Posts Tagged “auditors”
Transit systems. Healthcare facilities. Financial services firms. What do they all have in common? Organizations within these sectors — and essentially all industries, for that matter — have been hit by ransomware, a type of malware where cybercriminals demand a ransom payment to unlock access to your private and confidential systems and files.
While many cybersecurity risks exist, ransomware is often one of the more pressing challenges. Not only can it bring operations to a screeching halt, but it can also cause issues like data leaks and reputational damage. A global survey by cybersecurity software company Sophos finds that 66% of surveyed organizations suffered ransomware attacks in 2021. “It took on average one month to recover from the damage and disruption,” Sophos adds.
Given the severity of ransomware risk, internal auditors should aim to help their organizations reduce these threats, along with overall cybersecurity risks. How? As Audit International will examine in this article, internal audit departments can take steps such as conducting IT/cybersecurity audits and using technology like internal audit management software to improve internal controls and collaboration.
Review IT practices and controls :
Even though internal auditors generally aren’t responsible for choosing cybersecurity software and establishing employee training to recognize ransomware risks, they can still provide assurance over IT practices and controls, such as with an IT audit.
When IT teams conduct phishing tests to see whether employees are tricked by email scams that can cause ransomware issues, internal auditors are then able to review those results and ensure that the organization is meeting a sufficient standard to prevent social engineering. If the results demonstrate gaps in employee preparedness on ransomware risk or other cybersecurity risks, then internal auditors would likely want to communicate that risk to other stakeholders, like boards and senior management.
Internal audit leaders might also review remote work policies to ensure that IT teams are appropriately managing these with ransomware risk in mind, rather than just focusing on the functionality of work-from-home environments. While internal auditors often rely on guidance from IT leaders, they can still audit areas like access logs to ensure that only approved devices, with the appropriate threat intelligence and data protection technologies, are connecting to their networks.
Align key stakeholders :
Improving ransomware protection also means internal auditors need to align key stakeholders, rather than just collaborating with IT. That means pulling together information from multiple departments to make sure everyone’s on the same page.
Internal auditors should check with finance teams to see how they’re accounting for the potential costs of a ransomware attack, and then ensure that other key stakeholders, like boards and senior management, understand and agree with this approach. Otherwise, issues like not having a sufficient budget to recover from a ransomware attack may arise.
“Regardless of their size or revenue, organizations should assume they will be targeted with ransomware, and they should examine their prevention, detection, mitigation, response, and recovery measures,” notes Zachary Ginsburg, research director for the Gartner Audit and Risk practice, in a Gartner press release.
Leverage internal audit management software :
Internal auditors can mitigate ransomware risk by leveraging internal audit management software. Many technologies are designed to assist with cybersecurity risk management, but from an audit perspective, internal audit management software is important for gaining assurance.
Overall, internal audit teams have an opportunity to make a significant impact when it comes to ransomware risk management. Planning ahead and focusing on internal alignment can go a long way toward reducing ransomware attacks and other cybersecurity risks.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Internal audit functions need to be adaptable, technologically savvy, and future-focused.
This week Audit International are taking a look at how we can ensure the future of Internal Audit.
As COVID-19 spread across the world, it changed the entire landscape of life on both personal and professional levels. The changes it brought about have lingered and become the new normal, not only for the past three years but for the future.
While most organizations have implemented new short-term priorities to combat its effects, the internal audit function also needs to become future-oriented. As it supports operational effectiveness in an increasingly dynamic risk landscape, internal audit must consider the pandemic’s long-term impacts — with new risks arising from remote work and other pandemic changes, and old risks such as cybersecurity becoming an essential priority rather than simply a buzzword on the risk register.
While internal auditing’s focus on assurance of business process risks and controls remains an integral part of its role, the profession needs to be equally agile and adaptable as risks multiply and evolve — just like the Covid-19 virus.
The following actions are but a part of the changes and evolution that internal audit functions and leaders need to undertake, but they are a good start.
1. Identify changing work environments and tailor the internal audit approach to deliver value within them. Starting with the basics, notions such as segregation of duties and asset safeguards need to be revaluated for their suitability to the new work environments. The nature of work processes, especially under a remote work environment, or even an office-based environment that is increasingly reliant on digital collaboration tools, is fundamentally changing. Physical oversight and simple written signature approvals as controls will no longer be effective (and let’s be realistic, they are severely outdated and time consuming). Audits and auditors will need to employ a much higher level of rigor and detail in their reviews. Information technology applications need to be a basic skill for the traditional auditor, not a unique skillset of the sole IT auditor on the team, and information security risks need to be considered in absolutely every audit and process, not just IT audits.
2. Leverage emerging audit technologies. With auditors being involved in virtually every function of the business, and with every function in the business being interconnected through digital collaboration tools, the audit function, which is also a part of the organization (a fact that is often forgotten), also needs to be part of the organization’s digital ecosystem. Audit cannot preach digitization and evolution of the organization while remaining stagnant in paper trails by their own rights. Leveraging the increased access to data all over the company, and utilizing the many advanced data analytics functions embedded with them should be a basic tenant of the audit function. This is a blessing in disguise, as while initially implementing it might be a change and a challenge, it will allow audit functions to increase sample sizes, or even test whole populations, allowing the audit function to provide management with an unprecedented level of assurance (but let’s remember to stay within the realm of reasonable assurance as audits are not infallible).
3. Adopt an agile audit approach. It truly is a nice notion to be able to audit everything all the time. Time constraints are one of the biggest challenges to the audit function in providing coverage across the organization and balancing costs and benefits. With speed of doing business increasing at an exponential base, the speed of the audit function needs to evolve to keep pace. However, it is important to remember that this speed needs to be balanced with the rigor expected of the audit function. Luckily, the increasing use of technology also enables audit to be almost ever-present. Continuous audit programs and integrated red flags within information technology systems allow audit work to be more present rather than historically focused, largely enhancing the value auditors can contribute to their organization. Agile methodologies are not about employing traditional audit methods and producing “half baked” audit results; they are about leveraging emerging technologies such as automation and artificial intelligence within data systems to enhance operations and maximize shareholder wealth.
While this is by no means a comprehensive list, an audit function that is adaptable, technologically savvy, and present- and future-focused is definitely on the right track, steering ahead to the future. These tenants are the some of the essential foundations of the future of internal audit.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Internal auditors have a strong desire to know more about emerging technologies and improve the way they use technology to perform their duties, according to a new survey.
The survey included more than 600 internal auditors by global consulting firm Protiviti.
Mobile applications and social media are among the top areas of technical knowledge that internal auditors most need to improve, according to the global survey.
Computer-assisted audit tools and data analysis tools top the list of audit process knowledge internal auditors crave the most.
“Internal audit professionals’ plates are more than full as they strive to protect their companies from exposure to risk while assessing new technologies and learning new regulatory requirements and professional standards,” Brian Christensen, CPA, Protiviti’s executive vice president for global internal audit, said in a news release.
Continue reading »
The new audit reforms have been passed in the European parliament on Thursday last. The European politicians voted in favor of the reforms that will see large-listed companies putting their audit contracts out to tender once every 10 years.
Under the new rules listed companies are required to change their auditors every ten years. A company may be eligible to get this period extended by a further ten years if tenders are carried out, and by 14 years if the company appoints more than one firm to carry out the audit. There is also a 70% cap on fees from non-audit work.
Continue reading »
The RSA Insurance Group is to put a cap on the amount of non-audit fees that their auditors can earn. The capped amount will be 25% of the total audit fee.
KPMG which are the company’s current auditors earned a total of £7.2m in 2013, of which £2.2m was for non-audit services. Some £1.3m of those non-audit services related to the identification of financial and claims irregularities in RSA’s Ireland division.
Previous to the appointment of KPMG as auditors, rival Big4 firm Deloitte was the company’s auditors. In 2012 Deloitte earned &15.7m, of which £9.5m related to non-audit services.
Continue reading »
PWC has been appointed as the new auditors of Vodafone after Britain’s second-largest listed company replaced its auditor for the first time since listing on the stock market.
The Big 4 firm has replaced rival Deloitte. Deloitte had audited Vodafone’s accounts for the past 26 years, and was paid £8m in audit fees by Vodafone in 2013, plus £1m in audit-related fees and £400,000 in non-audit fees.
Vodafone put their audit contract out to tender earlier this year for the first time in 26 years. Read more in our previous blog Big 4 firm may lose major Vodafone audit contract
Continue reading »
Big 4 firm PWC has won the audit contract for Electrocomponents, replacing rival Big 4 firm KPMG as auditors. Electrocomponents are a FTSE 250 distributor of electronics and maintenance products.
PWC’s appointment as auditors is still subject to approval by the shareholders at the company’s Annual General Meeting this year.
Electrocomponents intends appointing PwC as group auditor for the year ending 31 March 2015. KPMG will continue in the role and will undertake the audit of the group’s consolidated accounts for the current financial year.
Continue reading »
PWC has won the audit contract for British Land. The big 4 firm replaced rival Deloitte who have held the contract for over ten years. PWC’s appointment is subject to shareholder approval at British Land’s AGM later this year.
According to British Land’s accounts in 2013 Deloitte earned £500,000 in audit fees and £300,000 in non-audit fees.
British Land is the latest in the growing number of large listed companies changing their long term auditors in order to comply with new rules.
Continue reading »
Big 4 firm KPMG has kept its £9m audit of Standard Chartered. Standard Chartered put the audit contract out to tender in August last year and it was expected that KPMG, who have been the banks auditor for 40 years, would lose the audit.
The bank is expected to confirm KPMG’s reappointment in its annual report in the spring.
The bank is undergoing major restructuring which will see its wholesale and consumer banking divisions combined. Also it has been announced that the banks finance director Richard Meddings will be stepping down at the end of June this year.
Continue reading »
In the last few months Deloitte has won many major audits but they may face losing the Vodafone audit contract. Vodafone has put its audit out to tender for the first time in 26 years. Vodafone has not changed auditors since it was listed on the stock market.
Deloitte was paid £8m in audit fees by Vodafone in 2013, plus £1m in audit-related fees and £400,000 in non-audit fees.
Vodafone is considering replacing Deloitte as its auditor following a Competition Commission report that suggested companies should tender their audit every ten years. Also the move comes as European and UK policymakers are implementing new rules intended to open up the large-listed audit market to greater competition.
Continue reading »
