Posts Tagged “audit news”

With one in five people pledging to pursue career goals and ambitions in their New Year Resolutions, Audit International have researched career experts advice on achieving these in 2023.

New Year, new (career) you! More than 20% of people toasted the start of 2023 with some form of New Year’s resolution and one in five of those pledged to pursue new career goals.
But with January now over, many of those good intentions may have already fallen by the wayside. If that sounds familiar, you’re not alone. In fact, people will typically ditch their ‘New Year New Me’ resolutions by the second week in January.

If that strikes a chord, don’t despair. Audit International has taken some insights from careers experts on their top tips on getting your career back on track.

Re-evaluate your current career choices :
For those with an established job, or who have taken time out of work to start and raise a family, it can be daunting to consider a new industry or completely change career path. However, it’s never too late to take your role in a different direction or re-enter education.

“If you’re looking to change careers in 2023, it’s important to evaluate your previous experience up until now. Consider which parts of your current or past job roles have brought you the most satisfaction or fulfilment, as this can help guide your new career path,”.

Adopt a continuous learning mindset :
Passing all of your exams is an amazing achievement, but that’s when the real learning starts. “Don’t assume you know everything now. Listen and ask questions and make notes and look things up. Every day is a school day!”

Work on your soft skills :
To get ahead in your career it’s also important that you develop soft skills that complement your technical prowess. “As part of your role, you will be expected to provide advice to clients and companies on any number of specific issues they may be experiencing, so developing strong soft skills including clear and concise communication, empathy, and the ability to make decisions to help resolve conflict will be key to your continued success.”

Develop a killer network:
Natural networking is everything. LinkedIn bombing everyone you think might be useful to you is annoying and will rarely achieve anything. Show an interest in everyone you meet and connect in a more genuine way. Try not to just focus on people you think are ‘important’.

Be authentic :
As an accountant, you are well-organised, a skilled number-cruncher and have a keen eye for detail. But as your career progresses and you become a team leader, you will need to focus more on management and people skills. If you get promoted to a management role without any formal training, it can be easy to act like the type of manager you’ve seen in the past. “People buy people, so be yourself, not the manager you think you should be”.

Focus on developing relationships :
Accountancy is a task-oriented job and it’s easy to get lost in the daily grind of completing tasks and hitting deadlines. But the real value you add as a manager is building relationships with staff and being an enabler and facilitator for the team. That means getting to know your colleagues on a personal level and understanding their strengths and capabilities.

Keep your eyes open for growth opportunities :
Don’t get bogged down in short-term deadlines and tasks. “These need to be done for sure, but you should also look more widely to find new areas of growth and challenges that can help you advance in your career”. That could mean studying for a qualification, taking on new responsibilities, or joining a cross-functional team. “Always look for ways to build your skills and contacts and your career will progress nicely.”

Don’t limit yourself to one area :
One of the best ways to elevate your career is by making sure you don’t limit yourself to just one part of the accountancy industry. “Gaining experience in a variety of roles – especially during the first few years of your career, as you decide the areas in which you thrive and most enjoy – will build your confidence and will provide you with essential skills that help boost your long-term career prospects”.

Connect with a mentor :
Regardless of where you are in your accountancy career, having the advice of someone more experienced than you can be invaluable. If you are unable to secure a mentor through work, it is also worth approaching people that you work with who could help you, or you could even look at joining an association that could pair you with someone.

Don’t put too much pressure on yourself :
It’s always good to be ambitious when it comes to your career and education, but avoid putting too much pressure on yourself when it comes to achieving all of your goals or training courses by the end of 2023. “Comparing yourself to others or putting pressure on yourself can lead to you feeling overwhelmed or burnt out. Take as much time as you need and find flexible options that work for you, especially if there are other important childcare or work commitments to take into consideration.”

Be ready to flex. Having a long-term career plan is great. However, things change and you will get frustrated if you can’t adapt or sometimes go with the flow.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Let’s face it. Even here at Audit International, we understand Internal audit still suffers from some rather negative stereotypes. There are plenty of companies or units where internal auditors are not welcomed with open arms. Audit clients may view internal audit with suspicion, expecting a “gotcha” mentality or may feel like they are under surveillance.

Sure, it’s often undeserved and some of it comes with the territory, but we may even be perpetuating such negative views with the words we use. Words and phrases that internal auditors consider just a normal part of the profession’s vocabulary may actually be words that trigger negative reactions in our audit clients. And often, internal auditors don’t realize they are contributing to the hostility by using them.

Words matter and good internal auditors choose them carefully. But auditors are also as prone to using professional jargon as anyone. These are words that have become so commonplace that we might not think too much about what they really mean, especially to others. We all use them. Yet, how they might be interpreted may not be how we intended. So, what can we do about it?

Here are seven words that we should consider their meanings more closely and either use them more carefully or strike them from our vocabulary completely.

1. “Finding”
Most internal auditors call what we consider reportable (in writing and verbally) a “finding.” Think about that for a moment, though. It’s not as if the vast majority of our audit observations were hiding or lurking in some hard-to-discover, dark and foreboding place, and it took our best Indiana Jones skills to unearth them. Lo and behold, ah ha! We have a “finding.” The word relates a context of sleuthing and uncovering things that were hidden, perhaps intentionally.

So put yourself in the shoes of your audit clients. We come along and have all these “findings,” as if they weren’t doing their jobs and it took us to find these gems of reportable conditions. Worse yet, we are often reporting as “findings” what audit clients told us directly. How would you feel if someone walked through your house and told you at the end of their visit that they found the carpets needed vacuuming, the furniture needed to be dusted, and relayed a few other of their insufficient housekeeping “findings.” You’d likely be inclined to never invite them back.

Try using the words “observations,” “conclusions,” or “conditions,” rather than “findings.” You may find they work better in your organization. Audit clients will feel less like they are being accused of hiding information or that they didn’t see something that the auditors later uncovered.

2. “Weakness”
When we observe an issue, we also sometimes couch that issue by using another troubling word, “weakness.” We may not be able to avoid calling breakdowns in internal controls, as they relate to SOX-like work, “control weaknesses” if the controls are not working as they should (or at all). But we should avoid calling observations outside of controls “weaknesses,” if possible.

Think about it. You go into the manager’s office during an audit, and you say, “excuse me, if you have a few minutes I’d like to go over a few weaknesses that have come to our attention during our review of your area.” Expect immediate defensiveness. We might as well be criticizing their first-born by pointing out weaknesses in how the child looks or plays with others. The word connotes physical ineptitude and can strike a visceral blow to any manager’s ego.

Like weaknesses, “deficiencies” isn’t any better for all the same reasons. So, perhaps, try “opportunities,” or “matters for attention,” rather than “weaknesses.” Even “challenges” or “difficulties” will garner a better response from audit clients.

3. “Material”
While the term “material” has been part of auditing language forever and, although tough to really quantify, is an important and meaningful word. I mean, if it’s not material why look at it or consider it at all? We also have the SOX-related nomenclature of “material weaknesses” (which people want to avoid as best as possible). Look, if you tell someone something is “material” and it truly is agreed that it is “material,” that’s a big deal.

Yet when we tell someone who is the owner of something that we want to talk with them about a matter that is “material,” what would be the natural reaction of the person on the receiving end of that word? Disbelief, denial, and outright defensiveness are natural human reactions when told something is “material,” in a bad way, which affects them or their responsibilities. Think about being in the doctor’s office because you have not been feeling well. After a bit of consultation and tests, the doctor comes in the room and tells you that there is something “material” to discuss. You are likely to act with disbelief, denial, and defensiveness, naturally. The word conveys an urgency we might not intend. Do we really want our clients to react that way, now or in the future?

Note that “material” has an important legal context. The Securities and Exchange Commission defines “materiality” as anything a reasonable investor would deem relevant to their decisions about whether and how to invest. While it’s important to use this word carefully in this legal context, it’s also easy to adopt the word and use it outside this context, which can result in misusing it. Another problem with “material” is that it implies that everything else isn’t important or that other aspects of an audit client’s work are meaningless, which is not a great sentiment to convey.

So, perhaps, when you don’t really have to use the word “material” (or “significant” for that matter) in consultation or in writing, maybe consider some different language. Hey, there’s something important I want to run by you when you have a moment, and maybe we can write about the top matters for attention without calling them “material” (unless, of course, we must).

4. “Disclosed” or “Uncovered”

Like the word “finding,” the word “disclosed” (or the word “uncovered’) has a similar connotation. It’s as if the issue was hiding and no one knew about it or would ever find it without you, and your brilliance—the internal audit superhero with x-ray vision. OK, sometimes things were truly hidden, unintentionally or, worse yet, purposefully, and we did use our internal audit superpowers to uncover it and then we get to puff our chest and—cue music here—disclose it. But, come on, that’s rare.

Yet, we use the terminology all the time. For example, resulting from of our testing, it was disclosed that blah, blah, blah. Or, based on our review of the area, it was uncovered that yada, yada, yada. Now, if you’ve got sneaky and underhanded clients, who are going around hiding stuff from you that you truly uncovered and want to disclose to the world, then fine. But most clients don’t do that, and you want to collaborate with them in the future.

Imagine how you’d feel if the external team you hired to do your Quality Assurance Review (QAR) started telling everyone, verbally and in writing, what their work (and only their work) disclosed and uncovered in your internal audit department? How would you react to that? “Disclosed” implies that something was formerly a secret and now you are airing the dirty laundry out for the world to see.

So, maybe we need to back off the “disclosed” and “uncovered” language, at least a bit. Options might include, “along with management, we identified …,” “taking full stock of the evidence, it can be concluded that …,” “testing demonstrated that …,” or similar language. Just don’t use “revealed” instead. That’s just as bad.

5. “Entrance” and “Exit”
OK, you may need to bear with me a bit on this one.

We’re going to start an audit project, and our first meeting with the client is called, in many companies, an “entrance meeting.” Then, when we’ve concluded all our fieldwork, what do we call the last meeting with the client to wrap things up and ride off into the sunset to work on the audit report for weeks on end? The “exit meeting.” They are decent terms, descriptive of exactly what they are … our entrance (ugh, the auditors are here) and our exit (yes, they are leaving, let’s party).

Let me ask you this, though. Is this audit, the one you are doing an entrance into and an exit from, the first and last time you will ever see these folks? I sure hope you have an ongoing relationship and are interacting all year long, or at least on occasion. If that’s the case, there is no entrance and there is no exit because, like the song Hotel California, you may never leave. And, if you’ve done your relationship management right, they are happy about that.

The point is that “entrance” and “exit” are old-school terms from when we did things on a cyclical basis and may or may not come back. Back then, relationship-building was less important and audits had a fixed beginning and end. So, maybe we need to stop calling them “entrance meetings” and “exit meetings,” and just call them something else that isn’t so clinical and auditor sounding. Schedule your Project Introduction Meeting at the beginning and, maybe, your Project Wrap-Up Session at the end, or something like that. And, if you are well down the path of an agile implementation, all that entrance and exit stuff becomes moot anyway.

6. “Consulting”
Back in 1999, the Institute of Internal Auditors introduced the well-accepted and globally codified definition of Internal Auditing as: “An independent, objective assurance and consulting [emphasis added] activity designed to add value…” Back then, the word “consulting” was viewed positively. And, for internal audit to be positioned to not only provide assurance, but to also be viewed as a consultant? Well, to borrow a ’90s term, that would be “da bomb!”

But, somewhere along the way, the word “consulting” came to be viewed less positively, and we’ve started to insert the word advising to soften the term. Should we blame consultants for tarnishing a good word, and making people view consultants and, in turn, consulting, negatively? Perhaps, but that’s not the point.

We all want to be advisors, and the gold standard, the place to be, the coolest accolade, would be to be trusted and be an advisor. So, in our pursuit of being that vaulted trusted advisor, let’s drop the word consulting from our vocabulary, once and for all. Look, your clients might want to “consult” with you, but hopefully you are “advising” them.

7. “Satisfactory”
Often, we as auditors don’t want to overcommit, and use words that might get us into trouble later if something is determined to be different than our work concluded. There is just so much we can evaluate and then we must draw a conclusion and move on. So, we settle on words like “satisfactory,” even if things are notably better than the word implies. From an internal audit perspective, we are hedging out bets. We don’t want to be overly flowery with praise, and just conclude something is either “satisfactory,” “needs improvement,” or “unsatisfactory.”

Put yourself on the other side of the table. Let’s say, for instance, you’ve worked hard at something, gone the extra mile, and made sure it was done exceptionally well. Then, someone comes in, looks it over, and decides that things seem “satisfactory.” Ouch, gut punch! You put in a ton of effort, expected to get an “A” grade, and the professor gives you a “C.” That’s kind of deflating.

Let’s not forget that the word “satisfactory” means acceptable or good enough, but not outstanding or great. Yes, there are reasons to fall on the crutch of concluding, placing our highest auditor grade on something, that it is “satisfactory.” But, perhaps, if we can avoid it, we take the risk, rely on our work, and conclude that something better than a measly “satisfactory.” Don’t be afraid to say if something is exceptional, great, works well, or exceeds the requirement.

The Last Word
There is a lengthy list of good reasons, justifications, and rationalizations for why we use the words we do as internal auditors. Many of them have stood the test of time. Many are in use, and still exist, because we are hearing the world through our own ears, and not our clients’.

If we stop for a minute, and consider what these words sound like and what they actually mean, and the impressions they may leave on the ears of our clients who hear them, perhaps they are not the best words to use. Perceptions are reality, and if you want to change perceptions, maybe one way to do that is to change our vocabulary. In other words, say what you mean and mean what you say.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

In 2023, organizations may face new and expanded cybersecurity and compliance mandates, which could vary from location to location and from one industry to the next. As a result, your organization may be looking to obtain a certification or will need to pass an audit for a specific set of standards or requirements.

While recognition for demonstration compliance or receiving certification is a great reason to celebrate, the process leading up to that is often time-consuming and sometimes dreaded, especially if you must undergo an audit first.

But audits don’t have to be as frustrating as they once were. With the right resources and tools, you can pass your next audit with ease. Here are five tips from Audit International to help:

Know your current program state.
Don’t wait until the audit is underway to find out where you might have gaps or weaknesses. Go ahead and assess your current compliance state so you know what you need to address before your real assessment gets underway. Consider using a cybersecurity compliance platform that automates these assessments for you and look for a platform that gives you real-time compliance scoring, so you’re never caught off-guard if something isn’t functioning as you intended or you’ve overlooked an important control or other security measures.

Document and evidence.
You can do everything correctly and score 100 on your current assessment, but if you don’t have a document repository that puts everything you need right at your fingertips in one place, or if you can’t supply all the necessary proof and evidence an auditor may want, you likely won’t get credit for what you’re doing right. Put away those binders of dusty old printouts you haven’t looked at since your last audit. Instead, use a cybersecurity management platform to track and retain all of your evidence and documentation all in one place for easy, shareable access with your auditors.

Put teamwork to work for you.
Instead of chasing down who’s responsible for which compliance requirement and trying to understand what they’re doing and how well they’re doing it, use a compliance management platform to help you automate task assignments, track progress, send alerts when those tasks are complete, and assign new tasks as they pop up. A platform like Apptega can even externally alert your auditor when your team has completed an evidence request or other necessary task.

Communicate across your organization.
One of the challenges in building a compliance culture is often that program managers speak industry lingo and not the same language that people in different roles within the organization can understand and relate to their day-to-day responsibilities. Instead of scrolling through hundreds, maybe even thousands of rows of data to find what you need for your next compliance conversation, consider using a compliance management platform that has a pre-built library of reports you can quickly draw on for your next engagement, whether that’s your C-suite, an auditor, or your tech team.

Don’t go at it alone.
While you can meet all the requirements on an audit prep checklist, the reality is when you work on a program, it’s easy to overlook issues an outside eye might catch. Before your next audit, go beyond a self-assessment and consider working with an outside compliance consultant to take a closer look at your existing program and help you seek out and address issues before your auditor finds them.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International are stating the main Risks and Actions companies are putting on their 2023 internal audit plans. The past year concentrated attention and shone a spotlight on the increasing fragility of organizations. With a complex set of risks manifesting simultaneously, audit committees are prioritizing some of the most serious implications resulting from the ongoing war in Europe and a triple squeeze of supply chain, workforce and inflation pressures.

According to data from Gartner’s 2023 Audit Plan Hot Spots report, which identifies the key risks and recommended actions for Audit to benchmark their efforts against in the coming year, 81 percent of Chief Audit Executives polled have cyberthreats on their agenda to cover in audit activities over the next 12-18 months, with an additional 13 percent tentatively planning to do so. Even in a year with a high number of varied and seemingly imminent risks facing organizations, cyberthreats remained an agenda topping item for Audit Committees and senior executives as the drivers of the risk shifted from a generalized focus on inadequate security controls to specific need to prepare for highly sophisticated state-sponsored cyberthreats and new cyber breach disclosure requirements. Even as some risks remain perennial threats, shifting drivers can change the nature of the risk and need for updated mitigation and coverage plans.

Cyberthreats, however, are not the only vulnerability an organization faces in an increasingly fragile world. In developing this year’s report, the need for Audit to support their organizations through rethinking their approach to resilience in the face of growing fragility became evident as a key theme underlying several top organizational risks. These risks are generally under-covered in audit plans for 2023, in some cases less tangible and immediate than the category of risks that have been urgently prioritized as a result of the headline events of this year.

Resilience-related risks are manifesting with real world and high-velocity consequences all the same, and Audit needs to understand the risk indicators, urgency drivers and the right questions to ask the business to ensure that rethinking resiliency is on the agenda in 2023.

Below I review three such risks and strategies for Audit on how to approach them.

Climate Degradation
Nearly six in ten CAEs have no specific plans to provide assurance over climate degradation next year. This in and of itself is a key risk indicator for most organizations, as a failure to refresh business continuity plans related to climate risks puts an organization at higher risk for a key infrastructure failure and related loss of productivity among other risks.

While CAEs generally express limited confidence in their climate coverage plans, rethinking resilience means going beyond sustainability reports and identifying vulnerable assets. Audit departments need to incorporate in their plans the inevitability of increasingly severe weather events and mitigation strategies for the loss of key infrastructure, both their own and that of key third parties, such as suppliers.

Culture
Even more challenging for Audit is culture, traditionally a key source of resilience for many organizations that now is fraying under the weight of new working models (hybrid/remote), social and political polarization and a general lack of connection felt by employees who are reporting witnessed misconduct at rates 30 percent lower than pre-pandemic.

Despite such challenges, only 16 percent of CAEs are revisiting culture in light of shifting sociopolitical expectations of their workforce, investors and the media for next year, and just 10 percent report they are highly confident in providing assurance in this area. Internal Audit needs to push the business on reassessing how employee expectations and engagement are monitored in a hybrid and remote world, while policies related to political and social issues need to be formulated now and not in real time during a crisis.

Organizational Resilience
Ultimately, rethinking resilience means covering organizational resilience as a dedicated risk that is part of the audit coverage plan. Organizational resilience, broadly defined, is an organization’s ability to withstand shocks. This is likely to become ever more important in the face of new and ongoing geopolitical tensions, which can abruptly trigger a set of interconnected but differentiated risks to manifest simultaneously. While refreshing scenario planning and mitigating against change fatigue are necessary steps in this process, building true organizational resilience requires a view into the interconnected risks facing an organization and developing resilience-related initiatives across the enterprise.

With less than half of CAEs definitely planning to cover organizational resilience next year and just 32 percent highly confident in providing assurance specifically on matters of resilience, it’s clear there is more work to do in establishing this as a top audit priority. Chief Audit Executives can regain momentum by launching activities that encourage collaborative discussions between business units on interrelated risks and reviewing plans to address change fatigue within their organizations at a time when events over the past two years have likely dramatically diminished capacity in this area.

While these resilience-related risks feel less tangible and urgent than mitigating against “clear and imminent” dangers like supply chain vulnerabilities and state-sponsored cyberthreats, they are important and increasingly acute risks in their own right. Viewing them through the lens of rethinking what it means to be a truly resilient organization can be a useful framework for starting the right conversations within the Audit Committee and formulating effective coverage in next year’s audit plans.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we understand that virtual interviews have become the go-to method of interviewing. So how do you prepare?

Lights! Camera! Action! Are you mastering virtual interviews in your job search?

According to this survey, 33% of employers have an exclusively remote interview process with 21% holding in-person interviews for the final round only.

Audit International might be being “Captain Obvious” here, with a list of the five ways to avoid sabotaging your interview:

1. COMMUNICATE YOUR CALENDAR
If you live with others, let them know when you have a scheduled interview to prevent any interruptions. Take a step further with a sign on the door, locking the door to prevent people from barging in and closing windows to prevent outside noise.

2. FIND A NEUTRAL BACKDROP
Create a distraction-free environment. Test the audio and video to ensure sound is clear, lighting is strong, and the laptop is the right height. In addition, consider purchasing a ring light that attaches to your laptop for optimal lighting. Best to use a natural background rather than a filter.

3. CLEAR YOUR SCREEN
Close all windows and applications on your laptop. Mute any default notifications on all nearby devices so your interview is uninterrupted by pings or ads popping up on open tabs.

4. ESTABLISH GOOD EYE CONTACT
Make eye contact during the interview to establish trust, convey confidence, demonstrate professionalism, and indicate interest.

5. PREPARE FOR THE UNEXPECTED
“If you take these steps to rid your interview space of potential distractions, you’ll be able to focus on what really matters—connecting with the interviewer across the screen, demonstrating your qualifications, and learning more about the opportunity to determine if it’s right for you.”

Are there any other top tips you can think on to add to the list?

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

With businesses facing the strongest economic headwinds in years, the Chartered Institute of Internal Auditors is urging internal auditors to embrace data analytics to navigate more risky, uncertain, and volatile times ahead.

To support their call to action the Chartered IIA, a professional organization for internal auditors in the U.K. and Ireland, in partnership with AuditBoard has published a new report “Embracing data analytics: Ensuring internal audit’s relevance in a data-led world.” The report is aimed at encouraging internal auditors to fully embrace data analytics in the age of systemic risk.

The aftermath of the pandemic, the war in Ukraine and now a recession has all magnified and exacerbated a multitude of business-critical risks. These major risk events are having compounding downstream effects on supply chains, inflation, growth, costs, Forex rates, cybersecurity, and workplace mental health. Creating an adverse business risk environment of a kind not seen for decades. Making it challenging for boards to keep pace with the myriad of risks they now face.

“Data is key for organizations to navigate more risky times ahead and it is key for the future of internal audit. Understanding what the data shows about risk resilience in today’s complex environment will help ensure organizations’ success. We urge businesses and internal audit to embrace data analytics,” says John Wood, Chief Executive of the Chartered Institute of Internal Auditors.

However, in these challenging times harnessing and embracing the power of data analytics can enable internal audit to deliver faster and more incisive insights on fast moving risks, that boards can then act upon swiftly. Helping organizations to quickly identify, manage, and mitigate emerging risks during rapidly evolving situations.

Needs Improvement
The report is based on a survey of 298 internal audit executives from the private, public, and third sectors across the UK and Ireland. The survey revealed:

60% of internal audit functions are already using some for of data analytics, an additional 7% having advanced to AI. However, this still leaves a third yet to adopt data analytics.
The top three risk areas for using data analytics are financial (62%), fraud (17%), and legal and compliance (6%).
The top three benefits of using data analytics include greater level of assurance (48%), 100% audit coverage (21%) and enhanced efficiency (14%).
The top three barriers to fully embracing data analytics include lack of skills (49%), lack of resources (24%) and lack of time to implement (12%).
Only 17% expressed concern that internal auditors could be replaced by robots in the future. Instead, data analytics and AI can free up internal auditors’ time to focus on strategic and systemic risks that could be coming down the track.

The report makes several recommendations for boards and internal audit, including:

– Boards and internal audit should ensure that senior management has defined the organization’s top five risks, and that the data support this view and is correct and reliable.
– Boards and internal audit should ensure that the organization has its own data strategy in place.
– Boards should work with internal audit to identify what data is available to improve risk assurance, and how data analytics could be applied to this data to improve assurance coverage across the organization.

– Boards and internal audit should work together to champion a data analytics culture and promote a data-first mindset.
“Given the warp speed at which risks can emerge and wreak havoc, embracing data-analytics is non-negotiable for boards and internal audit if they are to stay on top of the multitude of risks that organizations are now wrestling,” says Richard Chambers, Senior Internal Audit Advisor of AuditBoard, and former President of the Global IIA. “Data analytics enables faster and higher quality assurance for boards to then act on. In stormy economic times a data-led approach has never been more urgent.”

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International believe effective communication of information on risks associated with hazards and control measures, is an essential and integral component within the risk assessment process. The fundamental goal to communicate the outcome of your risk assessment thereafter to the rest of the organization, contributes to the health and safety of your (peer) employees.

A risk assessment is usually executed by you as a safety professional, being part of the safety department of an organization. For you, the outcome of the risk assessment is often quite clear and simple to follow. However, struggles do arise to communicate about risk outside the safety department. How do you communicate to different organizational levels effectively? How do you make sure everyone in your organization is not only aware of, and but also understands the risks they are dealing with? Audit International have these tips.

In this short blog, we will focus on the Communication and Consultation step. You must communicate about your risks and its treatment, but how do you handle this? If you communicate too much no one will know what to listen to nor remember it. If you communicate too little, no one will understand the context or details of the information. Use the tips below to overcome such struggles.

Tips for effective risk communication:
1. Have a common ground
Before talking about risks, people need to understand the basic concepts of safety. Do not assume that everyone is on the same page regarding risks. Define concepts clearly to avoid confusion. Make sure that there is a common definition of risk established, so employees manage risk based on the common concept and view of what constitutes as risks. Inform your organization about the nature of the risk management and why you are doing it.

2. Make sure everyone can understand
As you communicate to different levels and departments in de organization, it is convenient to tailor your message to the one who receives the message. One of the goals for risk communication is to provide meaningful, relevant, and accurate information in clear and understandable terms. Be aware that these criteria can be different for people on the operational work floor than for higher management. Adjust your information to your target audience, so everyone in the organization knows their role in managing the risks they face. This will help you filter the information effectively.

3. Consider the form of communication
How often do you want to communicate to your colleagues? Depending on which colleagues, this could be every day, every week, monthly, or yearly. If the frequency is yearly, writing a report will not be too much trouble. If the frequency is weekly, writing a report will likely be too time-consuming to create and read. It won’t be long before your employees are demotivated which will likely lead to less clear communication – or worse, confusing communication! Think about other ways of communication, such as videos, posters, or interactive means. A one-sided communication strategy is likely to be less effective.

4. Build a sense of inclusiveness and ownership
You know that managing risk is not a one-person job. This process involves different departments and colleagues. It is impossible to manage risk effectively if there is no communication and consolation with each colleague that is involved – with each stakeholder. To optimize the communication and consultation you need to make sure that each stakeholder understands, knows and agrees what is expected from them in relation to the management of risk.

By communicating on risk management, you will involve your colleagues and create inclusiveness and ownership. Ownership is important, because let’s face it: risks that are not owned are often not managed. Clarity on personal responsibilities is very important to prevent incidents from happening. There is no need to have accidents that could have been prevented through effective communication between stakeholders.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we have seen a significant shift in the way in which environmental, social, and governance (ESG) data has been perceived in recent years. It has gone from being an ‘add-on’ to being a vital opportunity for corporations to boost their competitiveness. As consumers become more discerning about environmental, social, ethical, and responsible business practices, organizations are increasingly starting to realize that reporting ESG data can have significant brand and reputational benefits.

However, this is just the beginning. The value of ESG data extends beyond reporting—when handled properly, it can unlock value for an organization in a variety of ways.

What is ESG and ESG Reporting?
It’s important to note that there is a distinction between ESG and sustainability. The terms are often used interchangeably, but there are important differences. Essentially, sustainability deals with how an organization’s operations impact the environment and society, whereas ESG has more to do with how an organization’s environmental, social, and governance initiatives affect its financial performance.

According to the Center for Audit Quality (CAQ), “ESG reporting encompasses both qualitative discussions of topics as well as quantitative metrics used to measure a company’s performance against ESG risks, opportunities, and related strategies.”

How companies can use ESG data to their advantage
When organizations treat ESG reporting as more than a box-ticking exercise to meet regulatory obligations, they stand to reap a number of benefits, as follows:

● Profitability and sustainability: Including ESG data in an extended planning and analysis (xP&A) strategy allows an enterprise to see how that data affects financial and operational data, which is key to making ESG initiatives sustainable and profitable.

● Risk management: Neglecting ESG issues can result in financial or reputational damage. Thus, all organizations should ensure that they incorporate ESG data into their risk management strategies. By voluntarily disclosing this information, they will demonstrate that they are taking sufficient steps to protect themselves and their stakeholders from ESG-related risks.

● Competitive advantage: Focusing on ESG can help an organization gain a better understanding of what matters to its stakeholders while also identifying opportunities. Furthermore, reporting ESG data will help stakeholders compare the organization with its competitors. This works in the organization’s favour if it is outperforming peers on the ESG front.

● Uncovering critical operational drivers for decision-making: ESG data can help an organization see where sustainable changes could improve efficiency and make its business more ethical and equitable. This can greatly enhance the decision-making process.

What are the main challenges to effective ESG Reporting?
ESG reporting is continuously evolving as governments announce new standards that companies need to comply with, as well as a new mandatory International Sustainability Standards Board (ISSB) standard that is expected to be announced by the end of the year (2022). It also touches every financial process. For these reasons, companies can find the whole ESG journey intimidating.

The following are some of the main obstacles that need to be overcome:

● Several ESG optional frameworks: The Global Reporting Initiative (GRI), Task Force on Climate-Related Financial Disclosures (TCFD), and the Sustainability Accounting Standards Board (SASB) are some of the more notable ESG frameworks, but there are plenty of others, many of which are specific to certain regions or industries. It can be challenging for companies, especially those operating in multiple countries, to know which ESG standards and frameworks to adhere to. This will all change when the mandatory ISSB standards are announced at the end of 2022.

● Complexity of data management: Whether meeting regulatory requirements or carrying out voluntary disclosures, companies need to be able to collect, translate, and process ESG data. This is a task that is complicated by the fact that the data is often siloed across different IT systems and is often stored in different formats. In addition, sustainability can be hard to quantify.

● Lack of ESG insight to inform decisions: Many organizations have difficulty seeing the connection between ESG data and financial results, especially when captured in spreadsheets, which means they are unable to use the data to improve their bottom line and sustainability initiatives.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

As the threat of climate change mounts, Audit International know that businesses must take steps to counter its damaging effects. This is in order to meet ambitious government Net Zero targets, which aim to halve emissions in a little over a decade.

The promising news is that the majority of organisations now understand that sustainability must be made a priority when it comes to devising their overall strategy.

However, companies are often left in the dark as to how best to report on their ESG credentials in a way that’s impactful and means something to shareholders and other stakeholders. It’s clear that what’s needed is a uniform set of standards for measurement and reporting, just as there is for financial performance. This is particularly prevalent in the Accounting sector, where calls are increasingly being made to introduce universal and transparent ESG standards.

However, the world of sustainability reporting is a confusing and often disparate mass of names and frameworks. They include the Climate Disclosure Standards Board (CDSB), the Global Reporting Initiative (GRI), the International Integrated Reporting Council (IIRC), the Sustainability Accounting Standards Board (SASB) and the Task Force on Climate-related Financial Disclosures (TCFD).

The good news is that a forerunner has emerged that promises to offer a single source of truth when it comes to ESG reporting. It is called the International Sustainability Standards Board (ISSB). The ISSB will do for sustainability reporting what the International Accounting Standards Board (IASB) does for financial reporting. That is, develop standards for companies to report their performance to investors. Both will be under the International Financial Reporting Standards (IFRS) Foundation umbrella.

Where did the new framework originate and what exactly is it?

Created at 2021’s COP26, ISSB will provide a global baseline for high-quality sustainability reporting that supports the work being done in the US by the Securities and Exchange Commission (SEC) and the European Union (EU)’s Corporate Sustainability Reporting Directive (CSRD).

The ISSB is focused on ‘single materiality’ or the ESG information that drives valuation and matters most to investors. This is also the focus of the SEC and so the mandates are consistent. In contrast, the CSRD has a broader ‘double materiality’ mandate, which means it will cover information of interest to stakeholders, even if it is not of interest to investors. Linking the two is the concept of ‘dynamic materiality’, meaning that more light can be shed on ESG issues – such as climate change – moving forwards.

The ideal outcome is that ISSB becomes a global standard which integrates the work of all previous standards and frameworks focused on investor needs. Ideally, the SEC and EU can use its standards. The EU can then top these standards up with those covering double materiality. As dynamic materiality makes these relevant to investors, the ISSB can then take over responsibility for the standard setting process.

How can ISSB success be achieved?

The corporate community has a key role to play in ensuring the success of the ISSB. Investors are increasingly demanding information on a company of interest’s sustainability performance. At the same time, companies are increasingly being accused of greenwashing their sustainability reporting by making it appear more environmentally sound than it is.

Having standards, with proper audits, addresses both issues. That said, it’s important to note that standards aren’t targets for issues like carbon emissions or diversity and inclusion. Rather, they provide credible information on the reporting done by a company on its progress in achieving whatever targets it decides to set, if any.

While ensuring that ISSB is a success, companies can also take steps to secure their own long-term viability. The first way is to participate in the standard setting process. As with financial standard setting, exposure drafts for proposed standards will be published in the public domain. Companies need to join investors in providing their input, including constructive critiques. If a company has an opportunity to participate in any advisory councils and working groups or share its views in comment letters, it should make the effort to do so.

The second approach is to proactively adopt these standards. There will be an inevitable lag between when the standards are published and the country in which the company is headquartered making them mandatory. However, those who wait will likely lose out.

As some companies quickly adopt ISSB’s standards, investor pressure will mount for others to follow suit so they can compare companies’ performance and do their own analysis. Failure to report won’t give a company the benefit of the doubt. Rather, investors will likely assume the worst, all to the possible detriment of the company’s stock price.

Ultimately, the ISSB will make life better for any company which cares about having a sustainable, long-term corporate strategy. Therefore, companies should give their full support to make these standards the best and most accurate they can be.

​“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International this week, we are are all talking about the Chartered Institute of Internal Auditors dropping their ‘Risk in Focus 2023’ report. The report compiles the results of 9 in-depth interviews, 4 round table events with 39 participants, and responses from 834 Chief Audit Executives (CAE)’s from across 15 European countries. In a nutshell, the report has some solid contributors, meaning, the top 10 areas which are concerning other CAE’s, might be worth you thinking about also – especially as you prepare your 2023 annual plan.

The Risk in Focus 2023 report has had a great refresh and shows the movement of each of the risks over the years. This year’s report shows 15 categories worth consideration:

– Mergers and acquisitions

– Health, safety and security

– Communications, reputation and stakeholder relationships

– Fraud, bribery and the criminal exploitation of disruption

– Organisational culture

– Organisational governance and corporate reporting

– Financial, liquidity and insolvency risks

– Supply chain, outsourcing and ‘nth’ party risk

– Business continuity, crisis management and disasters response

– Climate change and environmental sustainability

– Digital disruption, new technology and AI

– Changes in laws and regulations

– Macroeconomic and geopolitical uncertainty

– Human capital, diversity and talent management

– Cybersecurity and data security

The report finds that the greatest movers, in terms of focus / attention given to this particular topic by CAE’s, found the following four categories had the most increased attention and focus since 2020:

– Macroeconomic and geopolitical uncertainty

– Human capital, diversity and talent management

– Supply chain, outsourcing and ‘nth’ party risk

– Climate change and environmental sustainability

This years report also highlights the impact the war in Ukraine has had on many of the businesses and risks highlighted in the report.

For each of the risks, the report provides suggestions on how Internal Audit can help the organisation.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”