Posts Tagged “audit services”

Have you ever had one of those days where you were determined to write that audit report? So you block off the time on your calendar, go into your office, shut the door, remove any and all distractions and breathe. Because now is the time to take all of those thoughts and perfect phrases running wild in your head and put them on paper. You sit down at your desk ready to make it happen. And you come up with nothing.

You decide to invite a colleague in to assist. Because after all, two heads are better than one. The two of you discuss the issues thoroughly, but nothing seems to sound right.

Writing objective observations takes time, skill, and tact. And if you’re like any other auditor, the audit issues sound wonderful in your head. But by the time you formulate the right words, reach for your pencil and place it on paper, that wonderful wording has become a distant memory. It’s worse if you’re in a group setting because you now become frustrated as the group begins asking you to repeat what you said. Unable to remember words uttered only seconds prior, it is only then that you realize how old you truly are.

If you’ve ever faced this situation, do not fear. There are several tools and techniques you can use to speed up and improve your report writing. But first, we must address the five big problems with writing reports:

1. We think faster than we write
2. Our million dollar thoughts come at the wrong time
3. We believe in writer’s block
4. We look for perfection in the first paragraph
5. We don’t understand and/or appreciate the writing process

5 Problems with audit report writing
We think faster than we write
We’ve all been there. Browsing through our cabinets trying to make a mental grocery list. Then you reach the point where there are too many items to remember. You decide to write a list. You reach for your paper and before the pen touches the pad, you’ve already forgotten the five items you wanted to write.

Our brains are fascinating. I can remember where I was in the summer of 1989, but I cannot remember what I ate for breakfast this morning. It is that forgetfulness that can derail your report writing.

Our million dollar thoughts come at the wrong time
Worse yet is when you have this wonderful idea, but then realize that it is 5:00 o’clock and you are stuck in traffic. There is no way you can capture that great thought without causing a pile up. So you try other techniques. You turn off the radio and repeat whatever it is over and over. You hope to continue this until you get home, or at least until you get to a stopping point. Of course something interrupts your thought and you forget what you were trying to remember.

We believe in writer’s block
Some people believe that writer’s block is a thing. I’m here to tell you, it is not. At least in the context of business writing or internal audit reports. Wikipedia define writer’s block as follows:

“Writer’s block is a condition, primarily associated with writing, in which an author loses the ability to produce new work or experiences a creative slowdown. This loss of ability to write and produce new work is not a result of commitment problems or lack of writing skills. The condition ranges from difficulty in coming up with original ideas to being unable to produce a work for years. Writer’s block is not solely measured by time passing without writing. It is measured by time passing without productivity in the task at hand.”

As you can see, writer’s block is a primary concern for creative writers. Our audit reports are, or should be, factually based non fiction. We are taking a series of facts, placing some logic and order to those facts, and providing management with a conclusion. What we are not doing, is creating new characters or developing plots and story lines. We know the beginning, middle and end of the story. Therefore, we know what to say. The problem is how do we say it so that it has the best impact given within the culture of the organization.

We look for perfection in the first paragraph
Because audit report writing is simpler than creative writing, we believe that we should be able to sit down and create the perfect prose in minutes. After all, we know the beginning, middle and end of the story. When we finally put pen to paper, our initial draft is usually not good. We then become frustrated. But I believe that frustration is because we don’t understand the writing process.

We don’t understand and/or appreciate the writing process
All the magic happens in the editing. Any writer will tell you this. Ernest Hemingway famously once said that “The first draft of anything is ****” (insert a very bad word here). As someone who has had articles published, I can tell you this is true. I can recall the first time I sent something to an editor. I thought it was an okay piece. But what came back was a magnificent manuscript. I fined tuned it a little and the result was something we were all pleased with. The writing process does not require perfection at the start. Your initial goal is to get something on the page. After that, trust the process and let the magic happen in editing.

3 tools you can use
Google voice typing
Because our brains seem to signal our mouths to speak faster than our hands can write, voice typing is the perfect shortcut to getting those wonderful words out of your head and on paper. For those unfamiliar with voice typing, you talk, it types. It’s as simple as that. Well, sort of.

The best free voice typing tool I’ve found is through Google. Log in to your account. Then, access Google Docs and open a document. Go to Tools, then Voice Typing (or you can press Ctlr+Shift+S).

You will see a microphone that may say Click to Speak. Click it, talk to it, and watch the magic happen. You will need to learn certain commands like period, comma and new paragraph. But other than that, if you speak clearly, it will recognize most speaking voices and words.

Your Cell Phone voice recorder
If barking out commands to your computer isn’t your thing, you’re in luck. There’s another option. If you’re like me, your cell phone is probably within arms reach. Grab your phone and go to your favorite app store. Search for a voice recorder. You should see several. Download one that piques your interest.

You can now record yourself talking about the audit issues. Now you will never miss that wonderfully worded paragraph that would sound great in an audit report. Once recorded, you can listen to the recording and pull out the impactful paragraphs.

Transcription
If you truly believe the recording represents your best work ever, you can have it transcribed. Yes, you heard me, transcribed. It’s not as bad or as expensive as you think. Before I get into that, I must say that I am not being paid by nor am I endorsing these specific products. there are several transcription services that I have used. Some use live transcribers while others use automated engines.

Summary

Writing audit reports can be a daunting task. But it has to be done. Nowadays we have a lot of tools that can help streamline the process. Many of the biggest issues start with us. Writer’s block is only as real as we allow it to be. Sit down and put something on paper. Use some electronic tools to get your words on paper. Almost any words will do. Afterall, the magic happens in the editing.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

This week Audit International are taking a look at the 4 ways how Internal Audit can get a seat at the table.

When it comes to risk management and compliance, most organizations operate on a 3 Lines of Defense (3LOD) model, in which operational management, compliance, and internal audit work together in tandem to assess and mitigate risk and manage controls and compliance.

This model may be successful in theory, but as the risk management and compliance functions have grown more complex, it doesn’t always work as well as you might hope. Given the rising sophistication of cybersecurity threats and incidents of fraud, and the increasing compliance requirements posed upon organizations of all sizes, it can be difficult to keep an organization-wide pulse on threats and breaches in compliance as they arise.

The problem is, the three branches don’t always collaborate effectively, which may leave internal audit out of the loop and unable to provide much value to the organization. They may not have access to the data they need to generate effective recommendations. The internal audit team’s focus may be simply on checking boxes and ensuring compliance, rather than providing strategic insights that will help your organization understand and take steps to mitigate new threats.

If you want your internal audit team to move the needle at your organization, you need to get the ear of executives who can advocate for your work. By partnering with leadership, you’ll be able to spearhead new initiatives and gain critical access to data that will help your organization save money and reduce risk, proving your team’s value.

Here are four strategies for doing that effectively:

Identify the key people who can support you, and make a plan to build relationships with them
Your audit team will naturally be in touch with the managers who can provide key information needed to conduct your audits—but by focusing only on these contacts, you’re missing out on building relationships with the leaders who will be able to help you gain a more visible role in the organization. Build a plan for conducting periodic outreach to higher-level executives within your organization, such as your chief risk officer or your CTO. You can solicit feedback from them on any open questions they may want your team to review in your audits, or provide high-level executive briefs showcasing work that you’ve done and issues they may want to explore in further detail. Make sure that they know you and your team are available to support them and open for feedback.

Proactively address organization-wide trends
Rather than focusing solely on issues identified in individual audits, start looking at your audit results in aggregate to identify trends. Is a single department or office location having trouble resolving a specific compliance issue, or is it an across-the-board trend that should be shared with your executive team? Review your data frequently to understand risks that should be mitigated, and come up with step-by-step action plans for how they should be addressed, including who’s responsible and what the benchmarks for success are.

Pay close attention to third-party risks
Many audit teams take an insular view of risk management, failing to uncover the external risks brought on by vendors and technology partners. Make sure that you have policies in place to carefully vet and automate compliance on your third-party vendors, pulling in external data that will alert you to any financial or legal issues they may face. Regularly track all of your solutions and technology partners for red flags, and ensure that you have a strategy for mitigating them. You can showcase your findings in sessions with executives and other partners throughout the business, and collaborate to come up with a plan for any of your scenarios. Keep in mind that risks from big providers such as Amazon or Facebook may impact a lot of your customers or partners as well, so ensure that you map out all of the variables that may impact your company’s business model across the board.

Use best-in-class GRC technology to automate compliance and analyze data
In order to provide the most useful insights to your leadership team, it’s important to integrate your entire risk management function across an easy-to-use GRC platform. Your GRC platform should come with pre-built content that will help you automate your controls framework, regardless of your industry. It should make it easy to monitor compliance status and risk levels across the organization at any given time, with triggers prompting action when control levels are not being met. You should be able to easily drill down into your data and generate executive dashboards, so that you can share insights to justify recommendations and help your leadership team make better informed business decisions.

By building a cohesive strategy for integrating with the 3LOD, backed by in-depth data analytics, real-time data feeds, and workflow automation, your audit team will be able to generate insights that can help to identify new risks, and develop new strategies for mitigating risks across the entire organization. This will help you to become a highly visible, influential, and trusted partner to the business.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International were in awe to hear this revolutionary news from the billionaire founder of the outdoor fashion brand Patagonia. He has announced just yesterday he is giving away his company to a charitable trust.

Yvon Chouinard said any profit not reinvested in running the business would go to fighting climate change.

The label has amassed a cult following due to sustainability moves like guaranteeing its clothes for life and offering reasonably priced repairs.

The brand’s website now states: “Earth is now our only shareholder.”

Mr Chouinard has always said he “never wanted to be a businessman”.

A rock climbing fanatic, he started out as making metal climbing spikes for himself and his friends to wedge into rocks, before moving into clothing and eventually creating a hugely successful sportswear brand with a cult following.
Founded in 1973, Patagonia’s sales were worth around $1.5bn this year, while Mr Chouinard’s net worth is thought to be $1.2bn.

He claimed that profits to be donated to climate causes will amount to around $100m (£87m) a year, depending on the health of the company.

“Despite its immensity, the Earth’s resources are not infinite, and it’s clear we’ve exceeded its limits,” the entrepreneur said of his decision to give up ownership.
The Californian firm was already donating 1% of its annual sales to grassroots activists and committed to sustainable practices. But in an open letter to customers, the apparently reluctant businessman said he wanted to do more.

Mr Chouinard said he had initially considered selling Patagonia and donating the money to charity, or taking the company public. But he said both options would have meant giving up control of the business and putting its values at risk.

Instead, the Chouinard family has transferred all ownership to two new entities. The Patagonia Purpose Trust, led by the family, remains the company’s controlling shareholder but will only own 2% of its total stock, Mr Chouinard said.

It will guide the philanthropy of the Holdfast Collective, a US charity “dedicated to fighting the environmental crisis” which now owns all of the non-voting stock – some 98% of the company.

“Each year the money we make after reinvesting in the business will be distributed as a dividend to help fight the crisis,” Mr Chouinard said.
Patagonia combines high-end outdoor fashion with its own brand of environmental and social activism. It’s a heady combination that certainly appeals to a loyal, if predominantly well-heeled following.

Part of the attraction comes from the fact that its environmentally conscious stance isn’t new. It was preaching eco-awareness years before sustainable fashion became fashionable.

But it’s still pretty hard to save the planet, if your business depends on selling stuff, however many recycled or renewable products you use.

By ringfencing future profits for environmental causes, Patagonia’s founder Yvon Chouinard has done his best to square that circle.

But he is also clearly trying to ensure that Patagonia brand is future-proofed and can never fall into the hands of the kind of companies he has accused of greenwashing in the past.

It’s nice to bring a good news story to you readers, and it will be interesting to see if any other climate conscious companies will follow suit. The bar has well and truly been set.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International are aware that public sector organizations face a variety of risks, ranging from cyber threats to budget constraints to compliance concerns. While internal audit teams in the government sector might not be responsible for solving all those risks, they need to make sure that they are following through with relevant risk management protocols.

Therefore, it is essential that internal audit teams are conducting internal audit risk assessments to figure out what these risks look like.

“Risk-based auditing ensures that the internal audit activity is focusing its efforts on providing assurance and advisory services related to the organization’s top risks… This requires internal auditors to have a working knowledge of basic concepts, frameworks, tools, and techniques related to risk and risk management,” explains the Institute of Internal Auditors (IIA).

In this article, we’ll examine five tips to help public sector internal auditors build better risk-based audit plans. These include:

1) Define your goals
Before you get too bogged down in the specifics of running an internal audit risk assessment, take a step back and consider what you’re trying to accomplish. Doing so includes finding internal alignment within your audit team and with other stakeholders.

As Baker Tilly advises, internal audit teams “should meet with the various stakeholder groups – management, the audit committee, and the governing body – to explain the process, set expectations for the results and listen to any desired outcomes, as a means of adapting the approach or identifying other activities where internal audit can add value.”

2) Organize your data
Conducting an internal audit risk assessment also requires strong data practices. But before you can get to a place where you are using data analytics to identify key risks, public sector organizations often need to organize their data first.

Information might be held in a variety of systems that makes analysis inefficient, if not ineffective. Tools like TeamMate+ use a data exchange API framework to pull together data from different sources, such as governance, risk, and compliance (GRC) systems and enterprise resource planning (ERP) tools, giving you a complete picture of what’s happening within your organization.

3) Get agile
If you go through an entire risk-based audit without getting any feedback along the way, then it’s easy to get off track. For one, risks might have changed from the time the audit started to when it eventually wraps up. And when you present to stakeholder leaders at the end of the risk assessment, it can be tough to then incorporate their feedback into your internal controls and assurance processes.

Engaging in agile auditing can help. By breaking an internal audit risk assessment down into more manageable chunks — where different risk areas go from the planning to presentation stages in short sprints — public sector internal auditors may have an easier time adapting to change and incorporating feedback.

4) Go dynamic
Agile auditing creates a dynamic internal audit risk assessment. Instead of approaching these assessments as an annual occurrence, you can review public sector risks on more of an ongoing basis.

That means collaborating with other departments throughout the year to keep up with emerging risks, which is where good data-sharing practices also come in handy. Dynamic or continuous risk assessments can also result in more frequent reporting so that you can keep everyone in the loop and get their timely feedback. Having a strong internal audit risk assessment tool like TeamMate that can help you simplify risk scoring and create efficient audit reports makes a big difference.

5) Keep up with public sector requirements
Lastly, working in internal audit in the government sector means staying on top of general risks like cybersecurity and financial concerns, along with meeting specific public policy guidelines and regulations. Public sector internal auditors often turn to sources like Wolters Kluwer, which provides resources like webinars and other Expert Insights so you can learn what you need to do to strengthen internal audit as a government organization.

Following these five tips can go a long way toward creating a strong internal audit risk assessment and a better audit process overall. Even if it seems like your organization doesn’t face many risks, conducting a risk-based audit can help you stay on top of any changes to your risk level. Rather than being caught off guard, building a reliable internal audit risk assessment plan can help your organization control risk, however that takes shape.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have been thinking recently about what internal audit should know about ESG risks, and where best to start but with the E, which is for Environmental.

In this, the first in a series of three articles, we will drill down on Environmental risk and explore how internal audit can have an impact by focusing on key risks.

Environmental risks :
There’s no single taxonomy of environmental risks. Consider what categories your organization uses and what is used elsewhere in the sector. The following should all be covered, at a minimum, but may be described in different ways using different terminology:

Climate change :
This should include the effect of greenhouse gas (GHG) emissions – we usually talk about carbon dioxide but there are seven gases covered by the GHG protocol
Pollution from emissions and discharge (i.e., water, soil, air)
Biodiversity loss and deforestation
Waste management
Resource use – impacts of raw materials, production, transportation, and distribution (consider water, energy, and other natural resources)
Hazardous materials
There is clearly an interplay between these risks, but as they represent the major environmental impacts, this offers a good starting point.

This should fit neatly into your existing risk assessment process. Typical impacts for the organization will be reputational, legal and regulatory, financial, operational, and ultimately strategic. All things we are very familiar with.

Getting started – Determining the key risks
Every organization is different. You will need to start with a risk assessment to determine the key risks, potentially using the list above. To do this, you will need to understand the main environmental issues in your business, considering a number of factors:

What sector(s) you are in, and what are the main impacts of that sector. Search out industry guidance from standard setters such as GRI (Global Reporting Initiative), international business groups, such as the World Economic Forum, and thought leaders, such as McKinsey. It is important to consider all the main parts of your business, from the environmental impact of the raw materials you source, through transportation, production, and sales. Although focus on your immediate impacts may be easier, the impacts outside your organization’s immediate control are often more significant. For example, a significant environmental impact of electronics is the extraction of rare earth metals essential for their production.
Where your business is based, the places in which you operate, where you source materials from, and where you sell to. This is important for a number of reasons. It drives the nature and extent of legal and regulatory risk that the organization faces. It also influences the attitudes of stakeholders, such as customers and consumers, as these may vary significantly. But bear in mind, that these factors can change quickly and this needs to be built into any risk assessment.
Requirements of your customers. This may be contractual for government or corporate procurement, or the preferences and attitudes of consumers. This is also partly based on location (as mentioned above), but in global markets, it is never that simple.

All of this (and more) should have been considered by the business (first or second line) and internal audit should leverage their work, effectively challenging and validating. If this has not been done, internal audit needs to be taking a step back and conducting a more basic evaluation of the maturity of the organization’s risk assessment process.

Some types of environmental impact will be universal and significant no matter what your business activity. These include climate change and waste, which Audit International will dig a little deeper into later in the article. Others may apply to a much greater extent in certain industries, such as those in extractive industries (oil and mining for example) and heavy manufacturing (where there may be high levels of resource use – both raw materials as inputs and energy and water in the production process).

How internal audit can make an impact :
As with any aspect of audit planning, the greatest value internal audit can bring will depend on the major risks identified. But we can’t just consider the inherent risks, we need to understand what other sources of assurance are in place and, most importantly, what activities are contributing to both the risk and the assurance. Think about the following:

What do we know about environmental management processes that are in place? What is the scope of these systems and processes?
What reporting is in place? Are external reports assured? Which stakeholders use and rely on these reports?
Are environmental factors (risks and costs) incorporated into project evaluation and capital decisions?
A common factor across many environmental risks is availability and the quality of the data. Process and controls for environmental data are generally less mature and systems are not always equipped or configured to meet the complexities and nuances of this data. This is often a great opportunity for internal audit to add value, both by providing assurance over processes and systems, and by validating the data itself. Both leverage core internal audit skills.

We can also go further, confirming that reports meet whichever standards are being applied, that management reports or projects evaluations fairly, and that these completely reflect risks as well as opportunities. However, this may require more specialized knowledge.

Some examples :

Climate change
All organizations need a response to climate change, and so while the specific needs will differ, this is an issue increasingly relevant for everyone. How can internal audit add value? Let’s look at two potential opportunities:

Has the business considered the potential physical and transitional impacts of climate change? Best practice suggests this should be done using scenario analysis that includes a range of realistic scenarios. Physical vulnerabilities may result from gradual, long-term changes in climate (chronic risks), or short-term (acute) risks, such as storms and fires during heatwaves. These potentially impact the cost-of-capital, the availability and cost of insurance rates, and cause operational disruption. Transitional impacts include changes in legislation, markets, technology, and stakeholder expectations. Internal audit can review the process used to establish scenarios and determine the impacts and, more importantly, assess actions to improve resilience, mitigate risk, and maximize opportunities.

Many corporations are now publishing disclosures under TCFD (Task Force on Climate Related Disclosures). These are becoming mandatory in some countries and are an increasing expectation from investors. External assurance, if any, is usually very limited in scope. Internal audit can provide assurance over the processes to collate data and support assertions made in the disclosures. It can also audit the data and assess the evidence supporting those assertions. Other organizations may provide (voluntarily or by regulation) data on, for example, energy use or emissions. Again, internal audit can provide similar assurance over these processes or this data, as any external assurance will generally be limited.

Waste :
Waste is an issue for all organizations, although the specific impacts will be very different across businesses. As well as the environmental impact, businesses have a cost-incentive to reduce waste, as it is increasingly expensive to treat and dispose of. Internal audit can add value in a number of ways.

Here are some examples:

– Assess whether policies support the organization’s waste strategy. Are they specific to the business and relevant for the types and locations of waste produced? Do they take into account legislation and regulation in each jurisdiction? Are they effectively implemented, understood, and followed?
– Companies often report waste information, either in annual reports or to different public authorities. How is this validated? For example, how do we know that waste is recycled or reused? Are there controls to independently verify how the waste has been treated? In many countries, responsibility for safe disposal rests with the waste producer, not the waste contractor.

To summarize, we have described the importance of environmental risk to all organizations and have shown how internal audit can respond to some of those risks. Internal audit can use existing tools and skills to get started, and leverage widely available sources of knowledge to find out more.

Keep an eye out for our next blog, discussing the S in ESG, which of course stands for ‘Social’.
We will explore how internal audit can address important social risks.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have been following this news closely for the past few months and we are all interested to see what will unfold for the Big4 giant over the next few months and perhaps years. Just this week, the EY bosses have approved the radical split in largest shake-up of Big Four accountants in decades, with the Big4 Auditor planning to create ‘two distinct, multidisciplinary organizations’ amid regulatory pressure.

Bosses at EY have agreed to push ahead with a split of its audit and consulting arms in the biggest shake-up of a Big Four accounting giant in decades.

The firm said on Thursday that it will ballot its partners on a plan to separate the 312,000-strong business into “two distinct, multidisciplinary organizations” following a strategic review.

EY’s partners will vote on the proposal in the coming months, with the process set to conclude in early 2023, the firm said.

The voting rules will vary by country, but in the UK, the firm will require 75pc of its partners to back the plan if it is to be ratified.

Hywel Ball, EY’s UK chairman, said: “The needs of our clients, people and stakeholders are changing and I’m proud that we are reviewing the shape of our business in the UK and globally so that EY is well positioned to build on its success into the future.

“We believe the creation of two strong, independent businesses would help us to better meet the needs of our clients; create compelling careers for our people; and serve the public interest by providing greater choice in the market and a global response to regulatory concerns.”

The plan could see EY publicly list its advisory division or sell a partial stake in the 312,000-strong firm in a move that would result in bumper payouts for partners, similar to Goldman Sachs’ flotation in 1999 and Accenture’s in 2001.

However, Mr. Ball said no decisions have been made about how the split might occur.

EY is proposing the split amid severe pressure from regulators worldwide over concerns around conflicts of interest at the Big Four firms.

EY, Deloitte, KPMG and PwC have been heavily rebuked by regulators in the UK and US over a perceived lack of independence in their auditing divisions because of the fees they also earn from advisory work.

In the UK, the Big Four have already been forced to start ringfencing their audit and consulting arms in a bid to reduce conflicts of interest following major corporate collapses such as Carillion and BHS.

The Financial Reporting Council has given the firms a deadline of 2024 to operationally split their audit arms from the rest of their advisory businesses.

A decision on the split at EY has been held up for months due to disagreements over how billions of dollars of liabilities should be split and regulatory issues in certain countries, including China.

Earlier this week, it was revealed that senior staff at EY were seeking to defect to rival firms in a sign of growing internal strife over its proposed break-up.

KPMG and PwC are among firms that have seen a significant increase in the number of applications from senior managers, directors and even new partners at EY in recent months.

In July, EY held a briefing on the proposed split for its UK partners at the five-star Royal Lancaster hotel near Hyde Park in west London.

Mr. Ball said views expressed in that meeting showed that partners were “proud” that EY was the first Big Four firm to try and split, adding: “We’ll redefine the profession in the coming years.”

Deloitte, KPMG and PwC have said they have no plans to engineer a similar split of their advisory and audit arms.

Separately, Deloitte posted record revenues on the back of a boom in tech consulting last year.

The firm reported revenues of $59.3bn (£51.5bn), a jump of nearly 20pc on the previous year.

Whatever happens with the split, Audit International will be following this story very closely and bringing you the latest updates on it.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International recently came across a very interesting article, on improving Internal control systems, in the Wall Street Journal, and thought we’d share it with you.

Increasing business complexity and regulatory requirements are driving continual change to the risk environments for many organizations, and historical approaches to risk and controls may not be suited for the current atmosphere of digital transformation, persistent change, and uncertainty. As the business landscape continues to evolve, the risk of accounting and reporting misstatements rises, often due to the inability to respond to internal and external circumstances and adapt quickly to business changes.

Developing an internal controls framework with upgraded operating models, advanced technology integration, and new processes to monitor, implement, maintain, and optimize a risk and reporting structure can position an internal control program to stay ahead of risk and increase value. First, we will explore some of the internal and external factors driving challenges beyond traditional remediation and restatements in accounting and reporting, including considerations receiving attention from the SEC and AICPA. These critical change drivers, along with internal controls and automation opportunities, inform a new risk and controls framework empowered by more proactive and data-driven solutions.

External Factors Driving Remediation and Restatements

Remediation and restatement drivers include external challenges such as new accounting rules; the SEC and regulatory guidance; and environmental, social, and governance (ESG) reporting. Some of these external drivers were highlighted at the recent AICPA conference and featured prominently in recent SEC comments—including SEC reporting and rulemaking, ESG matters, auditor independence, and digital assets.1 2

Data quality and the importance of modernized reporting supported by new technology were prominent features at the AICPA conference, with an emphasis that organizations evaluate their standards, processes, and technologies to create accurate and easily accessible reports. In addition, responding to market demand for ESG information was a key theme throughout the conference and SEC comments. ESG is the universe of topics that reflect areas of performance management around the impacts and dependencies of the business on society and the environment. It is a dynamic and interactive process that will likely have far-reaching implications for an organization, and the overlap between sustainability and financial reporting is inherent. Still, given the scope and possible market share of ESG activities and resulting data volume, multiple possibilities of future regulatory requirements may cause uncertainty around developing a new reporting framework that can mitigate remediation and restatements and optimize the controls environment.

Internal Controls and Automation Opportunities

Understanding both the external and internal drivers to risk and reporting structures helps inform the structure of a new internal control program to be more resilient, efficient, and agile through a changing risk profile. In addition, developing the new program using a change framework that identifies what to monitor, implement, maintain, and optimize in the controls program implementation may further enable a more resilient and efficient framework.

In addition to the external challenges to remediation, addressing internal challenges and opportunities is also necessary when developing the new control program. Disruptions from new technology and digital transformation are potential examples of prevailing internal challenges that may lead to restatements and remediation. However, the digital transformation also enables opportunities with automation, enhanced analytics, artificial intelligence, and data-driven solutions for the evolving risk and controls landscape and reporting lifecycle.

Automation Opportunities Across the Reporting Lifecycle

Process automation—includes manual, repetitive, rules-based processes and enables transaction automation, dynamic data manipulation, and streamlined communication. Examples include report generation, data reconciliation, and trend tracking.
Shared services process automation—includes processes with multiple interactions across different systems that enable process synergies. Examples include payroll, onboarding, education and training, and IT functions such as infrastructure, directories, and file management.
Outsourcing process automation—can be built for outsourcing contracts using robotic process automation (RPA) solutions. Examples include reconciliations, claims processing, inventory processing, production support, and network monitoring.
Developing a New Internal Controls Program

This five-step guide to developing a new internal controls framework can be considered to help address the external and internal challenges and utilize automation and data-driven solutions to move a control program forward and reduce the chances of accounting and reporting remediation throughout the transformation.

Conduct dynamic risk assessment and scoping updates that are periodically refreshed to remain agile, identify fraud risk considerations, and create a communication plan.
Develop internal control program methodologies, update operating models, and ascertain control owners and operators, including areas to automate.
Introduce technology to help automate and monitor the control environment and obtain electronic evidence with data and analytics.
Establish automated control methodology, develop a digital testing approach to control automation, and evaluate and update protocols for data security and cybersecurity.
Lead with the process, data, and user experience, all enabled by advanced analytics, data visuals, automation, and intelligent technology integrated within the framework.
Potential Benefits of an Updated Control Framework

Using remediation and restatement drivers to create a modernized controls framework may offer benefits beyond mitigation of risks in controls reporting. Developing a framework for a changing risk profile built on a foundation of new technology elevates the quality of reporting by increasing transparency and visibility into business processes with meaningful insights into managing risks. These deeper insights allow the function to refocus efforts and move away from point-in-time solutions to address issues continuously with more transparent monitoring and visualization capabilities.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The role of an IT Auditor within an organisation is to maintain the security of the company’s IT systems, ensuring they are efficient and cost effective. They must maintain the firm’s internal controls, records and data as well as to help organisations operate within the law to guarantee they’re not in breach of compliance and regulatory standards.

When it comes to the types of questions an individual can expect upon applying for IT Audit jobs, Audit International got the inside scoop when they sat down with a Company Director, to get his insights on what candidates can expect.

The likelihood is that the interviewer will start with questions aimed at getting a good sense of a candidate’s technical background. Questions around certain controls within a tech environment, networks, routers and so on.

The purpose of these questions is to get a sense of a candidate’s technical background, as well as their understanding around IT governance, IT general controls and IT risk management. This is your chance to demonstrate the way you evaluate IT and your examination of it in relation to IT risk and IT control frameworks.

Other questions will be focused on drawing out whether a candidate is right for the role in question as there are so many different specialisations within IT Audit, including cyber security, IT General Controls and applications, infrastructure or data. So, the interviewer is hoping to see where a candidate fits best within the business as well as getting an idea of the types of technologies they’ve had exposure to. This could be directed at the different types of environments you’ve had experience with, such as Linux and UNIX or it could be broader in terms of the networks and databases you’ve worked on.

In this day and age employers are definitely looking for individuals who are more technically competent and SME specialised rather than being IT generalists.

The next thing interviewers will want to assess is a candidate’s soft skills, as well as their ability to cast a helicopter view across the business as a whole, which could prompt more situational questions:

How do you face off to senior executives?
How do you deal with stressful situations?
What is your tactic for delivering negative feedback to the business or to a colleague?
If you encounter a difficult stakeholder, how would you go in and manage their expectations?

You will also be asked questions regarding your communication skills, specifically when it comes to relaying information to non-IT people. They want to see that you’re comfortable breaking down the technicalities of IT into layman’s terms in order to make it accessible to those non-technical people both at board level and elsewhere in the business.

Tell us about a project you’ve worked on.

A lot of IT Audit shops will run audits as projects which may lead to questions around specific ones you’ve worked on and other questions around project management.

Tell me about a technical problem you’ve encountered.

This is your opportunity to talk about an issue you’ve gone in to evaluate and how you’ve interacted with a non-IT user, built that relationship in order to identify the problem and worked with them to resolve it.

Moving on from soft skills, the interviewer will likely want to broach a candidate’s awareness of risk and controls. The line of questioning may be centred on databases for instance:

What types of controls would you be looking for?
Where do you think the weaknesses might be? What about areas of resilience?
Are there any security or compliance issues based on that?

Candidates really need to show how well they can evaluate these issues. It’s about providing enough detail so that you cover all the relevant points an employer would be looking for, while also contextualising your answers within the broader scope of the business’s needs. You need to show industry awareness beyond your technical qualifications.

Why do you want to work in IT Audit?

Some candidates may be coming from the Big Four, which is a fairly classical move into IT Audit, though of course other people will be coming from different backgrounds and disciplines, so the interviewer is going to want to understand the motivation behind your chosen career.

IT Audit is different to business audit, for the latter you need to be an SME in a particular area. If you’ve been working in manufacturing for 10 years, it would be very difficult for you to move into banking audits for instance. However, as an IT auditor perhaps within the cyber security space conducting third party assessments looking at cloud security and so on, though that is a very specialist area, you would have an easier transition between industries. Overall, the important thing an interviewer will be looking for is valid and researched reasons for wanting to work in that industry.

What is your perception of IT Audit, specifically with regards to this business?

This is where you can demonstrate that you’ve done your homework on the company and explain how you see the role of IT Audit and its subsequent benefit to the business. This can also lead onto a discussion around where you see your career in IT Audit progressing, whether that’s moving up the ladder of IT Audit itself or using it as a platform to move into another area of the business.

Where do you see your career going in the next 3-5 years?

The interviewer doesn’t expect you to know exactly where your career is going to go, but they do want to understand your ambition. Having a clear vision for your own professional development is reassuring for your potential employer and certainly helps them better place you within the business and collaborate in order to create value both for your personal progression and for the business itself.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

If the last few years have shown us here at Audit International anything, it’s that we must be ready for the unexpected. From the disruptions of the global pandemic to soaring inflation, from political scandals to a war of aggression in Ukraine—life as we know it is changing.

The public sector doesn’t exist in a vacuum. Global events have a direct effect on national public services, and uncertainty causes disruption. The public sector must adapt to these changes if it is to continue delivering essential services for the taxpayer. Long-term funding challenges, climate change, and changing demographics also add to the pressures the global public sector is facing, and with technology changing the way we work, how does the role of internal audit fit into this complex web of demands and transformations?

As organizations react to these external changes, their assurance needs will inevitably change too. If internal audit is to stay relevant, it needs to keep pace with the changing demands of the organization.
To get a better understanding of how to improve the impact of internal audit and unlock its full potential, Chartered Institute of Public Finance and Accountancy (CIPFA) asked over 800 internal audit professionals and clients from across the United Kingdom for their experiences and views.

Their research revealed that 93 percent of the internal audit leaders who responded strongly agreed that internal audit supports the management of the organization, while 88 percent of managers who responded felt the same. Although there is some disparity between the two figures, they show that managers and heads of internal audit broadly agree that internal audit contributes to effective organizational management. Despite these promising statistics, when asked questions about the specific areas where internal audit is making an impact, there was significant disagreement.

Divergent Views
The CIPFA found that heads of internal audit and their clients, the management of organizations, often had substantially different views on what internal audit currently delivers to the organization. For example, 73 percent of heads of internal audit believe that they act as an independent critical friend on committees or steering groups, with just 43 percent of management agreeing with this. More worrisome, only 35 percent of audit committee members thought that internal audit provided this role. Ninety-one per cent of internal audit leaders said they provide advice on new systems and developments, but only 62 percent of managers agreed. This disparity is common across a range of different services and roles provided by internal audit, with clients consistently believing internal audit’s input is significantly less than what the heads of internal audit believe.

This shows that heads of internal audit need to be more vocal about the work their teams are actually doing for the organization. They need to become advocates for internal audit and promote the work of their teams, while clearly explaining to management how vital internal audit is and how it can help the organization reach its goals. Only then will the input of audit teams be fully understood and appreciated by clients, managers, and audit committees.
The more management understands the role of internal audit, the more expectations they will have of it. Higher expectations mean that internal audit becomes more intrinsically valuable and more relevant to an organization, ensuring its important role in the future.

Three Areas of Focus
-More strategic coverage can also help internal audit transform and adapt for an uncertain future. We asked respondents to identify three key areas that internal audit should focus on in the future to have the greatest impact on an organization.
-Cybersecurity was the top priority, with just under 60 percent of respondents wanting internal audit to focus on this key strategic area in the next three years. Just over 50 percent identified digitization and data use within organizations as the next most important area, while 47 percent thought that climate change and sustainability would be important areas of focus for internal audit professionals in the next three years.
-The area of internal financial risk, which internal audit has traditionally provided assurance in, such as payroll and income, are generally already well managed with little exposure to risk. So, does internal audit still have a role to play in mitigating financial risk? About one-third (35 percent) of respondents said they thought financial viability was a key area for the future. This includes more strategic areas such as financial resilience and medium- and long-term financial strategies—both of which carry considerable risk to the organization. Without seeking to influence the financial policies themselves, internal audit can provide vital independent assurance to decision makers to allow them to take on more risk and be more ambitious.

If internal audit takes a more strategic role in emerging issues and provides assurance not just around internal financial risk, then it can position itself as a trusted partner to the organization. In the coming years, it will be vital for audit professionals to keep up with the changing demands of clients, and the world around us, if internal audit is to stay relevant.

– The Skills Gap
Continual life-long learning is also essential if internal audit is to stay on the front foot. It is this up-skilling that will help auditors keep pace with emerging organizational demands, like cloud computing and cyber security. Out of the heads of internal auditors who responded to our survey, 55 percent agreed that they had sufficient skills and experience to meet the needs of the organization. This is broadly similar to the number of senior managers who agreed that their internal audit teams had the skills needed. There is still room for improvement in this area.
In its 2020 report on the future of jobs, the World Economic Forum identified some key technologies that companies thought would most likely be adopted by 2025. Cloud computing, big data analysis, artificial intelligence, and cybersecurity all came out on top. These represent growth areas for internal audit and where internal audit professionals will have to upskill to provide maximum value to the organization.

Internal auditors cannot be subject matter experts in all these areas, of course, and some aspects will have to be outsourced to specialized firms. Internal auditors can, however, oversee the organization’s direction and approach to these key strategic areas, provide independent assurance and act as a critical friend where necessary. Having good communication, critical and analytical reasoning skills, financial literacy, as well as risk-based auditing skills will help internal auditors tackle these complex subject areas.
Internal audit can have a bright future. Although the world is in a particularly uncertain phase, and organizations’ assurance requirements are rapidly changing to reflect this, internal audit can still make a significant impact and provide a valuable service. But to do this, it must also adapt.
Embracing New Challenges

To stay still is to move backwards when the pace of change is so considerable. Internal audit’s future lies in embracing new challenges such as cybersecurity, financial viability, climate change, artificial intelligence and big data. It can provide organizations with the assurance they so badly need around these issues – allowing them to embrace new technologies and ambitious strategies. To do this, internal auditors need access to learning and development to equip them with appropriate skills to find solutions to these complex issues.

All of this, however, will not lead to the wanted outcomes if heads of internal audit do not advocate and promote the work of their teams within organizations. They must make sure management and clients understand their assurance needs and how internal audit teams support organizations to reach their goals.
Good public financial management is at the core of delivering value for money and improving public services. A much broader, more diverse, and louder internal audit function can reinforce and support good financial management, both now and well into the future.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The podcast has rapidly become the go-to media for anyone and everyone seeking thought leadership, guidance, advice, or entertainment, especially in a particular niche with particular audience demands.
While far from a flash-in-the-pan trend, podcasts are tapping into what makes radio so timeless – they are familiar, routine, mobile-based and mostly non-committal (compared to TV shows), increasingly well-produced and incredibly varied in content provision and direction.
The state of podcasting in 2022
Podcasting is a rapidly growing, and increasingly lucrative, creative medium for creators and advertisers:
• “In 2021, there (were) 850,000 active podcasts, with over 48 million total episodes”.
• “Each week, more Americans listen to podcasts than have Netflix accounts”.
• “Podcast ad revenue is expected to grow to $1.33 billion in 2022”.

It’s also worth noting why people listen to podcasts, and this is where podcasting really comes into its own:
• “74% of all listeners tune in to learn new things. Other common reasons include entertainment (71%), staying up-to-date with the latest topics (60%), and relaxing (51%)”.
So rather than escaping into stories (which is increasingly the reason why audiobooks are on the rise), or listening to light-hearted comedy to relax at the end of the day (comedy still stands as the most popular podcast genre), learning is the primary reason why people listen to podcasts.

Finance podcasting and the future of the medium
The Finance sector has had a proliferation of podcasts erupt over the few years – content is varied, informative and incredibly useful, and the nature of podcasting means creators can approach the topic of “finance” from a variety of angles; from money management to investment advice, industry news to crypto-tips.

The team at Audit International are real fans of a podcast, so below are our top 10 finance podcasts we absolutely urge anyone in the industry to listen to!

• Invest like the Best
“Exploring the ideas, methods, and stories of people that will help you better invest your time and money”.
A popular and varied podcast covering everything from design investment products to interviews with leading financiers, start-up accelerators and figures within finance, investment and money management.

• Inside the Strategy Room
“We talk with McKinsey partners and corporate executives on the challenges they face creating lasting strategies in a fast-changing world. We also examine the different ways these executives approach these challenges and the new and innovative ways they think of creating a vision for their enterprises”.
While more strategic in approach, this McKinsey-sponsored podcast covers business and finance leadership via CEO interviews and thought leadership.

• We Study Billionaires
“We interview and study famous financial billionaires including Warren Buffett, Ray Dalio, and Howard Marks, and teach you what we learn and how you can apply their investment strategies in the stock market”.
With over 85 million downloads, this is a huge podcast for obvious reasons – an easy audio mind-tap into the richest and most successful finance people in the world.

• So Money with Farnoosh Torabi
“So Money brings inspiring money strategies and stories straight from today’s financial leaders, bestselling authors and entrepreneurs”.
One of the top-rated US finance podcasts in the podcast ecosphere, covering everything from childcare affordability to investing in a bear market.

• Money For the Rest of Us
“A personal finance and investing podcast on money, how it works, how to invest it and how to live without worrying about it”.
From debunking what money means to advice on money management and views on global investment vehicles, a great and varied finance podcast.

• Women & Money
“Take a priceless journey into your life and the life of your money with the most recognised personal finance expert in the world today”.
Suze Orman is one of the world’s most recognisable personal finance gurus, and her podcast covers everything from bond management to thought leadership on wealth creation.

• Optimal Finance Daily
“Why bother searching for the best blogs about personal finance when they can be found and read for you?”.
1900 10-minute quick-fire episodes on personal finance, covering how to get insurance to living more frugally and lifestyle changes to being better with money.

• CNBC’s “Fast Money”
“Hosted by Melissa Lee and a roundtable of top traders, “Fast Money” breaks through the noise of the day, to deliver the actionable news that matters most to investors”.
Global finance news from one of the most well-respected finance news desks in the USA. Actionable intel, up-to-date news and reporting on leading finance leadership.

• Count Me In®
“IMA® (Institute of Management Accountants) brings you the latest perspectives and learnings on all things affecting the accounting and finance world, as told by the experts working in the field and the thought leaders shaping the profession”.
A detailed and investigative look at the mechanisations and movements of finance, as told by experts and relayed by leaders in the field.

• The Better Finance Podcast
“The EY Better Finance Podcast explores the changing dynamics of the business world and what it means for finance leaders of today and tomorrow”.
From ESG reporting within finance to data analytics and more, the EY Better Finance podcast is one of the most up-and-coming popular podcasts within the finance sector.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”