The Finance sector has had a proliferation of podcasts erupt over the few years – content is varied, informative and incredibly useful, and the nature of podcasting means creators can approach the topic of “finance” from a variety of angles; from money management to investment advice, industry news to crypto-tips.
The team at Audit International are real fans of a podcast, so below are our top 10 finance podcasts we absolutely urge anyone in the industry to listen to!
• Invest like the Best
“Exploring the ideas, methods, and stories of people that will help you better invest your time and money”.
A popular and varied podcast covering everything from design investment products to interviews with leading financiers, start-up accelerators and figures within finance, investment and money management.
• Inside the Strategy Room
“We talk with McKinsey partners and corporate executives on the challenges they face creating lasting strategies in a fast-changing world. We also examine the different ways these executives approach these challenges and the new and innovative ways they think of creating a vision for their enterprises”.
While more strategic in approach, this McKinsey-sponsored podcast covers business and finance leadership via CEO interviews and thought leadership.
• We Study Billionaires
“We interview and study famous financial billionaires including Warren Buffett, Ray Dalio, and Howard Marks, and teach you what we learn and how you can apply their investment strategies in the stock market”.
With over 85 million downloads, this is a huge podcast for obvious reasons – an easy audio mind-tap into the richest and most successful finance people in the world.
• So Money with Farnoosh Torabi
“So Money brings inspiring money strategies and stories straight from today’s financial leaders, bestselling authors and entrepreneurs”.
One of the top-rated US finance podcasts in the podcast ecosphere, covering everything from childcare affordability to investing in a bear market.
• Money For the Rest of Us
“A personal finance and investing podcast on money, how it works, how to invest it and how to live without worrying about it”.
From debunking what money means to advice on money management and views on global investment vehicles, a great and varied finance podcast.
• Women & Money
“Take a priceless journey into your life and the life of your money with the most recognised personal finance expert in the world today”.
Suze Orman is one of the world’s most recognisable personal finance gurus, and her podcast covers everything from bond management to thought leadership on wealth creation.
• Optimal Finance Daily
“Why bother searching for the best blogs about personal finance when they can be found and read for you?”.
1900 10-minute quick-fire episodes on personal finance, covering how to get insurance to living more frugally and lifestyle changes to being better with money.
• CNBC’s “Fast Money”
“Hosted by Melissa Lee and a roundtable of top traders, “Fast Money” breaks through the noise of the day, to deliver the actionable news that matters most to investors”.
Global finance news from one of the most well-respected finance news desks in the USA. Actionable intel, up-to-date news and reporting on leading finance leadership.
• Count Me In®
“IMA® (Institute of Management Accountants) brings you the latest perspectives and learnings on all things affecting the accounting and finance world, as told by the experts working in the field and the thought leaders shaping the profession”.
A detailed and investigative look at the mechanisations and movements of finance, as told by experts and relayed by leaders in the field.
• The Better Finance Podcast
“The EY Better Finance Podcast explores the changing dynamics of the business world and what it means for finance leaders of today and tomorrow”.
From ESG reporting within finance to data analytics and more, the EY Better Finance podcast is one of the most up-and-coming popular podcasts within the finance sector.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
This week Audit International are taking a very tongue-in-cheek look at how Internal Auditors can be the most liked person in the office, and who everyone wants to talk to around the water cooler. Read on for some insightful tips.
Outside of boxing or MMA, internal auditing has to be one of the most contentious careers around. You would never hear a department stating, “Let’s invite the internal auditors to our next staff meeting.” But I don’t think they are destined to be the policing bad guys that everyone hates to see coming. I believe that there are truly opportunities for internal auditors to become partners with audit clients.
As a matter of fact, I have heard of recent experiences that have further increased my belief in the auditor’s ability to be a trusted partner, even a sought after consultant. My source has been at their current organization almost ten years. They get along very well with audit clients, even the ones that have had bad audits results. They have open, honest relationships where they all care about the organization and its success.
My source has always been a very good technical auditor, but their current organization taught them a lot about the human side of the workplace. Many of the people they work with have become almost like an extended family. Recently, another organization approached them about being their Executive Director of Internal Auditing. This was an opportunity that they just could not refuse. Now as they reflect on the previous role, the things that they most miss are the people.
As they walked around spreading the word of leaving, they found out that the feeling was mutual. The kind words and warm hugs nearly brought them to tears and as everyone told them how big of a loss that leaving was to the company, they could not help but remind them, “You do understand, I am an auditor.”
Realistically I don’t think that other departments are supposed to like auditors, but most of them truly valued the time together. Those who didn’t like my source, at least respected them and the craft.
But then they began to wonder, what had they done to gain the trust and respect of the audit clients. So they asked a few. And I’d like to share with you the general themes I heard repeated.
Honesty is Honourable. Over the years, there were some heated discussions surrounding certain people, places and processes. Throughout it all the truth was still gently told. And this is one thing clients said they liked. Even when the news was bad. Empathy Creates Engagement. They had never considered themselves as overly empathetic at work. They believed there was always a strict line not to be crossed between work and personal. The last 10 years have taught them that there is a line and that sometimes it is okay (or even necessary) to tip toe up to it, step on, and even cross it occasionally. Your fellow co-workers are human. And these humans have hearts that sometimes need to be tended to. Kindness is Contagious. I like people. I like to see people smiling. I like to smile and laugh and joke. In the past, people would conceal this side at work. I thought work meant being serious all the time. Now I realize, if we cannot laugh at the place we spend a majority of our time, something is wrong. This applies to your colleagues too, even if you are on the audit team – it is OKAY to have a joke. And no one deserves to be treated mean when they make mistakes. Even if they are not cut out for a job, they still deserve common courtesy and decency. If we treat our audit clients with kindness, they are more receptive to the audit process. Conclusions My source has been an auditor for a long time. They say they have occasionally failed and sometimes succeeded. Through it all, they have had decent relationships with most audit clients. Technical auditing skills are extremely important, but to truly be successful you must hone in on the human side of the profession. My sources wonderful clients have taught them that honesty is honourable, empathy creates engagement, and kindness is contagious. So the one piece of advice I can offer is this; When communicating with any clients – be honest, be caring and be kind.
After the rollout of the vaccine and the end of lockdown restrictions, businesses are picking up and hiring into their Internal Audit departments and many candidates seem curious to take the next step in their audit careers.
COVID-19 has quickened audit firms’ adaption toward new ways of operating. Shifting to a remote and flexible working schedule by audit firms and the companies adds a new challenge already faced in adapting the audit to a tech-evolving corporate world and placing new demands on audit professionals. However, new ways of working will bring important benefits as well as posing challenges that have to be addressed.
Traditionally, firms have emphasized personal integrity and professional skepticism in audit professionals, and these attributes will undoubtedly remain vital. But in the new and fast-developing environment, auditors will also need to develop even deeper knowledge of business, a powerful curiosity about technologies and an agile mindset that embraces disruption.
This demonstrates the motivation of both candidates to find a new role and clients to hire into the Internal Audit profession. These figures have also likely been positively affected by the relative ease in which most interviews are now being conducted by video call rather than in-person. While auditors still retain their independence within organizations, they are nonetheless now expected to take a more collaborative, forward-looking approach to Risk Management and Governance. As a result, Internal Audit is increasingly seen as a value-add function rather than a cost center.
In order to achieve the expectation of audit objectives in hybrid environment, it is necessary for the auditor to plan well in advance with the following recommendatory steps.
-Gain an understanding of client business either through documented SOPs, policies to understand its Operations, Compliance and Financial area
-Being adept with trending technologies
-Being able to use the latest audit tools and techniques
-Adapting to the need for agility
-Being able to address regulatory compliance in a changing landscape
-Interdisciplinary approach to audit
-Effective communication skills at all business levels
-Ability to understand emerging technologies
-Ability to predict future challenges
-Ability to take a business-centric approach
-Ability to plan and execute, keeping the big picture in mind
-Ability to integrate adaptability into the audit design
-Ability to increase focus on key risk areas to improve assurance
-Ability to use process mining to analyze data
-Decide on the language to be used for the interview and ensure everyone involved speaks that language.
The auditors need to be more practical and realistic for carrying out audit involving Information Technology as a tool rather than as a barrier.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
- Switzerland 0041 4350 830 59 or
- US 001 917 508 5615
E-mail:
- info@audit-international.com”
Well during and after Covid-19, the day-to-day working structure of audit has changed a lot. With remote working arrangements and the absence of in-person meeting with clients, it’s been a real testing time for those who have joined the audit profession in 2020 and after. Many of the challenges faced by auditors are limited access to client facilities, personnel, financial records, and documentation. There is an increased need to understand the client’s risk profile and assess how the pandemic has affected their business, due to which auditors are now considering more critical view of clients business rather than just relying on numbers.
Benefits of remote auditing: There are many benefits of remote auditing, which can be summarized here:
- Better use of Technology: Now a day’s most of the entities are digitized and cloud based, allowing an auditor to access the records of clients at his own convenience.
- Virtual meetings: Auditors are wondering at the number of meetings they are attending now despite being confined at homes. Skype, Zoom and alike technology solutions have made it possible
- High reduction in Outstation travelling cost: Businesses were spending billions of money on travels annually; however remote auditing requires zero travel cost.
- Reduction in travel time: Auditors are now working in hybrid mode and travels only when required to attend the office in person
Disadvantage of remote auditing: The remote auditing also has some limitations which are summarized below:
- Limitation on physical audit: Virtual audit is not feasible for audits at floor factories or physical verification of warehouse at manufacturing company.
- Inadequate personal interaction with process owner: Personal interaction with the process owner is limited during a remote audit. Avoiding eye contact, adjusting seat, constantly restless are some of the indications can be observed more clearly during an in-person meeting
- Network interruption leading to inadequate discussion: If network connections are not reliable, they can interrupt interviews and meetings and can also limit access to the database for fetching objective evidence for review.
- Inadequate audit results: Remote audits should not be used as a cost-saving measure. They should only be considered if the audit objectives can be met, beyond any doubt.
Conclusion:
Based on the situation, remote auditing can assist in reducing digital risk, minimize traveling time and its cost, and encourage safety. But it has its own limitation. To win with remote, clients business needs to have the perfect combination of ICT and a forward-thinking tech culture. In the future, remote will continue to be an important component of auditing with its limitation to on-site visits. Tech savvy businesses will continue to leverage both solutions to create more robust and auditor-friendly strategies.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
- Switzerland 0041 4350 830 59 or
- US 001 917 508 5615
E-mail:
- info@audit-international.com”
Audit International, the leading specialists in Internal and External Audit Recruitment across Europe, the US and Asia have learned that perspectives are positive for the accountancy profession in the UK as bonuses and salaries have raised.
According to research from accountancy recruiter Marks Sattin, The average basic salary for accountants slightly improved over the last 12 months by 0.4%, taking it to £67,083. In addition, more than three quarters expect to see their salaries increase further over the next 12 months.
Speaking in terms of bonuses, the average bonus for an accountant in the UK now stands at £10,733, 16% of annual salary. The total bonus pot is £1.2bn this year – £100m more than in 2013/14. This year the number of accountants who received a bonus jumped from 53% to 61%.
Dave Way, managing director of Marks Sattin recently declared regarding this figures “Accountants are sharing a bumper bonus pot this year, riding high on the back of the economic recovery”.
Mentioned research also shows that only 27% of accountants said that they were expecting their organisations to make budget cuts over the year ahead, with only 21% predicting a salary freeze. More than a quarter (27%) feel very secure in their current role, while 61% feel generally secure.
Good perspectives has led to an openness to job moves among accountants; only 28% actively rule out moving jobs in 2015, and 32% said that they will be looking to find a new role. According to recent researches, to move jobs a typical accountant would look for a salary premium equivalent to 15% of their basic package.
For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com
According to a recent survey, there has been an increase in the average working week of risk professionals. The number of auditors who say they regualry work more than 50 hour week has significantly grown. However it is not all bad new as they are very well paid for their overtime.
More than 40 per cent of risk professionals reported working 50 or more hours a week in 2014, a year-on-year rise of 11 per cent since 2013.
Typically the ordinary working week for risk professionals also increased, from 45.5 hours to 45.9 hours. However, only one in ten respondents said they worked regular overtime – considerably fewer than in HR (46 per cent), change management (41 per cent) or compliance (33 per cent). Similarly, only 16 per cent of risk specialists work over the weekend at least once a fortnight, compared with an average of 22 per cent across the wider financial services market.
Risk professionals are seemingly more incentivised by increased pay and benefits than other factors.
Nearly 70 per cent said remuneration is “very important” to job satisfaction, above both work-life balance (57 per cent) and status and responsibility (21 per cent). Only a quarter said that an interesting workload was “very important”, far fewer than professionals in marketing (71 per cent), HR (54 per cent) or procurement and supply chain (52 per cent).
Around a third of risk professionals said they would leave their jobs because of a disappointing salary review, a larger number than in compliance (24 per cent), financial services (21 per cent) or change management (9 per cent).
For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to info@www.audit-international.com
