Posts Tagged “audit jobs”

Have you ever had one of those days where you were determined to write that audit report? So you block off the time on your calendar, go into your office, shut the door, remove any and all distractions and breathe. Because now is the time to take all of those thoughts and perfect phrases running wild in your head and put them on paper. You sit down at your desk ready to make it happen. And you come up with nothing.

You decide to invite a colleague in to assist. Because after all, two heads are better than one. The two of you discuss the issues thoroughly, but nothing seems to sound right.

Writing objective observations takes time, skill, and tact. And if you’re like any other auditor, the audit issues sound wonderful in your head. But by the time you formulate the right words, reach for your pencil and place it on paper, that wonderful wording has become a distant memory. It’s worse if you’re in a group setting because you now become frustrated as the group begins asking you to repeat what you said. Unable to remember words uttered only seconds prior, it is only then that you realize how old you truly are.

If you’ve ever faced this situation, do not fear. There are several tools and techniques you can use to speed up and improve your report writing. But first, we must address the five big problems with writing reports:

1. We think faster than we write
2. Our million dollar thoughts come at the wrong time
3. We believe in writer’s block
4. We look for perfection in the first paragraph
5. We don’t understand and/or appreciate the writing process

5 Problems with audit report writing
We think faster than we write
We’ve all been there. Browsing through our cabinets trying to make a mental grocery list. Then you reach the point where there are too many items to remember. You decide to write a list. You reach for your paper and before the pen touches the pad, you’ve already forgotten the five items you wanted to write.

Our brains are fascinating. I can remember where I was in the summer of 1989, but I cannot remember what I ate for breakfast this morning. It is that forgetfulness that can derail your report writing.

Our million dollar thoughts come at the wrong time
Worse yet is when you have this wonderful idea, but then realize that it is 5:00 o’clock and you are stuck in traffic. There is no way you can capture that great thought without causing a pile up. So you try other techniques. You turn off the radio and repeat whatever it is over and over. You hope to continue this until you get home, or at least until you get to a stopping point. Of course something interrupts your thought and you forget what you were trying to remember.

We believe in writer’s block
Some people believe that writer’s block is a thing. I’m here to tell you, it is not. At least in the context of business writing or internal audit reports. Wikipedia define writer’s block as follows:

“Writer’s block is a condition, primarily associated with writing, in which an author loses the ability to produce new work or experiences a creative slowdown. This loss of ability to write and produce new work is not a result of commitment problems or lack of writing skills. The condition ranges from difficulty in coming up with original ideas to being unable to produce a work for years. Writer’s block is not solely measured by time passing without writing. It is measured by time passing without productivity in the task at hand.”

As you can see, writer’s block is a primary concern for creative writers. Our audit reports are, or should be, factually based non fiction. We are taking a series of facts, placing some logic and order to those facts, and providing management with a conclusion. What we are not doing, is creating new characters or developing plots and story lines. We know the beginning, middle and end of the story. Therefore, we know what to say. The problem is how do we say it so that it has the best impact given within the culture of the organization.

We look for perfection in the first paragraph
Because audit report writing is simpler than creative writing, we believe that we should be able to sit down and create the perfect prose in minutes. After all, we know the beginning, middle and end of the story. When we finally put pen to paper, our initial draft is usually not good. We then become frustrated. But I believe that frustration is because we don’t understand the writing process.

We don’t understand and/or appreciate the writing process
All the magic happens in the editing. Any writer will tell you this. Ernest Hemingway famously once said that “The first draft of anything is ****” (insert a very bad word here). As someone who has had articles published, I can tell you this is true. I can recall the first time I sent something to an editor. I thought it was an okay piece. But what came back was a magnificent manuscript. I fined tuned it a little and the result was something we were all pleased with. The writing process does not require perfection at the start. Your initial goal is to get something on the page. After that, trust the process and let the magic happen in editing.

3 tools you can use
Google voice typing
Because our brains seem to signal our mouths to speak faster than our hands can write, voice typing is the perfect shortcut to getting those wonderful words out of your head and on paper. For those unfamiliar with voice typing, you talk, it types. It’s as simple as that. Well, sort of.

The best free voice typing tool I’ve found is through Google. Log in to your account. Then, access Google Docs and open a document. Go to Tools, then Voice Typing (or you can press Ctlr+Shift+S).

You will see a microphone that may say Click to Speak. Click it, talk to it, and watch the magic happen. You will need to learn certain commands like period, comma and new paragraph. But other than that, if you speak clearly, it will recognize most speaking voices and words.

Your Cell Phone voice recorder
If barking out commands to your computer isn’t your thing, you’re in luck. There’s another option. If you’re like me, your cell phone is probably within arms reach. Grab your phone and go to your favorite app store. Search for a voice recorder. You should see several. Download one that piques your interest.

You can now record yourself talking about the audit issues. Now you will never miss that wonderfully worded paragraph that would sound great in an audit report. Once recorded, you can listen to the recording and pull out the impactful paragraphs.

Transcription
If you truly believe the recording represents your best work ever, you can have it transcribed. Yes, you heard me, transcribed. It’s not as bad or as expensive as you think. Before I get into that, I must say that I am not being paid by nor am I endorsing these specific products. there are several transcription services that I have used. Some use live transcribers while others use automated engines.

Summary

Writing audit reports can be a daunting task. But it has to be done. Nowadays we have a lot of tools that can help streamline the process. Many of the biggest issues start with us. Writer’s block is only as real as we allow it to be. Sit down and put something on paper. Use some electronic tools to get your words on paper. Almost any words will do. Afterall, the magic happens in the editing.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

This week Audit International are taking a look at the 4 ways how Internal Audit can get a seat at the table.

When it comes to risk management and compliance, most organizations operate on a 3 Lines of Defense (3LOD) model, in which operational management, compliance, and internal audit work together in tandem to assess and mitigate risk and manage controls and compliance.

This model may be successful in theory, but as the risk management and compliance functions have grown more complex, it doesn’t always work as well as you might hope. Given the rising sophistication of cybersecurity threats and incidents of fraud, and the increasing compliance requirements posed upon organizations of all sizes, it can be difficult to keep an organization-wide pulse on threats and breaches in compliance as they arise.

The problem is, the three branches don’t always collaborate effectively, which may leave internal audit out of the loop and unable to provide much value to the organization. They may not have access to the data they need to generate effective recommendations. The internal audit team’s focus may be simply on checking boxes and ensuring compliance, rather than providing strategic insights that will help your organization understand and take steps to mitigate new threats.

If you want your internal audit team to move the needle at your organization, you need to get the ear of executives who can advocate for your work. By partnering with leadership, you’ll be able to spearhead new initiatives and gain critical access to data that will help your organization save money and reduce risk, proving your team’s value.

Here are four strategies for doing that effectively:

Identify the key people who can support you, and make a plan to build relationships with them
Your audit team will naturally be in touch with the managers who can provide key information needed to conduct your audits—but by focusing only on these contacts, you’re missing out on building relationships with the leaders who will be able to help you gain a more visible role in the organization. Build a plan for conducting periodic outreach to higher-level executives within your organization, such as your chief risk officer or your CTO. You can solicit feedback from them on any open questions they may want your team to review in your audits, or provide high-level executive briefs showcasing work that you’ve done and issues they may want to explore in further detail. Make sure that they know you and your team are available to support them and open for feedback.

Proactively address organization-wide trends
Rather than focusing solely on issues identified in individual audits, start looking at your audit results in aggregate to identify trends. Is a single department or office location having trouble resolving a specific compliance issue, or is it an across-the-board trend that should be shared with your executive team? Review your data frequently to understand risks that should be mitigated, and come up with step-by-step action plans for how they should be addressed, including who’s responsible and what the benchmarks for success are.

Pay close attention to third-party risks
Many audit teams take an insular view of risk management, failing to uncover the external risks brought on by vendors and technology partners. Make sure that you have policies in place to carefully vet and automate compliance on your third-party vendors, pulling in external data that will alert you to any financial or legal issues they may face. Regularly track all of your solutions and technology partners for red flags, and ensure that you have a strategy for mitigating them. You can showcase your findings in sessions with executives and other partners throughout the business, and collaborate to come up with a plan for any of your scenarios. Keep in mind that risks from big providers such as Amazon or Facebook may impact a lot of your customers or partners as well, so ensure that you map out all of the variables that may impact your company’s business model across the board.

Use best-in-class GRC technology to automate compliance and analyze data
In order to provide the most useful insights to your leadership team, it’s important to integrate your entire risk management function across an easy-to-use GRC platform. Your GRC platform should come with pre-built content that will help you automate your controls framework, regardless of your industry. It should make it easy to monitor compliance status and risk levels across the organization at any given time, with triggers prompting action when control levels are not being met. You should be able to easily drill down into your data and generate executive dashboards, so that you can share insights to justify recommendations and help your leadership team make better informed business decisions.

By building a cohesive strategy for integrating with the 3LOD, backed by in-depth data analytics, real-time data feeds, and workflow automation, your audit team will be able to generate insights that can help to identify new risks, and develop new strategies for mitigating risks across the entire organization. This will help you to become a highly visible, influential, and trusted partner to the business.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International were in awe to hear this revolutionary news from the billionaire founder of the outdoor fashion brand Patagonia. He has announced just yesterday he is giving away his company to a charitable trust.

Yvon Chouinard said any profit not reinvested in running the business would go to fighting climate change.

The label has amassed a cult following due to sustainability moves like guaranteeing its clothes for life and offering reasonably priced repairs.

The brand’s website now states: “Earth is now our only shareholder.”

Mr Chouinard has always said he “never wanted to be a businessman”.

A rock climbing fanatic, he started out as making metal climbing spikes for himself and his friends to wedge into rocks, before moving into clothing and eventually creating a hugely successful sportswear brand with a cult following.
Founded in 1973, Patagonia’s sales were worth around $1.5bn this year, while Mr Chouinard’s net worth is thought to be $1.2bn.

He claimed that profits to be donated to climate causes will amount to around $100m (£87m) a year, depending on the health of the company.

“Despite its immensity, the Earth’s resources are not infinite, and it’s clear we’ve exceeded its limits,” the entrepreneur said of his decision to give up ownership.
The Californian firm was already donating 1% of its annual sales to grassroots activists and committed to sustainable practices. But in an open letter to customers, the apparently reluctant businessman said he wanted to do more.

Mr Chouinard said he had initially considered selling Patagonia and donating the money to charity, or taking the company public. But he said both options would have meant giving up control of the business and putting its values at risk.

Instead, the Chouinard family has transferred all ownership to two new entities. The Patagonia Purpose Trust, led by the family, remains the company’s controlling shareholder but will only own 2% of its total stock, Mr Chouinard said.

It will guide the philanthropy of the Holdfast Collective, a US charity “dedicated to fighting the environmental crisis” which now owns all of the non-voting stock – some 98% of the company.

“Each year the money we make after reinvesting in the business will be distributed as a dividend to help fight the crisis,” Mr Chouinard said.
Patagonia combines high-end outdoor fashion with its own brand of environmental and social activism. It’s a heady combination that certainly appeals to a loyal, if predominantly well-heeled following.

Part of the attraction comes from the fact that its environmentally conscious stance isn’t new. It was preaching eco-awareness years before sustainable fashion became fashionable.

But it’s still pretty hard to save the planet, if your business depends on selling stuff, however many recycled or renewable products you use.

By ringfencing future profits for environmental causes, Patagonia’s founder Yvon Chouinard has done his best to square that circle.

But he is also clearly trying to ensure that Patagonia brand is future-proofed and can never fall into the hands of the kind of companies he has accused of greenwashing in the past.

It’s nice to bring a good news story to you readers, and it will be interesting to see if any other climate conscious companies will follow suit. The bar has well and truly been set.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The role of an IT Auditor within an organisation is to maintain the security of the company’s IT systems, ensuring they are efficient and cost effective. They must maintain the firm’s internal controls, records and data as well as to help organisations operate within the law to guarantee they’re not in breach of compliance and regulatory standards.

When it comes to the types of questions an individual can expect upon applying for IT Audit jobs, Audit International got the inside scoop when they sat down with a Company Director, to get his insights on what candidates can expect.

The likelihood is that the interviewer will start with questions aimed at getting a good sense of a candidate’s technical background. Questions around certain controls within a tech environment, networks, routers and so on.

The purpose of these questions is to get a sense of a candidate’s technical background, as well as their understanding around IT governance, IT general controls and IT risk management. This is your chance to demonstrate the way you evaluate IT and your examination of it in relation to IT risk and IT control frameworks.

Other questions will be focused on drawing out whether a candidate is right for the role in question as there are so many different specialisations within IT Audit, including cyber security, IT General Controls and applications, infrastructure or data. So, the interviewer is hoping to see where a candidate fits best within the business as well as getting an idea of the types of technologies they’ve had exposure to. This could be directed at the different types of environments you’ve had experience with, such as Linux and UNIX or it could be broader in terms of the networks and databases you’ve worked on.

In this day and age employers are definitely looking for individuals who are more technically competent and SME specialised rather than being IT generalists.

The next thing interviewers will want to assess is a candidate’s soft skills, as well as their ability to cast a helicopter view across the business as a whole, which could prompt more situational questions:

How do you face off to senior executives?
How do you deal with stressful situations?
What is your tactic for delivering negative feedback to the business or to a colleague?
If you encounter a difficult stakeholder, how would you go in and manage their expectations?

You will also be asked questions regarding your communication skills, specifically when it comes to relaying information to non-IT people. They want to see that you’re comfortable breaking down the technicalities of IT into layman’s terms in order to make it accessible to those non-technical people both at board level and elsewhere in the business.

Tell us about a project you’ve worked on.

A lot of IT Audit shops will run audits as projects which may lead to questions around specific ones you’ve worked on and other questions around project management.

Tell me about a technical problem you’ve encountered.

This is your opportunity to talk about an issue you’ve gone in to evaluate and how you’ve interacted with a non-IT user, built that relationship in order to identify the problem and worked with them to resolve it.

Moving on from soft skills, the interviewer will likely want to broach a candidate’s awareness of risk and controls. The line of questioning may be centred on databases for instance:

What types of controls would you be looking for?
Where do you think the weaknesses might be? What about areas of resilience?
Are there any security or compliance issues based on that?

Candidates really need to show how well they can evaluate these issues. It’s about providing enough detail so that you cover all the relevant points an employer would be looking for, while also contextualising your answers within the broader scope of the business’s needs. You need to show industry awareness beyond your technical qualifications.

Why do you want to work in IT Audit?

Some candidates may be coming from the Big Four, which is a fairly classical move into IT Audit, though of course other people will be coming from different backgrounds and disciplines, so the interviewer is going to want to understand the motivation behind your chosen career.

IT Audit is different to business audit, for the latter you need to be an SME in a particular area. If you’ve been working in manufacturing for 10 years, it would be very difficult for you to move into banking audits for instance. However, as an IT auditor perhaps within the cyber security space conducting third party assessments looking at cloud security and so on, though that is a very specialist area, you would have an easier transition between industries. Overall, the important thing an interviewer will be looking for is valid and researched reasons for wanting to work in that industry.

What is your perception of IT Audit, specifically with regards to this business?

This is where you can demonstrate that you’ve done your homework on the company and explain how you see the role of IT Audit and its subsequent benefit to the business. This can also lead onto a discussion around where you see your career in IT Audit progressing, whether that’s moving up the ladder of IT Audit itself or using it as a platform to move into another area of the business.

Where do you see your career going in the next 3-5 years?

The interviewer doesn’t expect you to know exactly where your career is going to go, but they do want to understand your ambition. Having a clear vision for your own professional development is reassuring for your potential employer and certainly helps them better place you within the business and collaborate in order to create value both for your personal progression and for the business itself.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Any company operating successfully in this day and age, no matter its capacity, needs to effectively leverage its technology systems and make effective use of data. It is inevitable now that if a company wants to progress it must make a significant investment in technology. While these technology investments and innovations are required, it comes at a cost. This increased dependence on IT by extension increases the level of technological risk that an organisation faces, which has the knock-on effect of therefore increasing the relevance of IT audit.

The necessity of conducting IT audits within an organisation comes from its role in supporting effective risk management, particularly with regards those risks posed by weak cyber security measures. Data breaches and cyber-crime have escalated in response to the world’s digitalisation, an issue not limited to the financial services industry as world leading sports technology brand, Garmin, became one of the most recent victims of hacking. Thus proving that businesses large and small are equally vulnerable to attack.

The need for a strong IT audit function, while critical to the way businesses are now utilising technology to better navigate the market, also affects the way they relate to their staff. Since our daily lives are greatly integrated into our devices, that coupled with existing technological advancements, and the current professional climate means that businesses have been forced to interact with their employees very differently. Numerous processes have been digitalised, from annual leave forms to team meetings, paper and people have been replaced with electronic alternatives. Thus as the adoption of technology adoption increases, we see a knock-on effect of introducing risk into the environment.

IT audits focus on the gamut of risks associated with a business, identifying and evaluating them with a view to implementing the proper controls needed to action them in the best way. In helping an organisation understand the potential risks it faces, IT audit gives an organisation a clear strategy on how to action those risks, whether they can be eliminated, mitigated or tempered by the use of proper controls.

The IT auditors are there to guide the ‘implementers’ of the organisation through the resulting internal and external changes effected by the increasingly technologically-driven working environment. Many companies have struggled to adjust to the changes, falling short of successful strategic execution on the big money-making projects. This is where IT audit has proven its relevance as being that objective voice in the room to play devil’s advocate and advise on where those people implementing the changes may need to refocus their attention.

Applying regular and thorough IT audits keeps the relevant systems in check by raising potential security risks and actioning any solutions. Looking at the areas of company performance, business resilience in the face of crisis planning, compliance with existing and emerging standards and regulations, and financial health; the IT audit function exists to weed out any inaccuracies or inefficiencies within both the organisation’s management and the way it’s conducting itself as a business.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have put together a brief guide to strategic audit planning and resourcing.

Managing your audit requires strategic planning whilst ensuring that all internal resources are appropriate and effectively deployed.

Strategic audit planning
An audit needs assessment (ANA) exercise should be undertaken to inform the development of the organisation’s internal audit strategy (IAS). This ANA should be regularly updated and the IAS amended as necessary to reflect the changing assurance needs of the organisation.

The ANA should be updated at least annually but, increasingly, organisations are seeking to achieve more organic strategies that evolve more frequently to reflect the increased speed of change which many are experiencing – particularly fuelled by technology and competition. This requires continuous monitoring of the internal and external environment, and frequent and meaningful dialogue with both senior management and the audit committee.

The ANA represents a critical ingredient in the provision of an adequate, relevant and timely internal audit. It should be used to direct internal audit resources to those aspects of the organisation that represent the greatest risk to the achievement of its objectives, and where internal audit can aid management of those risks.

The ANA process should include:
-Review of the organisation’s risk register / board assurance framework
-Review of performance management data
-Review of previous audit opinions and progress on actions
-Review of other second and third line sources of assurance
-External major incidents/risks and other factors such as industry issues
-Planned organisational changes or major projects
-Reports from regulators
-Discussion with senior management, audit committee and external audit

All of the above should be considered in the context of organisational risk appetite, current risk exposure and acceptance of risks.

In organisations which have moved their risk management arrangements on to reflect the board assurance framework, this is a useful tool in the ANA process. This approach starts with strategic objectives, the risks to achieving those objectives, and then typically the ‘three lines of defence’ within the organisation which aim to manage risk to within appetite.

The first line of defence is the internal control environment recognising the policies, procedures and processes put in place by management. The second line of defence is management’s own monitoring and risk assurance processes including those escalated up through the governance framework. The third line of defence is independent assurance, providing a position statement for internal audit within organisations.

When considering the focus of the organisation’s IAS, the board assurance framework can help internal audit identify where it can provide assistance in its ‘consulting’ role surrounding business critical risk exposure beyond risk appetite. It can also help identify where ‘independent’ assurance will add most value by focusing upon those controls which the organisation believes are managing business critical risks within risk appetite.

The IAS should prioritise reviews over a particular timeline. The timing of reviews will be driven by a number of factors such as:
-Priority for each area of coverage, in terms of the level of risk exposure and risk appetite
management or audit committee concerns regarding a particular area.
-Degree of stability in respect of systems, staff and other organisational change
-Time since last audit and audit outcomes
-When specific risks are considered likely to materialise and impact
The audit resources necessary to deliver individual assignments will be driven by a number of factors such as:

System complexity:
-Factors such as number of locations, transactions and frequency
-The assurance which can be brought forward from previous audits
-The envisaged scope and objectives of the proposed audit

The IAS and the annual plan (year 1) within it will normally be subject to audit committee review and approval, with changes in subsequent years approved as appropriate in accordance with agreed protocol.

Resource management
Few managers have a blank cheque when it comes to budgets. Internal audit is no different.

Internal audit will typically adopt a medium timeline for strategic planning purposes allowing the chief audit executive (CAE) to balance assurance needs and resources within a defined budget envelope to provide reasonable assurance to audit committee and senior management. Short term or specific skills gaps can be bridged through recruitment, training or co-sourcing.

Where the budget of the department is insufficient to meet the assurance needs of the audit committee and senior management, the CAE will need to raise such concerns and explain the impact of such limitations upon the assurance they are able to provide. The audit committee can direct a review of resources and approve as required to meet its needs.

In determining and managing the resource need:
-Identify the number of individuals, skills mix and specialist skills necessary to deliver the approved IAS
-Analyse your current resources against this need to identify resource shortfalls and skills gaps based upon realistic target -Utilisation / efficiency levels
-Allocate audits based upon skills and experience to in-house team members
-Identify how resource shortfalls will be met – recruitment, out-source or co-source
-Ensure that planned audits are delivered in accordance with the approved budgets to identify and take timely action in -Respect of any deviation to keep delivery of the audit plan on-track

When managing co-sourced or out-sourced relationships to support the audit plan:
-Tender for specialist work suitably balancing cost and quality considerations
-Ensure robust and clear contracts are in place with: requirements, pricing, confidentiality, data security, ownership of -Intellectual copyright and working papers, dispute resolution, and exit terms
-Establish clear operating procedures and approval processes within a service level agreement to ensure that each assignment is delivered in accordance with expectation

IT solutions may enable more efficient and effective internal auditing. However, this will be dependent upon a number of factors such as the size of the audit plan, size of the respective team, geographical spread and degree of standardisation or repetition within the audit plan.

Increasingly, internal audit is utilising a risk based approach to audit strategy, rather than simply providing coverage of the audit universe on a set cycle. Some of the value within traditional IT solutions can be limited and not justify their cost. Therefore as with any system acquisition you should undertake a detailed needs analysis and review the product offering to determine if it will meet those needs and provide value for money.

Likewise with increased functionality within common office IT products, there is the ability to utilise existing software to automate elements of the audit documentation and facilitate analysis of large volumes of data if it can be extracted in a common format from the organisations core management information systems.

Knowledge management
The internal audit function must develop the skills, experience and knowledge within its team members. Importantly it must also ensure that as team members change, their knowledge is retained as far as possible or transferred to other team members. Effective audit management systems, notice periods, team working and knowledge sharing practices will assist in minimising associated key person risks.

The following techniques may assist in acquiring and developing in-house skills:

-Structured appraisal and performance management
-Informed training programmes at both a team and individual level
-In-house training programmes to deliver common training needs
-Procure external training for specific specialist training needs
mentoring programmes
-Joint delivery of reviews with co-sourced providers to facilitate knowledge transfer
effective knowledge management systems.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

It’s become a truism that the ‘new normal’ as the world emerges from Covid-19 lockdown will not, and cannot, be like the old normal. But what does this mean for internal auditors? What skills will be most in demand and what can you do about it if you do not feel that you have enough of these at the moment? Audit International have all these answers and more.
As in other areas of the wider economy, many of the skills that are going up in value and demand (and those that are going down) reflect longer term trends that have been exacerbated by the crisis. A strong suite of technical auditing skills now puts more emphasis on so-called ‘soft’ skills and less on some traditionally prized abilities to sift and process information, although independent judgment, logical reasoning and analysis will always be important.

IT auditing is becoming an increasingly specialist preserve that is beyond the scope of most internal auditors, however many employers now expect all internal auditors to have a strong grasp of the basics of data analytics and of what analytics programmes can do for audits and assurance. This IT-savvy must go hand in hand with a wide imagination about the potential uses of the technology and how it can be employed more effectively.
What is new, however, is that ‘soft’ skills and IT experience are no longer nice-to-haves. Whereas a few months ago, there was a shortage of internal auditors in many sectors, now employers are likely to be able to pick and choose. The post-Covid landscape is likely to be bleak for many sectors and internal auditors will not be immune. There will be redundancies and people will need to look more broadly at their CVs, personal skills development and, possibly, at the options available to them in a wider range of sectors.

Russell Bunker, director at Barclay Simpson, says that the highest demand is currently for “experienced internal auditors operating at the delivery level”. Fewer organisations are hiring senior audit managers or trainees, he says. However, he added that a number of fixed-term or interim job opportunities are emerging and there are new jobs appearing as a consequence of an increase in co-sourced internal audit work. Some of these trends may be short-lived, of course, and may reflect temporary bans on permanent hiring.

So, what are the key skills internal auditors will need to thrive in the short and longer term?
1. Communication is key
Emotional intelligence may not have always been top of the list for internal auditors, but it’s hardly a new requirement. Internal auditors have to be great communicators – if you cannot talk to people – and, just as importantly, listen to them – you can neither learn from them nor persuade and influence them.
As computers take on ever more of the analysis side of auditing, we need humans who understand how people operate in real life, what makes them tick? Internal auditors need to pick up the nuances to spot when things may be wrong behind the scenes. They need to use the right language to relate to the people they need to get on their side or to persuade people to change the way things are done and to understand the need to better governance. And they need to be able to convey important messages simply and effectively. This is not always about being ‘nice’ – it’s about being effective. Some of these messages may be tough and they need to be understood and acted on.
It’s also about being able to demonstrate the behaviour that you preach. Actions really can speak louder than words.

2. Business acumen
This has always been important, but is becoming ever more so. Internal auditors see the whole of the business from the inside, but they also need to be able to look beyond it, and beyond their sector and region, if they are to appreciate emerging risks and the bigger picture. They need to understand what keeps their CEO awake at night – and, even more importantly, what should be keeping him or her awake at night.
Increasingly, they are being expected to know a lot about the potential impacts of everything from macro economics to climate change and the complexities of supply chains. Sourcing and reviewing the most up to date and reliable information is vital, but you also need the acumen to know how this could affect your business and to spot the risks and opportunities. Those who do not display this knowledge will not gain the respect internal audit needs from senior management to be effective.

3. Flexible and agile
Speed is of the essence. How can you offer assurance more effectively, more rapidly and more effectively? This is the holy grail of internal audit and will become even more so in the post-Covid landscape. Technology can help, but it takes people to think about how they can use it better. Those with the imagination and the drive to improve, adapt and change will be most valuable to, and valued by, management.

4. Personal relationships and networking
Use your personal relationships and find out what peers, colleagues, friends and family are doing. Be curious and ask questions. This is partly about being well-informed and partly about good communications. There are loads of ways to keep in touch so use them – from social media to Facetime to old-fashioned phone calls. You never know what may come in useful in future but the broader the net, the more you are likely to benefit.

5. Proactive – use your imagination
Imagination and curiosity are now so important that they deserve a mention on their own. Again, they are not new skills for internal auditors, but they have never been more important. You don’t need a formal mentor to tell you to think about where you want your career or your audit team to be in six months’ time. But it can help to take some time out of your normal routine to practise thinking more imaginatively. Many things in the near future will need to change and someone will need to identify potential changes and the ways to achieve them.
Equally, imagination is an important part of effective communication. What are your auditees doing and why? What are they going through? What do you want them to be doing in future – and how can you help them to get there?

6. Sell, sell, sell
It’s been said that everyone is selling something – and if they say they’re not, they’re lying. Selling has a bad reputation in the UK. It’s seen as duplicitous and bad-mannered. However, sales skills are just as vital for good ends as for bad. Internal auditors are going to have to compete for attention even harder and many will have difficult messages to convey in the near future. If you want management, auditees and colleagues to listen to you and respond to your messages, you will need adequate sales skills.
And, if you’re in a sector that has been badly affected by the pandemic, you may need to brush up your CV and prepare to sell your own skills more aggressively. If you have what it takes to help organisations weather this crisis, don’t sell yourself short.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we have always been on the lookout for clever ways to describe internal audit’s role in an organization.

Elevator speeches are fine when you have 60 seconds to describe the value your profession brings to an uninformed bystander. However, an elevator speech doesn’t hold a candle to a well-crafted sound bite that will leave a lasting impression.
One of our favorites used to be “internal audit is the brakes that allows the organization to drive faster.” The reasoning behind this analogy is that brakes are a critical component in a vehicle. To be sure, they are used to prohibit a vehicle from moving. But more importantly, brakes are crucial to maintaining control of a vehicle. Of course, well-resourced, independent internal audit functions add little value if they impede an organization’s ability to take risks and achieve results. But they add value when, like brakes on a car, they empower management and the board with information to slow down or stop if critical risks lie ahead.
Over the years, Audit International have come to view the “internal audit-as-brakes” analogy to be a bit outdated. It envisions internal audit as being primarily control-focused. Today, internal audit provides much greater value than merely a set of brakes. After all, a vehicle with an outstanding braking system can still end up in the wrong place. Brakes are great for stopping or slowing down. However, they do little to help change course. Internal audit in the 2020’s must be help create – not just protect value!
We believe a more powerful analogy is that internal audit is a critical component of an organization’s navigation system. Consider the value of a modern navigation system. Once the departing and arriving locations are entered, a navigation system provides timely and crucial feedback on the progress of the journey. The friendly voice provides turn-by-turn advice on reaching the destination. It recognizes when a turn has been missed, and quickly alerts the driver to “make a legal U-turn.” It can be programmed to recommend routes that are faster, less congested, or avoid tolls. Some alert the driver when the speed limit is being exceeded, or the vehicle is being taken on unsafe roads.
Much like the navigation system in a vehicle, internal audit shows its powerful value by:
• Providing assurance that the organization is progressing on the course charted by management and the board.
• Providing recommended corrective actions when the organization is off course (please make a legal U-turn).
• Identifying risks in advance (much like a navigation system warns of an accident or road congestion ahead).
• Alerting management and the board of compliance risks/failures (think excessive speed).
• Providing assurance that the organization has “arrived at its destination.”
To succeed, organizations in the 21st century must manage risks – both internal and external, whether related to finance, operations, strategy, technology, regulations, or reputation. While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. In the past five years, we’ve faced the most extraordinary global pandemic in more than a century, more global financial turmoil, cybersecurity breaches that even target our infrastructure, corporate failures, and more. In the immediate future, we are facing the prospect of severe supply chain disruptions, inflationary pressures not seen in 40 years, and likely more nasty surprises from COVID-19. Relying on a good braking system will be inadequate to navigate the hills and valleys that lie ahead. Instead, organizations need strong navigation systems with well-resourced and independent internal audit functions fully integrated to succeed.
Granted, Audit Internationals updated analogy may be oversimplified. Strong internal audit functions add value in a multitude of ways, and we are never more critical that management and the board in navigating risks that our organizations face. However, I find it is useful to think through analogies such as this one so that I can better articulate internal audit’s role in ways that everyone can understand.
We welcome your thoughts.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

The Characteristics of Highly Successful Internal Auditors
Nobody knows it better than us here at Audit International that Internal auditors are a rare breed. To perform well in their jobs, they must have a set of skills and characteristics that are typically uncommon in one person. For example, they need to be analytical with laser-like focus, while also being “people-persons” with great communication skills. They need to be rule-followers, while also having the creativity and curiosity to blaze new trails. No one ever said it was easy, but becoming a top internal auditor takes dedication, hard work, and, as Liam Neeson said in the movie Taken: “a particular set of skills.”
We recently set out to identify the skills and characteristics good internal auditors must possess to perform well in their jobs. We found that some, like curiosity and integrity, are typically characteristics that are just part of our personality or not. Others, like technological know-how and communication abilities can be learned and honed through professional development and training courses. Others lie somewhere in the middle.
This is by no means an exhaustive list. There are many other skills and attributes not listed here, such as knowledge of the business, project management capabilities, and relationship building that are important to thriving as an internal auditor. Yet these are the qualifications chief audit executives, senior managers, and board members cite most often as the key abilities they are looking for in good internal auditors.
Regardless of how we acquire them, and in no particular order, here are the top six characteristics internal auditors should possess:
1) Great Communication Skills
It’s no secret that internal auditors need to be excellent communicators to execute their jobs well, however, that requirement has only increased as the COVID-19 pandemic closed offices and employees were forced to work from their homes. Now internal auditors must often conduct audits remotely, interviewing process owners and others through phone calls and video conferencing. It’s one thing to assess body language, tone, and facial expressions from across a desk or conference table, but quite another to read those important non-verbal cues during a Zoom call or over some other digital communication platform.
It doesn’t stop there. Internal auditors have many constituencies to serve. From their audit customers to senior management and the board, they must be able to navigate many relationships within the organization and sometimes bridge seemingly conflicting views on what’s important to the company. That takes great communication skills and any internal auditor that doesn’t possess them will likely falter in their roles.
2) Unyielding Curiosity
Good internal auditors ask why? Great internal auditors keep asking “why?” Like a child who follows up one question of “why?” with “OK, but why?” top internal auditors keep asking questions until they fully understand the issues at hand. They are not easily swayed with a pat answer or put off the trail with an explanation that doesn’t quite add up. Their natural curiosity keeps them pushing until they find the answers and explanations that satisfies them—in other words, when there are no more “why” questions to ask.
Such intellectual curiosity doesn’t just serve good internal auditors well in the pursuit of fraud and wrongdoing, either. It helps them fully understand how controls, processes, and business units work, so they can make recommendations to improve them.
3) Technological Savvy
Increasingly, the job of the internal auditor relies on technological tools, such as data analytics, cloud-based application platforms, and data visualization. Indeed, the internal auditor of the future will likely also need to be an expert—or at least proficient—in such areas as artificial intelligence, machine learning, and technologies still out on the horizon. For this reason, internal auditors who don’t embrace new technologies and learn enough about them to at least begin to experiment with new ways of doing things will be left behind. While it’s important to embrace the more recent technologies that internal audit is increasingly coming to rely on to execute its duties, a digital revolution is taking place in just about every facet of the organization. To complete audits of nearly any process or function will require a working knowledge of increasingly complex technologies. It’s true too, that the top risks in any organization typically involve areas like cybersecurity, data governance, and information security, all of which require internal auditors to be tech savvy..
4) Ability to Work Independently and on a Team
It might seem contradictory to say that internal auditors must be able to work on their own, but then also be good team players, but it’s true, and the remote work scenarios brought on by the pandemic have only made it truer. Internal audit has always required a good bit of independent work, but the amount has increased with remote audits and auditors working from home. The ability to work independently relies on such underlying skills as self-motivation, self-management, and accountability. Without daily meeting in the conference room and the chief audit executive looking over their shoulders, internal auditors must be resourceful and reliable to keep projects humming along. That doesn’t mean they no longer have to be able to work well with others. More recent work models, particularly agile audit, require lots of interaction and coordination. This harkens back to the importance of communication abilities, but good internal auditors are also team players.
5) Drive to Be Life-long Learners
I once asked a chief audit executive: What is the single most important thing you look for when you are hiring a new member of your internal audit team? Without hesitation, he said: “I look for someone who is always looking to learn new things.” He explained that internal auditors must be generalists and specialists at the same time. Their jobs will take them to many places and expose them to new knowledge all the time..
The fact that internal auditors get exposure to lots of different aspects and units of the business is certainly one of the benefits of the job, but it comes with challenges. They must be able to constantly digest new information and learn new parts of the business. No two audits are ever the same and without the desire to learn something new, it will be difficult for an internal auditor to approach each new assignment with the sponge-like ability to absorb new knowledge and come up to speed quickly on a process or function.
6) Integrity and Courage
Perhaps above all else, integrity and courage must be at the core traits of a high-performing internal auditor. There will be times when internal auditors are asked to look the other way or ignore some faulty control or management wrongdoing, and they must simply be able to resist the urge. It’s never easy to confront someone who isn’t doing the right thing and bring it to light, but it’s a trait that top internal auditors all possess.
One more thought on integrity and courage: We often think of these things in terms of big crises and scandals, where the internal auditor stands up to an accounting fraud that is taking place in the organization or a CEO who is up to no good. Yet it more often integrity and courage will be called up for small things, where someone is looking to cut a corner or isn’t treating others with respect. This is when integrity, along with a good moral compass can help an internal auditor push past a roadblock and get an audit back on track.
Just Add Hard Work
So, call them what you may: characteristics, skills, qualifications, or abilities, but working on these six things will go a long way toward excelling as an internal auditor. Of course, they aren’t enough in themselves to ensure a quick rise through the ranks of the internal audit team. That requires hard work and dedication to the job. But they will certainly put you on the right track.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

After the rollout of the vaccine and the end of lockdown restrictions, businesses are picking up and hiring into their Internal Audit departments and many candidates seem curious to take the next step in their audit careers.

COVID-19 has quickened audit firms’ adaption toward new ways of operating. Shifting to a remote and flexible working schedule by audit firms and the companies adds a new challenge already faced in adapting the audit to a tech-evolving corporate world and placing new demands on audit professionals. However, new ways of working will bring important benefits as well as posing challenges that have to be addressed.

Traditionally, firms have emphasized personal integrity and professional skepticism in audit professionals, and these attributes will undoubtedly remain vital. But in the new and fast-developing environment, auditors will also need to develop even deeper knowledge of business, a powerful curiosity about technologies and an agile mindset that embraces disruption.

This demonstrates the motivation of both candidates to find a new role and clients to hire into the Internal Audit profession. These figures have also likely been positively affected by the relative ease in which most interviews are now being conducted by video call rather than in-person. While auditors still retain their independence within organizations, they are nonetheless now expected to take a more collaborative, forward-looking approach to Risk Management and Governance. As a result, Internal Audit is increasingly seen as a value-add function rather than a cost center.

In order to achieve the expectation of audit objectives in hybrid environment, it is necessary for the auditor to plan well in advance with the following recommendatory steps.

-Gain an understanding of client business either through documented SOPs, policies to understand its Operations, Compliance and Financial area

-Being adept with trending technologies

-Being able to use the latest audit tools and techniques

-Adapting to the need for agility

-Being able to address regulatory compliance in a changing landscape

-Interdisciplinary approach to audit

-Effective communication skills at all business levels

-Ability to understand emerging technologies

-Ability to predict future challenges

-Ability to take a business-centric approach

-Ability to plan and execute, keeping the big picture in mind

-Ability to integrate adaptability into the audit design

-Ability to increase focus on key risk areas to improve assurance

-Ability to use process mining to analyze data

-Decide on the language to be used for the interview and ensure everyone involved speaks that language.

The auditors need to be more practical and realistic for carrying out audit involving Information Technology as a tool rather than as a barrier.

 

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following: 

 Calling  

  • Switzerland 0041 4350 830 59 or
  • US 001 917 508 5615

 E-mail:

  • info@audit-international.com”