Posts Tagged “careers in audit”
A new focus for Audit International and our clients is ESG. But there is one thing all of us are perhaps not considering as much : ESG’s impact on the workplace.
Environmental, Social, and Governance (ESG) factors are changing how companies conduct business in many ways, including:
– New ESG or climate-related disclosure regulations to comply with, especially in Europe.
– The need to effectively identify and manage ESG risks (including compliance, financial, and reputational risks), and integrate them within the existing enterprise risk management framework.
– Bringing a host of environmental and social metrics at par with financial information, especially with regards to data quality. There is a growing need for investor-grade ESG data.
– Ensuring that ESG factors give you a competitive edge in attracting investors, customers, and talent.
But there’s another change brought by ESG that’s not getting enough attention: The effects on workplace interactions.
– Firms that ‘get ESG right’ understand that ESG isn’t the responsibility of only one person. You can’t simply appoint a Vice-President or Director of ESG, or just place ESG under the Chief Financial Officer or Chief Sustainability Officer.
– Also, different departments can no longer work in their own little world with occasional collaborative efforts across functions. The important changes brought by ESG will also bring fundamental changes to the workplace.
The ESG team :
ESG is a team sport. People from different departments will have to work together as part of a single team.
You may be in Finance, Legal, Risk, HR, EHS, Sustainability, Operations, IT, or Procurement, but now, in addition to your regular teams and colleagues, you will also be part of the ESG team.
And your company’s ESG team will play a critical role because strong ESG performance drives corporate performance.
This represents a significant shift because suddenly key employees will have to align with a new set of stakeholders. They will have to work together with colleagues they might not have worked with before, or even knew. Here’s a sample of the types of interactions to expect:
EHS will have to provide key metrics to Finance for combined financial and ESG (or non-financial) reports.
EHS will also have to show to Finance and auditors (internal or external) how they provide limited or reasonable assurance on the data.
Procurement will seek guidance from EHS and the Sustainability team on how to capture greenhouse gas emissions data to calculate Scope 3 emissions.
HR will be asked to provide more tangible metrics on DEIB to Finance for inclusion in the combined financial/ESG report.
Did you bring together key stakeholders across departments as part of your ESG strategy?
Have you recruited members of your ESG team yet? If this is a topic you are actively hiring for, then please get in touch with us here at Audit International to assist you with any hiring needs you may have.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Audit International now bring you the second part in this three part series – Having introduced the initial concepts of what is involved with auditing organizational culture in the first article of this three-part series, we now can begin the process of drilling down and more closely examining the first five of the top ten tips to conduct a culture audit.
Identify your cultural levers:
The first step to successfully conducting a cultural audit is to identify the daily management activities that occur throughout the organization – your cultural levers. These levers look to align the culture we desire with the day-to-day activities of everyone in the organization. If we understand what leaders focus on to deliver this alignment, then we have a starting point for identifying what to test to provide our opinion on the effectiveness of culture.
Cultural levers often vary from organization to organization, so you need to work with management to identify what is influencing behavior within your specific organization. However, there are areas that I would expect to see. Published value statements are significant and an indication of what should be happening. Leadership is also significant, not just at the top but cascading throughout the organization at all levels. In this context, the organization’s approach to people management is vital with the impact this has on encouraging the behaviors that are needed for success. However, culture goes much deeper and is present in the management of other resources, including areas such as customer engagement, complaints handling, supplier management, corporate responsibility, risk management structures and profile, and internal and external communication.
This may appear daunting, but a well-organized approach to assessing each lever can quickly identify areas that are not truly aligned with the espoused values; a clear indicator that desired culture is not operating as expected.
The next four tips examine these cultural levers more closely to illustrate what they mean and to help inform you about the questions you might want to consider testing in order to arrive at an opinion on the organization’s culture.
Reputation:
Employees watch what leaders and key individuals in organizations do and how they operate. They see the dissonance between what the organization is saying, both in its external and internal communication, and their lived experience of working there. Assessing whether there is alignment is a key aspect of any audit of culture. This is even more important given the increased focus over recent times on aspects of corporate and social responsibility and the push for Environmental, Social, and Governance (ESG) activity from investors. Acquisitions of ‘greenwashing’ in your communications can be hugely damaging. This means that it is important to pay attention to external reputation and its alignment with internal messaging and should be considered across all social media.
Leadership:
The third tip is all about the examination of leadership’s role in owning and managing the culture in the organization. In internal audit, we need to examine whether this is occurring both at design and operational effectiveness levels. We are there to check that the activities of leaders are aligned with the espoused values and are supporting the delivery of the business strategy. In our audit work we should be looking for a consistency of message and actual managerial behavior. Leaders play a pivotal role in managing the business such that there is consistency across activities and that they work toward delivering the required culture for success. To do this practically, we need to build audit programs that look for evidence of areas such as misalignment in leadership actions and customer-centric examples that manifest in the practical activities of front-line colleagues. Leadership should be able to clearly demonstrate actions that they have conducted that help move the organization closer to accurately living the culture and evidence-measurement activity that supports this.
In this context, during an audit, I would expect leaders to be able to articulate how they ensure the culture is embedded through their team’s day-to-day activities, including examples of how they role model the culture in their own activities and interactions. Interviews will form a significant part of assessing these. However, data analytics can also be used to examine areas such as communications from leaders over a period of time looking for references to culture.
Simply put, what you are looking to establish here is whether the fine words on a page have a living connection with reality and link through to a real impact on the delivery of the organization’s strategy.
People management:
This leads us to the next cultural lever – people management. The key here, as with all aspects of cultural audit, is alignment. Across the entire employee lifecycle the behaviors we need to exhibit for the business to be a success need to be front and center. This starts with the employment brand, which should signal to potential recruits what the organization’s values are and includes the testing of new recruits against this. Objectives need to be set not only about what is needed to be delivered in terms of financial results, for example, but also how these results will be achieved.
Performance management needs to be expertly conducted to explore the colleague’s contribution to delivering organizational success in the way we want it delivered. This should be a continual process and include ongoing dialogue, not just an annual form-filling event. Promotion decisions should clearly consider this aspect and signal to all colleagues how behaving in the right way counts for personal success.
In developing your audit program, you need to consider all aspects of the employee lifecycle: attraction, reward, management, development, and exiting colleagues. In reviewing all these aspects, you need to be cognizant as to where the controls are operated. In most organizations, while the Human Resources function is likely to have a key role in the design of many of the practices mentioned, the management of the risk and operation of the controls largely sits within the business units of the organization. That is the place you need to be testing reality, not just within the HR function.
Identify key processes and assess alignment:
Next, we move on to two heavily connected cultural levers: process and change. When reviewing your organization, a key step is to identify the processes that are critical to the management of the organization’s culture. From this, you can review whether their operation is consistent with the outlined culture. In this case, we mean the culture promoted not only to your employees but outside your organization through your brand and external image to customers and other important stakeholders.
Employees, in their scanning of the organizational environment, will spot processes that do not sit well with declared ideal behaviors and values, where potentially the organization is looking to put short-term gain before longer-term goals. If these exist, it sends a huge signal to customers and colleagues that leadership does not really mean what they say. Included in these key processes are likely to be many of the internal processes around people and supplier management, but, most significantly, processes around how you deal with customers and how you respond to their feedback and complaints.
Alongside this, consideration needs to be given to how the organization’s change programs identify how changes they are looking to enact to systems and processes promote the desired culture. Change programs are a key touch point where the organization can ensure that the culture is being reflected in operating practices. However, they can also be a point of risk. Delivering efficiencies, while at the same time undermining the desired culture, can create problems that are hugely difficult to unpack.
Next up, in the third and final installment of this article series, Audit International finish identifying and discussing the remaining top ten tips to audit culture and conclude the journey that set out to help you deliver cultural insights within your organization. We hope you’ll stick with us.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
In this final article of the series, Audit International focus on the third element of ESG- Governance risk. This differs from the first two elements – Environmental and Social – in that several governance risks have long been recognized and included in our audit plans. However, many more have recently gained prominence. Therefore, it is important that internal audit understands these risks and is well positioned to provide assurance.
Governance risks :
Some governance risks are broad in nature. Others, are very narrow. Some have little in terms of universal benchmarks, while others have well-established frameworks or regulations. Here are some of the main risks that should be considered:
– Shareholder rights and engagement – are there any limitations on certain classes of shareholders, and does the business engage effectively on important issues?
– Board structure and diversity – are there independent directors, and does the board have sufficient diversity of experience, style, and background? Increasingly, neurodiversity is a consideration, and in some countries a workers’ representative is a requirement.
– Executive compensation – is this structured to be in line with corporate objectives, and is it consistent with peers in comparison to the wages of other staff?
– Anti-bribery and corruption – many countries have a comprehensive legal framework.
– Tax transparency and policy – what is the organization’s approach to tax, and particularly the jurisdictions it operates and pays taxes in?
– Ethics and culture – a broad topic, ethics encompass all the above and more. Culture has become a hot topic over the past 15 years with the link between a strong organization-wide culture and performance becoming increasingly apparent.
– Data protection – often also included as a social risk, good information governance is relevant here as well.
– Typical impacts for the organization will be reputational, legal and regulatory, people, financial, and ultimately strategic.
Getting started – Determining the key risks :
Compared with environmental and social risk, it is much more difficult to take a holistic approach to governance risk, given the breadth of topics. However, it is likely that many activities and risks are already in your audit universe. A governance code may have been adopted by your organization, although these may only cover some of the issues described above. Understanding the relevant governance code(s) –mandatory or optional – is a good starting point. This will depend on jurisdiction(s), market listings, regulators, and industry practices. Governance codes can be principle-based or more prescriptive, and will typically define some or all of the following, often on a “comply or explain” basis:
– Clarity of purpose
– Leadership
– Integrity
– Board composition and division of responsibilities
– Board effectiveness
– Decision making
– Risk management, internal controls, and audit
– Accountability, transparency, and reporting remuneration
In understanding governance risks, you should also take into account what specific legal or regulatory requirements there are around any of these issues. This may include reporting requirements around diversity or executive pay or matters which must regularly be reported and considered by the board. Also, consider what other stakeholder expectations are relevant. This is likely to focus on investors, as they have been increasingly vocal and prepared to vote against boards that do not adequately address specific issues.
With this background information, along with your consideration of the issues highlighted earlier in this article, you can ensure your risk assessment incorporates relevant governance risks.
How internal audit can make an impact :
As always, we should leverage work done by the first and second lines in considering where we can make the biggest impact. We should consider our risk assessment alongside any new information we have about regulatory changes, emerging issues in our sector, or jurisdictions, and investor interest.
Some Examples :
– Governance framework
– Governance codes were mentioned earlier in this article. Whether your organization has adopted a code in full or developed its own framework, it will need to produce a regular (typically, annual) report of compliance with the code. Assessing the processes supporting this reporting is often a good way to execute broad audit coverage of governance risks. Such reports are expected by regulators, provide assurance to the board, and are sometimes published (at least in part in the annual report). – Therefore, it is important that they give an accurate picture.
Reports may take many forms and will often include qualitative assertions and specific data or examples. It is important that any data reported is accurate, but equally as important that narrative assertions or examples are supported by evidence. Internal audit can provide assurance over the processes to collate this evidence, ensuring it is complete and accurate and that the right oversight controls are in place. We can also review the report and verify that the conclusions reached fairly reflect the evidence available. Generally, we take a combined approach to provide comprehensive and broad assurance.
Board composition :
Board composition has been under the spotlight, and while practices have improved there is often still a lack of transparency in recruitment, objective evaluation, and diversity. This is a sensitive audit which needs to be conducted by experienced auditors. When done well, it provides real insight and impact.
It is important not to make this about the individuals currently serving on a board, but about the effectiveness of processes around recruitment, structure, skills-determination, and performance evaluation. Consider some or all of the following:
Is there an evaluation of the skills required on the board and an up-to-date skills matrix? Is this specific enough to ensure the board members possess the right range of skills and experience but sufficiently flexible to attract a diverse pool of candidates?
Do recruitment processes include defining an ideal candidate profile, pre-determined selection criteria, and stakeholder involvement in the exercise? Are candidates sourced in a way that ensures a wide pool of candidates, recognizing that there may be a need for confidentiality?
How are conflicts of interest identified and managed?
What are the rotation policies/term limits for non-executive board members?
How is board performance evaluated? Is there a self-assessment process and a periodic independent assessment?
Is there a training plan for the board and individual board members? Is there an individual appraisal process?
Does the committee structure support effective delegation but ensure the board maintains its responsibility for strategy and oversight?
How effective is the relationship between executives and non-executives? Does the structure facilitate both support and challenge?
Is there an effective process for succession planning?
Do boards allow time for open discussions and strategic thinking, as well as formal meetings?
Some of this can be done by document review — including board papers and minutes, skill matrix, recruitment process documents, etc. But much of this will also require interviews with board members and those who support the board, such as the corporate/company secretarial or corporate governance team.
This article concludes the series on what internal audit should know about ESG risks. If you missed the first two articles, be sure to go back and read our previous blogs, to get you up to speed on our suggestions on how internal audit can approach environmental and social risks.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
At Audit International, we know when people hear buzzwords like ‘data analytics’, ‘artificial intelligence’ and ‘machine learning’, it can be intimidating. Many people don’t fully understand such concepts, but in truth, you don’t need to. You just need to get comfortable with them. And you probably already are: familiar services like Netflix or Spotify use artificial intelligence to understand your preferences and make subsequent suggestions based on that knowledge. The level of consumers’ expectations is continually increasing, and the successful companies are those that are advancing with technology. The same is true for businesses and their expectations. In audit, the revolution is underway and the sections that follow highlight the key drivers for this change.
Improve the audit experience –
The volume of data available to auditors is astounding, but in most cases, this data is simply not being used. If this were happening in any other industry, there would be questions to answer. Data analytics can improve the audit experience in several ways, for both the audit team and for the client.
Improve audit quality-
During the planning phase of the audit, audit teams must shift their focus away from the old mindset of “what could go wrong?” Through analytics, we can turn our attention from what could go wrong to what has gone wrong. Auditors have access to the client’s complete financial data for the period under audit – if they focus on analysing and understanding the data, they could identify an unexpected transaction or trend in the process. During the execution phase, auditors should also build on the knowledge gained in planning to truly understand the business in question and focus their attention on higher risk transactions. Finally, auditors should move away from a ‘random sample’ approach and, instead, focus on the transactions that appear unusual based on their knowledge of the client, business or industry. These are just a few areas where improvements in audit quality can be achieved using data analytics.
Improve efficiency-
In the examples above, the use of data analytics in planning will identify what has gone wrong and any associated unusual transactions. In execution, these transactions will be tested as part of the audit sample. It could also cover some requirements under auditing standards concerning journal entry testing, as the journal entries will likely be the data that highlighted what went wrong in the first place. Again, this is just one example of efficiencies gained without even considering the hours saved by automating processes like creation of lead schedules and population of work papers.
Post-pandemic world-
The world will be a very different place in years to come. Firms with the ability to perform in-depth analysis using data analytics undoubtedly have a significant advantage over those that do not, given the efficiencies they can gain and the potential reduction of physical evidence required from clients, among other things. Due to the changes we have all had to endure, auditors may also have additional procedures to perform (e.g. roll-back procedures where they were unable to attend stock counts at year-end due to the COVID-19 closures of businesses). Such procedures have the potential to be automated, saving even more time and effort for audit teams.
Improve engagement-
Rather than spend time performing mundane tasks such as testing large randomised samples, data analytics allows audit teams to jump into the unusual transactions. This will make the job more interesting to auditors and cultivate a curious and questioning mindset, which will, in turn, lead to improved scepticism and audit quality.
Improve client experience-
This might happen in two ways. First, the time saved by the client’s staff (who, in theory, will have fewer samples for which to provide support) and second, through the value the audit adds to the business. As an example, consider an audit team performing data analysis on the payroll for their client. As payroll is a standardised process, the audit team has an expectation around the number of debits and credits they would see posted to the respective payroll accounts each month. As part of their analysis, however, they find an inconsistent pattern. This can be queried as part of the audit and the client will be better able to understand a payroll problem, which they were previously oblivious to.
Client expectations-
Given the level of data analysis that occurs daily in the life of anyone using a smartphone, a consistent, high quality is understandably expected in people’s professional lives, too. Audit clients, like all consumers, want more. They want a better and faster audit. They want an audit that requires minimal interference with the day-to-day running of their business, without compromising the quality of the auditor’s work. With troves of data now available to auditors, such expectations are not entirely unreasonable. Audit firms have access to vast amounts of financial and related data – in some instances, millions of lines of information – that, if analysed robustly and adequately, would improve their processes, their clients’ experience, and the quality of their audit files.
Aspirations of professionals-
Audit professionals can often struggle with work-life balance, as we here at Audit International know. Though most firms are getting on top of remote working, the hours in busy season are long. In a time of continuous connectivity, the time frame around ‘busy season’ is also becoming blurred. Through the use of technology, we will one day make auditing a ‘nine to five’ job. Many will scoff at that idea and, although we do not expect this to happen in the next five years, or even ten years, it is possible. By automating mundane tasks and continuously upskilling our graduates, we can transform how an audit team completes work. There will be more scope to complete work before clients’ financial year-ends, thus moving much of the audit out of the traditional ‘busy season’. Machines can complete specific tasks overnight so that auditors could arrive at their desk, ready to work on a pre-populated work paper that needs to be analysed by a person with the right knowledge. With appropriate engagement by all parties (i.e. audit teams, senior management, and audit clients), we could significantly reduce the hours spent on audit engagements and give this time back to auditors. Along with attracting high-calibre graduates, we will retain high-quality auditors in the industry while also avoiding mental fatigue and burnout, which will again lead to better quality audits.
Graduate recruitment-
Graduates joining firms in recent years have particular expectations of the working world. They want job satisfaction, flexible hours, remote working, and an engaging role that will challenge them. Professional services firms have to compete for the very best graduates, and no longer just against each other – a host of technology-enabled businesses are attracting talent on an unprecedented scale by meeting the needs listed above. Technology, and data analytics, in particular, can offer the solution to the graduate recruitment challenge – by making the work more efficient and automating mundane and repetitive tasks, graduates can instead focus on analysis. Time and time again, when we talk to candidates, we always hear that if they find their work challenging and interesting, they will feel more engaged.
Challenges-
This move towards technology is not without its risks to the profession. Automating basic tasks removes the opportunity for graduates to form a deep understanding of these sections of the audit file. The onus is therefore on the current cohort of Chartered Accountants to take the reins, both to drive technology advancement forward and also provide practical, on-the-job coaching to ensure that this knowledge is not lost for the generations that follow.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Have you ever had one of those days where you were determined to write that audit report? So you block off the time on your calendar, go into your office, shut the door, remove any and all distractions and breathe. Because now is the time to take all of those thoughts and perfect phrases running wild in your head and put them on paper. You sit down at your desk ready to make it happen. And you come up with nothing.
You decide to invite a colleague in to assist. Because after all, two heads are better than one. The two of you discuss the issues thoroughly, but nothing seems to sound right.
Writing objective observations takes time, skill, and tact. And if you’re like any other auditor, the audit issues sound wonderful in your head. But by the time you formulate the right words, reach for your pencil and place it on paper, that wonderful wording has become a distant memory. It’s worse if you’re in a group setting because you now become frustrated as the group begins asking you to repeat what you said. Unable to remember words uttered only seconds prior, it is only then that you realize how old you truly are.
If you’ve ever faced this situation, do not fear. There are several tools and techniques you can use to speed up and improve your report writing. But first, we must address the five big problems with writing reports:
1. We think faster than we write
2. Our million dollar thoughts come at the wrong time
3. We believe in writer’s block
4. We look for perfection in the first paragraph
5. We don’t understand and/or appreciate the writing process
5 Problems with audit report writing
We think faster than we write
We’ve all been there. Browsing through our cabinets trying to make a mental grocery list. Then you reach the point where there are too many items to remember. You decide to write a list. You reach for your paper and before the pen touches the pad, you’ve already forgotten the five items you wanted to write.
Our brains are fascinating. I can remember where I was in the summer of 1989, but I cannot remember what I ate for breakfast this morning. It is that forgetfulness that can derail your report writing.
Our million dollar thoughts come at the wrong time
Worse yet is when you have this wonderful idea, but then realize that it is 5:00 o’clock and you are stuck in traffic. There is no way you can capture that great thought without causing a pile up. So you try other techniques. You turn off the radio and repeat whatever it is over and over. You hope to continue this until you get home, or at least until you get to a stopping point. Of course something interrupts your thought and you forget what you were trying to remember.
We believe in writer’s block
Some people believe that writer’s block is a thing. I’m here to tell you, it is not. At least in the context of business writing or internal audit reports. Wikipedia define writer’s block as follows:
“Writer’s block is a condition, primarily associated with writing, in which an author loses the ability to produce new work or experiences a creative slowdown. This loss of ability to write and produce new work is not a result of commitment problems or lack of writing skills. The condition ranges from difficulty in coming up with original ideas to being unable to produce a work for years. Writer’s block is not solely measured by time passing without writing. It is measured by time passing without productivity in the task at hand.”
As you can see, writer’s block is a primary concern for creative writers. Our audit reports are, or should be, factually based non fiction. We are taking a series of facts, placing some logic and order to those facts, and providing management with a conclusion. What we are not doing, is creating new characters or developing plots and story lines. We know the beginning, middle and end of the story. Therefore, we know what to say. The problem is how do we say it so that it has the best impact given within the culture of the organization.
We look for perfection in the first paragraph
Because audit report writing is simpler than creative writing, we believe that we should be able to sit down and create the perfect prose in minutes. After all, we know the beginning, middle and end of the story. When we finally put pen to paper, our initial draft is usually not good. We then become frustrated. But I believe that frustration is because we don’t understand the writing process.
We don’t understand and/or appreciate the writing process
All the magic happens in the editing. Any writer will tell you this. Ernest Hemingway famously once said that “The first draft of anything is ****” (insert a very bad word here). As someone who has had articles published, I can tell you this is true. I can recall the first time I sent something to an editor. I thought it was an okay piece. But what came back was a magnificent manuscript. I fined tuned it a little and the result was something we were all pleased with. The writing process does not require perfection at the start. Your initial goal is to get something on the page. After that, trust the process and let the magic happen in editing.
3 tools you can use
Google voice typing
Because our brains seem to signal our mouths to speak faster than our hands can write, voice typing is the perfect shortcut to getting those wonderful words out of your head and on paper. For those unfamiliar with voice typing, you talk, it types. It’s as simple as that. Well, sort of.
The best free voice typing tool I’ve found is through Google. Log in to your account. Then, access Google Docs and open a document. Go to Tools, then Voice Typing (or you can press Ctlr+Shift+S).
You will see a microphone that may say Click to Speak. Click it, talk to it, and watch the magic happen. You will need to learn certain commands like period, comma and new paragraph. But other than that, if you speak clearly, it will recognize most speaking voices and words.
Your Cell Phone voice recorder
If barking out commands to your computer isn’t your thing, you’re in luck. There’s another option. If you’re like me, your cell phone is probably within arms reach. Grab your phone and go to your favorite app store. Search for a voice recorder. You should see several. Download one that piques your interest.
You can now record yourself talking about the audit issues. Now you will never miss that wonderfully worded paragraph that would sound great in an audit report. Once recorded, you can listen to the recording and pull out the impactful paragraphs.
Transcription
If you truly believe the recording represents your best work ever, you can have it transcribed. Yes, you heard me, transcribed. It’s not as bad or as expensive as you think. Before I get into that, I must say that I am not being paid by nor am I endorsing these specific products. there are several transcription services that I have used. Some use live transcribers while others use automated engines.
Summary
Writing audit reports can be a daunting task. But it has to be done. Nowadays we have a lot of tools that can help streamline the process. Many of the biggest issues start with us. Writer’s block is only as real as we allow it to be. Sit down and put something on paper. Use some electronic tools to get your words on paper. Almost any words will do. Afterall, the magic happens in the editing.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
This week Audit International are taking a look at the 4 ways how Internal Audit can get a seat at the table.
When it comes to risk management and compliance, most organizations operate on a 3 Lines of Defense (3LOD) model, in which operational management, compliance, and internal audit work together in tandem to assess and mitigate risk and manage controls and compliance.
This model may be successful in theory, but as the risk management and compliance functions have grown more complex, it doesn’t always work as well as you might hope. Given the rising sophistication of cybersecurity threats and incidents of fraud, and the increasing compliance requirements posed upon organizations of all sizes, it can be difficult to keep an organization-wide pulse on threats and breaches in compliance as they arise.
The problem is, the three branches don’t always collaborate effectively, which may leave internal audit out of the loop and unable to provide much value to the organization. They may not have access to the data they need to generate effective recommendations. The internal audit team’s focus may be simply on checking boxes and ensuring compliance, rather than providing strategic insights that will help your organization understand and take steps to mitigate new threats.
If you want your internal audit team to move the needle at your organization, you need to get the ear of executives who can advocate for your work. By partnering with leadership, you’ll be able to spearhead new initiatives and gain critical access to data that will help your organization save money and reduce risk, proving your team’s value.
Here are four strategies for doing that effectively:
Identify the key people who can support you, and make a plan to build relationships with them
Your audit team will naturally be in touch with the managers who can provide key information needed to conduct your audits—but by focusing only on these contacts, you’re missing out on building relationships with the leaders who will be able to help you gain a more visible role in the organization. Build a plan for conducting periodic outreach to higher-level executives within your organization, such as your chief risk officer or your CTO. You can solicit feedback from them on any open questions they may want your team to review in your audits, or provide high-level executive briefs showcasing work that you’ve done and issues they may want to explore in further detail. Make sure that they know you and your team are available to support them and open for feedback.
Proactively address organization-wide trends
Rather than focusing solely on issues identified in individual audits, start looking at your audit results in aggregate to identify trends. Is a single department or office location having trouble resolving a specific compliance issue, or is it an across-the-board trend that should be shared with your executive team? Review your data frequently to understand risks that should be mitigated, and come up with step-by-step action plans for how they should be addressed, including who’s responsible and what the benchmarks for success are.
Pay close attention to third-party risks
Many audit teams take an insular view of risk management, failing to uncover the external risks brought on by vendors and technology partners. Make sure that you have policies in place to carefully vet and automate compliance on your third-party vendors, pulling in external data that will alert you to any financial or legal issues they may face. Regularly track all of your solutions and technology partners for red flags, and ensure that you have a strategy for mitigating them. You can showcase your findings in sessions with executives and other partners throughout the business, and collaborate to come up with a plan for any of your scenarios. Keep in mind that risks from big providers such as Amazon or Facebook may impact a lot of your customers or partners as well, so ensure that you map out all of the variables that may impact your company’s business model across the board.
Use best-in-class GRC technology to automate compliance and analyze data
In order to provide the most useful insights to your leadership team, it’s important to integrate your entire risk management function across an easy-to-use GRC platform. Your GRC platform should come with pre-built content that will help you automate your controls framework, regardless of your industry. It should make it easy to monitor compliance status and risk levels across the organization at any given time, with triggers prompting action when control levels are not being met. You should be able to easily drill down into your data and generate executive dashboards, so that you can share insights to justify recommendations and help your leadership team make better informed business decisions.
By building a cohesive strategy for integrating with the 3LOD, backed by in-depth data analytics, real-time data feeds, and workflow automation, your audit team will be able to generate insights that can help to identify new risks, and develop new strategies for mitigating risks across the entire organization. This will help you to become a highly visible, influential, and trusted partner to the business.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Audit International are aware that public sector organizations face a variety of risks, ranging from cyber threats to budget constraints to compliance concerns. While internal audit teams in the government sector might not be responsible for solving all those risks, they need to make sure that they are following through with relevant risk management protocols.
Therefore, it is essential that internal audit teams are conducting internal audit risk assessments to figure out what these risks look like.
“Risk-based auditing ensures that the internal audit activity is focusing its efforts on providing assurance and advisory services related to the organization’s top risks… This requires internal auditors to have a working knowledge of basic concepts, frameworks, tools, and techniques related to risk and risk management,” explains the Institute of Internal Auditors (IIA).
In this article, we’ll examine five tips to help public sector internal auditors build better risk-based audit plans. These include:
1) Define your goals
Before you get too bogged down in the specifics of running an internal audit risk assessment, take a step back and consider what you’re trying to accomplish. Doing so includes finding internal alignment within your audit team and with other stakeholders.
As Baker Tilly advises, internal audit teams “should meet with the various stakeholder groups – management, the audit committee, and the governing body – to explain the process, set expectations for the results and listen to any desired outcomes, as a means of adapting the approach or identifying other activities where internal audit can add value.”
2) Organize your data
Conducting an internal audit risk assessment also requires strong data practices. But before you can get to a place where you are using data analytics to identify key risks, public sector organizations often need to organize their data first.
Information might be held in a variety of systems that makes analysis inefficient, if not ineffective. Tools like TeamMate+ use a data exchange API framework to pull together data from different sources, such as governance, risk, and compliance (GRC) systems and enterprise resource planning (ERP) tools, giving you a complete picture of what’s happening within your organization.
3) Get agile
If you go through an entire risk-based audit without getting any feedback along the way, then it’s easy to get off track. For one, risks might have changed from the time the audit started to when it eventually wraps up. And when you present to stakeholder leaders at the end of the risk assessment, it can be tough to then incorporate their feedback into your internal controls and assurance processes.
Engaging in agile auditing can help. By breaking an internal audit risk assessment down into more manageable chunks — where different risk areas go from the planning to presentation stages in short sprints — public sector internal auditors may have an easier time adapting to change and incorporating feedback.
4) Go dynamic
Agile auditing creates a dynamic internal audit risk assessment. Instead of approaching these assessments as an annual occurrence, you can review public sector risks on more of an ongoing basis.
That means collaborating with other departments throughout the year to keep up with emerging risks, which is where good data-sharing practices also come in handy. Dynamic or continuous risk assessments can also result in more frequent reporting so that you can keep everyone in the loop and get their timely feedback. Having a strong internal audit risk assessment tool like TeamMate that can help you simplify risk scoring and create efficient audit reports makes a big difference.
5) Keep up with public sector requirements
Lastly, working in internal audit in the government sector means staying on top of general risks like cybersecurity and financial concerns, along with meeting specific public policy guidelines and regulations. Public sector internal auditors often turn to sources like Wolters Kluwer, which provides resources like webinars and other Expert Insights so you can learn what you need to do to strengthen internal audit as a government organization.
Following these five tips can go a long way toward creating a strong internal audit risk assessment and a better audit process overall. Even if it seems like your organization doesn’t face many risks, conducting a risk-based audit can help you stay on top of any changes to your risk level. Rather than being caught off guard, building a reliable internal audit risk assessment plan can help your organization control risk, however that takes shape.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
The role of an IT Auditor within an organisation is to maintain the security of the company’s IT systems, ensuring they are efficient and cost effective. They must maintain the firm’s internal controls, records and data as well as to help organisations operate within the law to guarantee they’re not in breach of compliance and regulatory standards.
When it comes to the types of questions an individual can expect upon applying for IT Audit jobs, Audit International got the inside scoop when they sat down with a Company Director, to get his insights on what candidates can expect.
The likelihood is that the interviewer will start with questions aimed at getting a good sense of a candidate’s technical background. Questions around certain controls within a tech environment, networks, routers and so on.
The purpose of these questions is to get a sense of a candidate’s technical background, as well as their understanding around IT governance, IT general controls and IT risk management. This is your chance to demonstrate the way you evaluate IT and your examination of it in relation to IT risk and IT control frameworks.
Other questions will be focused on drawing out whether a candidate is right for the role in question as there are so many different specialisations within IT Audit, including cyber security, IT General Controls and applications, infrastructure or data. So, the interviewer is hoping to see where a candidate fits best within the business as well as getting an idea of the types of technologies they’ve had exposure to. This could be directed at the different types of environments you’ve had experience with, such as Linux and UNIX or it could be broader in terms of the networks and databases you’ve worked on.
In this day and age employers are definitely looking for individuals who are more technically competent and SME specialised rather than being IT generalists.
The next thing interviewers will want to assess is a candidate’s soft skills, as well as their ability to cast a helicopter view across the business as a whole, which could prompt more situational questions:
How do you face off to senior executives?
How do you deal with stressful situations?
What is your tactic for delivering negative feedback to the business or to a colleague?
If you encounter a difficult stakeholder, how would you go in and manage their expectations?
You will also be asked questions regarding your communication skills, specifically when it comes to relaying information to non-IT people. They want to see that you’re comfortable breaking down the technicalities of IT into layman’s terms in order to make it accessible to those non-technical people both at board level and elsewhere in the business.
Tell us about a project you’ve worked on.
A lot of IT Audit shops will run audits as projects which may lead to questions around specific ones you’ve worked on and other questions around project management.
Tell me about a technical problem you’ve encountered.
This is your opportunity to talk about an issue you’ve gone in to evaluate and how you’ve interacted with a non-IT user, built that relationship in order to identify the problem and worked with them to resolve it.
Moving on from soft skills, the interviewer will likely want to broach a candidate’s awareness of risk and controls. The line of questioning may be centred on databases for instance:
What types of controls would you be looking for?
Where do you think the weaknesses might be? What about areas of resilience?
Are there any security or compliance issues based on that?
Candidates really need to show how well they can evaluate these issues. It’s about providing enough detail so that you cover all the relevant points an employer would be looking for, while also contextualising your answers within the broader scope of the business’s needs. You need to show industry awareness beyond your technical qualifications.
Why do you want to work in IT Audit?
Some candidates may be coming from the Big Four, which is a fairly classical move into IT Audit, though of course other people will be coming from different backgrounds and disciplines, so the interviewer is going to want to understand the motivation behind your chosen career.
IT Audit is different to business audit, for the latter you need to be an SME in a particular area. If you’ve been working in manufacturing for 10 years, it would be very difficult for you to move into banking audits for instance. However, as an IT auditor perhaps within the cyber security space conducting third party assessments looking at cloud security and so on, though that is a very specialist area, you would have an easier transition between industries. Overall, the important thing an interviewer will be looking for is valid and researched reasons for wanting to work in that industry.
What is your perception of IT Audit, specifically with regards to this business?
This is where you can demonstrate that you’ve done your homework on the company and explain how you see the role of IT Audit and its subsequent benefit to the business. This can also lead onto a discussion around where you see your career in IT Audit progressing, whether that’s moving up the ladder of IT Audit itself or using it as a platform to move into another area of the business.
Where do you see your career going in the next 3-5 years?
The interviewer doesn’t expect you to know exactly where your career is going to go, but they do want to understand your ambition. Having a clear vision for your own professional development is reassuring for your potential employer and certainly helps them better place you within the business and collaborate in order to create value both for your personal progression and for the business itself.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
If the last few years have shown us here at Audit International anything, it’s that we must be ready for the unexpected. From the disruptions of the global pandemic to soaring inflation, from political scandals to a war of aggression in Ukraine—life as we know it is changing.
The public sector doesn’t exist in a vacuum. Global events have a direct effect on national public services, and uncertainty causes disruption. The public sector must adapt to these changes if it is to continue delivering essential services for the taxpayer. Long-term funding challenges, climate change, and changing demographics also add to the pressures the global public sector is facing, and with technology changing the way we work, how does the role of internal audit fit into this complex web of demands and transformations?
As organizations react to these external changes, their assurance needs will inevitably change too. If internal audit is to stay relevant, it needs to keep pace with the changing demands of the organization.
To get a better understanding of how to improve the impact of internal audit and unlock its full potential, Chartered Institute of Public Finance and Accountancy (CIPFA) asked over 800 internal audit professionals and clients from across the United Kingdom for their experiences and views.
Their research revealed that 93 percent of the internal audit leaders who responded strongly agreed that internal audit supports the management of the organization, while 88 percent of managers who responded felt the same. Although there is some disparity between the two figures, they show that managers and heads of internal audit broadly agree that internal audit contributes to effective organizational management. Despite these promising statistics, when asked questions about the specific areas where internal audit is making an impact, there was significant disagreement.
Divergent Views
The CIPFA found that heads of internal audit and their clients, the management of organizations, often had substantially different views on what internal audit currently delivers to the organization. For example, 73 percent of heads of internal audit believe that they act as an independent critical friend on committees or steering groups, with just 43 percent of management agreeing with this. More worrisome, only 35 percent of audit committee members thought that internal audit provided this role. Ninety-one per cent of internal audit leaders said they provide advice on new systems and developments, but only 62 percent of managers agreed. This disparity is common across a range of different services and roles provided by internal audit, with clients consistently believing internal audit’s input is significantly less than what the heads of internal audit believe.
This shows that heads of internal audit need to be more vocal about the work their teams are actually doing for the organization. They need to become advocates for internal audit and promote the work of their teams, while clearly explaining to management how vital internal audit is and how it can help the organization reach its goals. Only then will the input of audit teams be fully understood and appreciated by clients, managers, and audit committees.
The more management understands the role of internal audit, the more expectations they will have of it. Higher expectations mean that internal audit becomes more intrinsically valuable and more relevant to an organization, ensuring its important role in the future.
Three Areas of Focus
-More strategic coverage can also help internal audit transform and adapt for an uncertain future. We asked respondents to identify three key areas that internal audit should focus on in the future to have the greatest impact on an organization.
-Cybersecurity was the top priority, with just under 60 percent of respondents wanting internal audit to focus on this key strategic area in the next three years. Just over 50 percent identified digitization and data use within organizations as the next most important area, while 47 percent thought that climate change and sustainability would be important areas of focus for internal audit professionals in the next three years.
-The area of internal financial risk, which internal audit has traditionally provided assurance in, such as payroll and income, are generally already well managed with little exposure to risk. So, does internal audit still have a role to play in mitigating financial risk? About one-third (35 percent) of respondents said they thought financial viability was a key area for the future. This includes more strategic areas such as financial resilience and medium- and long-term financial strategies—both of which carry considerable risk to the organization. Without seeking to influence the financial policies themselves, internal audit can provide vital independent assurance to decision makers to allow them to take on more risk and be more ambitious.
If internal audit takes a more strategic role in emerging issues and provides assurance not just around internal financial risk, then it can position itself as a trusted partner to the organization. In the coming years, it will be vital for audit professionals to keep up with the changing demands of clients, and the world around us, if internal audit is to stay relevant.
– The Skills Gap
Continual life-long learning is also essential if internal audit is to stay on the front foot. It is this up-skilling that will help auditors keep pace with emerging organizational demands, like cloud computing and cyber security. Out of the heads of internal auditors who responded to our survey, 55 percent agreed that they had sufficient skills and experience to meet the needs of the organization. This is broadly similar to the number of senior managers who agreed that their internal audit teams had the skills needed. There is still room for improvement in this area.
In its 2020 report on the future of jobs, the World Economic Forum identified some key technologies that companies thought would most likely be adopted by 2025. Cloud computing, big data analysis, artificial intelligence, and cybersecurity all came out on top. These represent growth areas for internal audit and where internal audit professionals will have to upskill to provide maximum value to the organization.
Internal auditors cannot be subject matter experts in all these areas, of course, and some aspects will have to be outsourced to specialized firms. Internal auditors can, however, oversee the organization’s direction and approach to these key strategic areas, provide independent assurance and act as a critical friend where necessary. Having good communication, critical and analytical reasoning skills, financial literacy, as well as risk-based auditing skills will help internal auditors tackle these complex subject areas.
Internal audit can have a bright future. Although the world is in a particularly uncertain phase, and organizations’ assurance requirements are rapidly changing to reflect this, internal audit can still make a significant impact and provide a valuable service. But to do this, it must also adapt.
Embracing New Challenges
To stay still is to move backwards when the pace of change is so considerable. Internal audit’s future lies in embracing new challenges such as cybersecurity, financial viability, climate change, artificial intelligence and big data. It can provide organizations with the assurance they so badly need around these issues – allowing them to embrace new technologies and ambitious strategies. To do this, internal auditors need access to learning and development to equip them with appropriate skills to find solutions to these complex issues.
All of this, however, will not lead to the wanted outcomes if heads of internal audit do not advocate and promote the work of their teams within organizations. They must make sure management and clients understand their assurance needs and how internal audit teams support organizations to reach their goals.
Good public financial management is at the core of delivering value for money and improving public services. A much broader, more diverse, and louder internal audit function can reinforce and support good financial management, both now and well into the future.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
After the rollout of the vaccine and the end of lockdown restrictions, businesses are picking up and hiring into their Internal Audit departments and many candidates seem curious to take the next step in their audit careers.
COVID-19 has quickened audit firms’ adaption toward new ways of operating. Shifting to a remote and flexible working schedule by audit firms and the companies adds a new challenge already faced in adapting the audit to a tech-evolving corporate world and placing new demands on audit professionals. However, new ways of working will bring important benefits as well as posing challenges that have to be addressed.
Traditionally, firms have emphasized personal integrity and professional skepticism in audit professionals, and these attributes will undoubtedly remain vital. But in the new and fast-developing environment, auditors will also need to develop even deeper knowledge of business, a powerful curiosity about technologies and an agile mindset that embraces disruption.
This demonstrates the motivation of both candidates to find a new role and clients to hire into the Internal Audit profession. These figures have also likely been positively affected by the relative ease in which most interviews are now being conducted by video call rather than in-person. While auditors still retain their independence within organizations, they are nonetheless now expected to take a more collaborative, forward-looking approach to Risk Management and Governance. As a result, Internal Audit is increasingly seen as a value-add function rather than a cost center.
In order to achieve the expectation of audit objectives in hybrid environment, it is necessary for the auditor to plan well in advance with the following recommendatory steps.
-Gain an understanding of client business either through documented SOPs, policies to understand its Operations, Compliance and Financial area
-Being adept with trending technologies
-Being able to use the latest audit tools and techniques
-Adapting to the need for agility
-Being able to address regulatory compliance in a changing landscape
-Interdisciplinary approach to audit
-Effective communication skills at all business levels
-Ability to understand emerging technologies
-Ability to predict future challenges
-Ability to take a business-centric approach
-Ability to plan and execute, keeping the big picture in mind
-Ability to integrate adaptability into the audit design
-Ability to increase focus on key risk areas to improve assurance
-Ability to use process mining to analyze data
-Decide on the language to be used for the interview and ensure everyone involved speaks that language.
The auditors need to be more practical and realistic for carrying out audit involving Information Technology as a tool rather than as a barrier.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
- Switzerland 0041 4350 830 59 or
- US 001 917 508 5615
E-mail:
- info@audit-international.com”
