Posts Tagged “internal audit”

Have you ever had one of those days where you were determined to write that audit report? So you block off the time on your calendar, go into your office, shut the door, remove any and all distractions and breathe. Because now is the time to take all of those thoughts and perfect phrases running wild in your head and put them on paper. You sit down at your desk ready to make it happen. And you come up with nothing.

You decide to invite a colleague in to assist. Because after all, two heads are better than one. The two of you discuss the issues thoroughly, but nothing seems to sound right.

Writing objective observations takes time, skill, and tact. And if you’re like any other auditor, the audit issues sound wonderful in your head. But by the time you formulate the right words, reach for your pencil and place it on paper, that wonderful wording has become a distant memory. It’s worse if you’re in a group setting because you now become frustrated as the group begins asking you to repeat what you said. Unable to remember words uttered only seconds prior, it is only then that you realize how old you truly are.

If you’ve ever faced this situation, do not fear. There are several tools and techniques you can use to speed up and improve your report writing. But first, we must address the five big problems with writing reports:

1. We think faster than we write
2. Our million dollar thoughts come at the wrong time
3. We believe in writer’s block
4. We look for perfection in the first paragraph
5. We don’t understand and/or appreciate the writing process

5 Problems with audit report writing
We think faster than we write
We’ve all been there. Browsing through our cabinets trying to make a mental grocery list. Then you reach the point where there are too many items to remember. You decide to write a list. You reach for your paper and before the pen touches the pad, you’ve already forgotten the five items you wanted to write.

Our brains are fascinating. I can remember where I was in the summer of 1989, but I cannot remember what I ate for breakfast this morning. It is that forgetfulness that can derail your report writing.

Our million dollar thoughts come at the wrong time
Worse yet is when you have this wonderful idea, but then realize that it is 5:00 o’clock and you are stuck in traffic. There is no way you can capture that great thought without causing a pile up. So you try other techniques. You turn off the radio and repeat whatever it is over and over. You hope to continue this until you get home, or at least until you get to a stopping point. Of course something interrupts your thought and you forget what you were trying to remember.

We believe in writer’s block
Some people believe that writer’s block is a thing. I’m here to tell you, it is not. At least in the context of business writing or internal audit reports. Wikipedia define writer’s block as follows:

“Writer’s block is a condition, primarily associated with writing, in which an author loses the ability to produce new work or experiences a creative slowdown. This loss of ability to write and produce new work is not a result of commitment problems or lack of writing skills. The condition ranges from difficulty in coming up with original ideas to being unable to produce a work for years. Writer’s block is not solely measured by time passing without writing. It is measured by time passing without productivity in the task at hand.”

As you can see, writer’s block is a primary concern for creative writers. Our audit reports are, or should be, factually based non fiction. We are taking a series of facts, placing some logic and order to those facts, and providing management with a conclusion. What we are not doing, is creating new characters or developing plots and story lines. We know the beginning, middle and end of the story. Therefore, we know what to say. The problem is how do we say it so that it has the best impact given within the culture of the organization.

We look for perfection in the first paragraph
Because audit report writing is simpler than creative writing, we believe that we should be able to sit down and create the perfect prose in minutes. After all, we know the beginning, middle and end of the story. When we finally put pen to paper, our initial draft is usually not good. We then become frustrated. But I believe that frustration is because we don’t understand the writing process.

We don’t understand and/or appreciate the writing process
All the magic happens in the editing. Any writer will tell you this. Ernest Hemingway famously once said that “The first draft of anything is ****” (insert a very bad word here). As someone who has had articles published, I can tell you this is true. I can recall the first time I sent something to an editor. I thought it was an okay piece. But what came back was a magnificent manuscript. I fined tuned it a little and the result was something we were all pleased with. The writing process does not require perfection at the start. Your initial goal is to get something on the page. After that, trust the process and let the magic happen in editing.

3 tools you can use
Google voice typing
Because our brains seem to signal our mouths to speak faster than our hands can write, voice typing is the perfect shortcut to getting those wonderful words out of your head and on paper. For those unfamiliar with voice typing, you talk, it types. It’s as simple as that. Well, sort of.

The best free voice typing tool I’ve found is through Google. Log in to your account. Then, access Google Docs and open a document. Go to Tools, then Voice Typing (or you can press Ctlr+Shift+S).

You will see a microphone that may say Click to Speak. Click it, talk to it, and watch the magic happen. You will need to learn certain commands like period, comma and new paragraph. But other than that, if you speak clearly, it will recognize most speaking voices and words.

Your Cell Phone voice recorder
If barking out commands to your computer isn’t your thing, you’re in luck. There’s another option. If you’re like me, your cell phone is probably within arms reach. Grab your phone and go to your favorite app store. Search for a voice recorder. You should see several. Download one that piques your interest.

You can now record yourself talking about the audit issues. Now you will never miss that wonderfully worded paragraph that would sound great in an audit report. Once recorded, you can listen to the recording and pull out the impactful paragraphs.

Transcription
If you truly believe the recording represents your best work ever, you can have it transcribed. Yes, you heard me, transcribed. It’s not as bad or as expensive as you think. Before I get into that, I must say that I am not being paid by nor am I endorsing these specific products. there are several transcription services that I have used. Some use live transcribers while others use automated engines.

Summary

Writing audit reports can be a daunting task. But it has to be done. Nowadays we have a lot of tools that can help streamline the process. Many of the biggest issues start with us. Writer’s block is only as real as we allow it to be. Sit down and put something on paper. Use some electronic tools to get your words on paper. Almost any words will do. Afterall, the magic happens in the editing.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

This week Audit International are taking a look at the 4 ways how Internal Audit can get a seat at the table.

When it comes to risk management and compliance, most organizations operate on a 3 Lines of Defense (3LOD) model, in which operational management, compliance, and internal audit work together in tandem to assess and mitigate risk and manage controls and compliance.

This model may be successful in theory, but as the risk management and compliance functions have grown more complex, it doesn’t always work as well as you might hope. Given the rising sophistication of cybersecurity threats and incidents of fraud, and the increasing compliance requirements posed upon organizations of all sizes, it can be difficult to keep an organization-wide pulse on threats and breaches in compliance as they arise.

The problem is, the three branches don’t always collaborate effectively, which may leave internal audit out of the loop and unable to provide much value to the organization. They may not have access to the data they need to generate effective recommendations. The internal audit team’s focus may be simply on checking boxes and ensuring compliance, rather than providing strategic insights that will help your organization understand and take steps to mitigate new threats.

If you want your internal audit team to move the needle at your organization, you need to get the ear of executives who can advocate for your work. By partnering with leadership, you’ll be able to spearhead new initiatives and gain critical access to data that will help your organization save money and reduce risk, proving your team’s value.

Here are four strategies for doing that effectively:

Identify the key people who can support you, and make a plan to build relationships with them
Your audit team will naturally be in touch with the managers who can provide key information needed to conduct your audits—but by focusing only on these contacts, you’re missing out on building relationships with the leaders who will be able to help you gain a more visible role in the organization. Build a plan for conducting periodic outreach to higher-level executives within your organization, such as your chief risk officer or your CTO. You can solicit feedback from them on any open questions they may want your team to review in your audits, or provide high-level executive briefs showcasing work that you’ve done and issues they may want to explore in further detail. Make sure that they know you and your team are available to support them and open for feedback.

Proactively address organization-wide trends
Rather than focusing solely on issues identified in individual audits, start looking at your audit results in aggregate to identify trends. Is a single department or office location having trouble resolving a specific compliance issue, or is it an across-the-board trend that should be shared with your executive team? Review your data frequently to understand risks that should be mitigated, and come up with step-by-step action plans for how they should be addressed, including who’s responsible and what the benchmarks for success are.

Pay close attention to third-party risks
Many audit teams take an insular view of risk management, failing to uncover the external risks brought on by vendors and technology partners. Make sure that you have policies in place to carefully vet and automate compliance on your third-party vendors, pulling in external data that will alert you to any financial or legal issues they may face. Regularly track all of your solutions and technology partners for red flags, and ensure that you have a strategy for mitigating them. You can showcase your findings in sessions with executives and other partners throughout the business, and collaborate to come up with a plan for any of your scenarios. Keep in mind that risks from big providers such as Amazon or Facebook may impact a lot of your customers or partners as well, so ensure that you map out all of the variables that may impact your company’s business model across the board.

Use best-in-class GRC technology to automate compliance and analyze data
In order to provide the most useful insights to your leadership team, it’s important to integrate your entire risk management function across an easy-to-use GRC platform. Your GRC platform should come with pre-built content that will help you automate your controls framework, regardless of your industry. It should make it easy to monitor compliance status and risk levels across the organization at any given time, with triggers prompting action when control levels are not being met. You should be able to easily drill down into your data and generate executive dashboards, so that you can share insights to justify recommendations and help your leadership team make better informed business decisions.

By building a cohesive strategy for integrating with the 3LOD, backed by in-depth data analytics, real-time data feeds, and workflow automation, your audit team will be able to generate insights that can help to identify new risks, and develop new strategies for mitigating risks across the entire organization. This will help you to become a highly visible, influential, and trusted partner to the business.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have been thinking recently about what internal audit should know about ESG risks, and where best to start but with the E, which is for Environmental.

In this, the first in a series of three articles, we will drill down on Environmental risk and explore how internal audit can have an impact by focusing on key risks.

Environmental risks :
There’s no single taxonomy of environmental risks. Consider what categories your organization uses and what is used elsewhere in the sector. The following should all be covered, at a minimum, but may be described in different ways using different terminology:

Climate change :
This should include the effect of greenhouse gas (GHG) emissions – we usually talk about carbon dioxide but there are seven gases covered by the GHG protocol
Pollution from emissions and discharge (i.e., water, soil, air)
Biodiversity loss and deforestation
Waste management
Resource use – impacts of raw materials, production, transportation, and distribution (consider water, energy, and other natural resources)
Hazardous materials
There is clearly an interplay between these risks, but as they represent the major environmental impacts, this offers a good starting point.

This should fit neatly into your existing risk assessment process. Typical impacts for the organization will be reputational, legal and regulatory, financial, operational, and ultimately strategic. All things we are very familiar with.

Getting started – Determining the key risks
Every organization is different. You will need to start with a risk assessment to determine the key risks, potentially using the list above. To do this, you will need to understand the main environmental issues in your business, considering a number of factors:

What sector(s) you are in, and what are the main impacts of that sector. Search out industry guidance from standard setters such as GRI (Global Reporting Initiative), international business groups, such as the World Economic Forum, and thought leaders, such as McKinsey. It is important to consider all the main parts of your business, from the environmental impact of the raw materials you source, through transportation, production, and sales. Although focus on your immediate impacts may be easier, the impacts outside your organization’s immediate control are often more significant. For example, a significant environmental impact of electronics is the extraction of rare earth metals essential for their production.
Where your business is based, the places in which you operate, where you source materials from, and where you sell to. This is important for a number of reasons. It drives the nature and extent of legal and regulatory risk that the organization faces. It also influences the attitudes of stakeholders, such as customers and consumers, as these may vary significantly. But bear in mind, that these factors can change quickly and this needs to be built into any risk assessment.
Requirements of your customers. This may be contractual for government or corporate procurement, or the preferences and attitudes of consumers. This is also partly based on location (as mentioned above), but in global markets, it is never that simple.

All of this (and more) should have been considered by the business (first or second line) and internal audit should leverage their work, effectively challenging and validating. If this has not been done, internal audit needs to be taking a step back and conducting a more basic evaluation of the maturity of the organization’s risk assessment process.

Some types of environmental impact will be universal and significant no matter what your business activity. These include climate change and waste, which Audit International will dig a little deeper into later in the article. Others may apply to a much greater extent in certain industries, such as those in extractive industries (oil and mining for example) and heavy manufacturing (where there may be high levels of resource use – both raw materials as inputs and energy and water in the production process).

How internal audit can make an impact :
As with any aspect of audit planning, the greatest value internal audit can bring will depend on the major risks identified. But we can’t just consider the inherent risks, we need to understand what other sources of assurance are in place and, most importantly, what activities are contributing to both the risk and the assurance. Think about the following:

What do we know about environmental management processes that are in place? What is the scope of these systems and processes?
What reporting is in place? Are external reports assured? Which stakeholders use and rely on these reports?
Are environmental factors (risks and costs) incorporated into project evaluation and capital decisions?
A common factor across many environmental risks is availability and the quality of the data. Process and controls for environmental data are generally less mature and systems are not always equipped or configured to meet the complexities and nuances of this data. This is often a great opportunity for internal audit to add value, both by providing assurance over processes and systems, and by validating the data itself. Both leverage core internal audit skills.

We can also go further, confirming that reports meet whichever standards are being applied, that management reports or projects evaluations fairly, and that these completely reflect risks as well as opportunities. However, this may require more specialized knowledge.

Some examples :

Climate change
All organizations need a response to climate change, and so while the specific needs will differ, this is an issue increasingly relevant for everyone. How can internal audit add value? Let’s look at two potential opportunities:

Has the business considered the potential physical and transitional impacts of climate change? Best practice suggests this should be done using scenario analysis that includes a range of realistic scenarios. Physical vulnerabilities may result from gradual, long-term changes in climate (chronic risks), or short-term (acute) risks, such as storms and fires during heatwaves. These potentially impact the cost-of-capital, the availability and cost of insurance rates, and cause operational disruption. Transitional impacts include changes in legislation, markets, technology, and stakeholder expectations. Internal audit can review the process used to establish scenarios and determine the impacts and, more importantly, assess actions to improve resilience, mitigate risk, and maximize opportunities.

Many corporations are now publishing disclosures under TCFD (Task Force on Climate Related Disclosures). These are becoming mandatory in some countries and are an increasing expectation from investors. External assurance, if any, is usually very limited in scope. Internal audit can provide assurance over the processes to collate data and support assertions made in the disclosures. It can also audit the data and assess the evidence supporting those assertions. Other organizations may provide (voluntarily or by regulation) data on, for example, energy use or emissions. Again, internal audit can provide similar assurance over these processes or this data, as any external assurance will generally be limited.

Waste :
Waste is an issue for all organizations, although the specific impacts will be very different across businesses. As well as the environmental impact, businesses have a cost-incentive to reduce waste, as it is increasingly expensive to treat and dispose of. Internal audit can add value in a number of ways.

Here are some examples:

– Assess whether policies support the organization’s waste strategy. Are they specific to the business and relevant for the types and locations of waste produced? Do they take into account legislation and regulation in each jurisdiction? Are they effectively implemented, understood, and followed?
– Companies often report waste information, either in annual reports or to different public authorities. How is this validated? For example, how do we know that waste is recycled or reused? Are there controls to independently verify how the waste has been treated? In many countries, responsibility for safe disposal rests with the waste producer, not the waste contractor.

To summarize, we have described the importance of environmental risk to all organizations and have shown how internal audit can respond to some of those risks. Internal audit can use existing tools and skills to get started, and leverage widely available sources of knowledge to find out more.

Keep an eye out for our next blog, discussing the S in ESG, which of course stands for ‘Social’.
We will explore how internal audit can address important social risks.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The Characteristics of Highly Successful Internal Auditors
Nobody knows it better than us here at Audit International that Internal auditors are a rare breed. To perform well in their jobs, they must have a set of skills and characteristics that are typically uncommon in one person. For example, they need to be analytical with laser-like focus, while also being “people-persons” with great communication skills. They need to be rule-followers, while also having the creativity and curiosity to blaze new trails. No one ever said it was easy, but becoming a top internal auditor takes dedication, hard work, and, as Liam Neeson said in the movie Taken: “a particular set of skills.”
We recently set out to identify the skills and characteristics good internal auditors must possess to perform well in their jobs. We found that some, like curiosity and integrity, are typically characteristics that are just part of our personality or not. Others, like technological know-how and communication abilities can be learned and honed through professional development and training courses. Others lie somewhere in the middle.
This is by no means an exhaustive list. There are many other skills and attributes not listed here, such as knowledge of the business, project management capabilities, and relationship building that are important to thriving as an internal auditor. Yet these are the qualifications chief audit executives, senior managers, and board members cite most often as the key abilities they are looking for in good internal auditors.
Regardless of how we acquire them, and in no particular order, here are the top six characteristics internal auditors should possess:
1) Great Communication Skills
It’s no secret that internal auditors need to be excellent communicators to execute their jobs well, however, that requirement has only increased as the COVID-19 pandemic closed offices and employees were forced to work from their homes. Now internal auditors must often conduct audits remotely, interviewing process owners and others through phone calls and video conferencing. It’s one thing to assess body language, tone, and facial expressions from across a desk or conference table, but quite another to read those important non-verbal cues during a Zoom call or over some other digital communication platform.
It doesn’t stop there. Internal auditors have many constituencies to serve. From their audit customers to senior management and the board, they must be able to navigate many relationships within the organization and sometimes bridge seemingly conflicting views on what’s important to the company. That takes great communication skills and any internal auditor that doesn’t possess them will likely falter in their roles.
2) Unyielding Curiosity
Good internal auditors ask why? Great internal auditors keep asking “why?” Like a child who follows up one question of “why?” with “OK, but why?” top internal auditors keep asking questions until they fully understand the issues at hand. They are not easily swayed with a pat answer or put off the trail with an explanation that doesn’t quite add up. Their natural curiosity keeps them pushing until they find the answers and explanations that satisfies them—in other words, when there are no more “why” questions to ask.
Such intellectual curiosity doesn’t just serve good internal auditors well in the pursuit of fraud and wrongdoing, either. It helps them fully understand how controls, processes, and business units work, so they can make recommendations to improve them.
3) Technological Savvy
Increasingly, the job of the internal auditor relies on technological tools, such as data analytics, cloud-based application platforms, and data visualization. Indeed, the internal auditor of the future will likely also need to be an expert—or at least proficient—in such areas as artificial intelligence, machine learning, and technologies still out on the horizon. For this reason, internal auditors who don’t embrace new technologies and learn enough about them to at least begin to experiment with new ways of doing things will be left behind. While it’s important to embrace the more recent technologies that internal audit is increasingly coming to rely on to execute its duties, a digital revolution is taking place in just about every facet of the organization. To complete audits of nearly any process or function will require a working knowledge of increasingly complex technologies. It’s true too, that the top risks in any organization typically involve areas like cybersecurity, data governance, and information security, all of which require internal auditors to be tech savvy..
4) Ability to Work Independently and on a Team
It might seem contradictory to say that internal auditors must be able to work on their own, but then also be good team players, but it’s true, and the remote work scenarios brought on by the pandemic have only made it truer. Internal audit has always required a good bit of independent work, but the amount has increased with remote audits and auditors working from home. The ability to work independently relies on such underlying skills as self-motivation, self-management, and accountability. Without daily meeting in the conference room and the chief audit executive looking over their shoulders, internal auditors must be resourceful and reliable to keep projects humming along. That doesn’t mean they no longer have to be able to work well with others. More recent work models, particularly agile audit, require lots of interaction and coordination. This harkens back to the importance of communication abilities, but good internal auditors are also team players.
5) Drive to Be Life-long Learners
I once asked a chief audit executive: What is the single most important thing you look for when you are hiring a new member of your internal audit team? Without hesitation, he said: “I look for someone who is always looking to learn new things.” He explained that internal auditors must be generalists and specialists at the same time. Their jobs will take them to many places and expose them to new knowledge all the time..
The fact that internal auditors get exposure to lots of different aspects and units of the business is certainly one of the benefits of the job, but it comes with challenges. They must be able to constantly digest new information and learn new parts of the business. No two audits are ever the same and without the desire to learn something new, it will be difficult for an internal auditor to approach each new assignment with the sponge-like ability to absorb new knowledge and come up to speed quickly on a process or function.
6) Integrity and Courage
Perhaps above all else, integrity and courage must be at the core traits of a high-performing internal auditor. There will be times when internal auditors are asked to look the other way or ignore some faulty control or management wrongdoing, and they must simply be able to resist the urge. It’s never easy to confront someone who isn’t doing the right thing and bring it to light, but it’s a trait that top internal auditors all possess.
One more thought on integrity and courage: We often think of these things in terms of big crises and scandals, where the internal auditor stands up to an accounting fraud that is taking place in the organization or a CEO who is up to no good. Yet it more often integrity and courage will be called up for small things, where someone is looking to cut a corner or isn’t treating others with respect. This is when integrity, along with a good moral compass can help an internal auditor push past a roadblock and get an audit back on track.
Just Add Hard Work
So, call them what you may: characteristics, skills, qualifications, or abilities, but working on these six things will go a long way toward excelling as an internal auditor. Of course, they aren’t enough in themselves to ensure a quick rise through the ranks of the internal audit team. That requires hard work and dedication to the job. But they will certainly put you on the right track.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

After the rollout of the vaccine and the end of lockdown restrictions, businesses are picking up and hiring into their Internal Audit departments and many candidates seem curious to take the next step in their audit careers.

COVID-19 has quickened audit firms’ adaption toward new ways of operating. Shifting to a remote and flexible working schedule by audit firms and the companies adds a new challenge already faced in adapting the audit to a tech-evolving corporate world and placing new demands on audit professionals. However, new ways of working will bring important benefits as well as posing challenges that have to be addressed.

Traditionally, firms have emphasized personal integrity and professional skepticism in audit professionals, and these attributes will undoubtedly remain vital. But in the new and fast-developing environment, auditors will also need to develop even deeper knowledge of business, a powerful curiosity about technologies and an agile mindset that embraces disruption.

This demonstrates the motivation of both candidates to find a new role and clients to hire into the Internal Audit profession. These figures have also likely been positively affected by the relative ease in which most interviews are now being conducted by video call rather than in-person. While auditors still retain their independence within organizations, they are nonetheless now expected to take a more collaborative, forward-looking approach to Risk Management and Governance. As a result, Internal Audit is increasingly seen as a value-add function rather than a cost center.

In order to achieve the expectation of audit objectives in hybrid environment, it is necessary for the auditor to plan well in advance with the following recommendatory steps.

-Gain an understanding of client business either through documented SOPs, policies to understand its Operations, Compliance and Financial area

-Being adept with trending technologies

-Being able to use the latest audit tools and techniques

-Adapting to the need for agility

-Being able to address regulatory compliance in a changing landscape

-Interdisciplinary approach to audit

-Effective communication skills at all business levels

-Ability to understand emerging technologies

-Ability to predict future challenges

-Ability to take a business-centric approach

-Ability to plan and execute, keeping the big picture in mind

-Ability to integrate adaptability into the audit design

-Ability to increase focus on key risk areas to improve assurance

-Ability to use process mining to analyze data

-Decide on the language to be used for the interview and ensure everyone involved speaks that language.

The auditors need to be more practical and realistic for carrying out audit involving Information Technology as a tool rather than as a barrier.

 

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following: 

 Calling  

  • Switzerland 0041 4350 830 59 or
  • US 001 917 508 5615

 E-mail:

  • info@audit-international.com”

Well during and after Covid-19, the day-to-day working structure of audit has changed a lot. With remote working arrangements and the absence of in-person meeting with clients, it’s been a real testing time for those who have joined the audit profession in 2020 and after. Many of the challenges faced by auditors are limited access to client facilities, personnel, financial records, and documentation. There is an increased need to understand the client’s risk profile and assess how the pandemic has affected their business, due to which auditors are now considering more critical view of clients business rather than just relying on numbers.

Benefits of remote auditing: There are many benefits of remote auditing, which can be summarized here:

  1. Better use of Technology: Now a day’s most of the entities are digitized and cloud based, allowing an auditor to access the records of clients at his own convenience.
  2. Virtual meetings: Auditors are wondering at the number of meetings they are attending now despite being confined at homes. Skype, Zoom and alike technology solutions have made it possible
  3. High reduction in Outstation travelling cost: Businesses were spending billions of money on travels annually; however remote auditing requires zero travel cost.
  4. Reduction in travel time: Auditors are now working in hybrid mode and travels only when required to attend the office in person

 

Disadvantage of remote auditing: The remote auditing also has some limitations which are summarized below:

  1. Limitation on physical audit: Virtual audit is not feasible for audits at floor factories or physical verification of warehouse at manufacturing company.
  2. Inadequate personal interaction with process owner: Personal interaction with the process owner is limited during a remote audit. Avoiding eye contact, adjusting seat, constantly restless are some of the indications can be observed more clearly during an in-person meeting
  3. Network interruption leading to inadequate discussion: If network connections are not reliable, they can interrupt interviews and meetings and can also limit access to the database for fetching objective evidence for review.
  4. Inadequate audit results: Remote audits should not be used as a cost-saving measure. They should only be considered if the audit objectives can be met, beyond any doubt.

 

Conclusion:

Based on the situation, remote auditing can assist in reducing digital risk, minimize traveling time and its cost, and encourage safety. But it has its own limitation. To win with remote, clients business needs to have the perfect combination of ICT and a forward-thinking tech culture. In the future, remote will continue to be an important component of auditing with its limitation to on-site visits. Tech savvy businesses will continue to leverage both solutions to create more robust and auditor-friendly strategies.

 

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

 

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following: 

 

Calling  

  • Switzerland 0041 4350 830 59 or
  • US 001 917 508 5615

 

E-mail:

  • info@audit-international.com”

Audit International are privileged to share some recent insights from Dr Rainer Lenz- Head of Corporate Audit at Villeroy & Boch on his thoughts about internal audit and its Independence.

“Recently, I was invited to share some thoughts about independence of internal auditors. I am basically challenging that concept:

The IIA definition positions internal auditing as an …

“ independent , objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
To be blunt, in my view, independence is largely theory. It is overrated, I think. So is objectivity. But let’s stay with the subject matter of independence. There is nothing wrong with aspiring independence. But, who cuts the hand feeding him? There are inconsistencies among talk and action. Consequently, academic authors refer to the internal auditor’s “role dilemma” and “role confusion”, acknowledging for example the difficulties of internal auditors to strike the balance between being independent from operations and, at the same time, providing added value and benefit to operations. Being both watchdog and consultant is challenging.

Some authors view internal audit as a schizophrenic management function. On one hand, it needs to be completely integrated and knowledgeable. On the other hand, it needs a measure of independence required of all auditors. Thus, internal audit may have a built in cognitive disconnect. Organizations and Chief Audit Executives (CAEs) may cope at different levels of proficiency with such inconsistent demands. Those who can do that well may live longer. Thus, “organizational hypocrisy” may serve a useful purpose.

When you ask non-executive directors and audit committee chairmen what they think, how independent internal auditors are, what will they say? I recall surveys where those members of oversight bodies state that (some) heads of internal audit are not up to the job, internal audit lacks adequate independence, and internal audit has not properly defined the role that they wish internal audit to fulfill.

That points to the “who’s your boss” question. There is no congruence between what the board wants, what the audit committee wants, and what senior management wants. Aiming at satisfying all customer groups is likely to disappoint one or the other customer in some dimension, as all may expect something different from internal audit, such that no one is fully satisfied. In other words, internal audit may face tension from its attempt to serve – let’s say – its two prime customers: managers and the audit committee. The IIA acknowledges that there may be conflicts when internal audit tries to “serve two masters”. Thus, the “who’s your boss?” issue can present problems in terms of allegiances, independence, and effectiveness.

Academic studies confirm that role ambiguity and role conflict can negatively affect the independence of internal auditors. At the same time, CEOs (often) want the CAE to have no fear or favor. It is crucial that the CAE is able to work with other stakeholders in the organization and is not afraid to voice his or her opinion even in controversial situations. That draws particular attention to the importance of the CAE’s characteristics, possibly more important than the debate around independence.

There are authors who suggest that internal auditors must be independent of senior management, so that the board is to rely on internal audit to provide the assurance it needs; otherwise, the risk is that internal audit’s reports to the board/audit committee will be filtered by senior management in such a way that only what is palatable to senior management is communicated. Investing in these relationships and having a steady and robust dialogue is critical to the internal audit function’s success, given its organizational context.

My 2 cents about independence of internal auditors in a nutshell.”

Guest Article Writer- Dr. Rainer Lenz-Head of Corporate Audit at Villeroy & Boch

Source: Lenz, R. (2016), Insights into the effectiveness of internal audit: a multi-method and multi-perspective study, LAP LAMBERT Academic Publishing, Saarbrücken, ISBN 978-3-659-85241-1

The job profile of the Data Scientist is still young, but is often searched for on the job market. They are required in many industries, such as:

• Banking and insurance 
• Trading
• Business and organizational consultancies, market researching
• Social Media, Telecommunications, online tradinging and network management
• Bio-, pharmaceutical, chemical and medical industries
• Logistics
 

 
In 2012, Tom Davenport, Professor at the Harvard Business School, has described the competence profile as following: „… a hybrid of data hacker, analyst, communicator, and trusted adviser. The combination is extremely powerful – and rare.“
In times of “big data”, Data Scientists are experts in demand, who are paid above average and enjoy great freedom in companies as “gold diggers”. Using methods of mathematics, computer science and statistics, they gain facts and knowledge from large amounts of data, the “gold of the 21st century”, and discover new business areas. In addition, they are something like interpreters. They formulate the data records into legible results and display the essential information in a comprehensible language.
Data Scientists are trained in statistics, graph theory and other mathematical fields, and are proficient in methods such as data mining, process mining, machine learning and natural language processing (NLP). Added to this is knowledge from practical computer science. Knowledge of operating systems, databases, networks and data integration tools, as well as the most important programming languages and analytics tools are mandatory. Furthermore, knowledge about the Hadoop ecosystem, social networks and other systems from the internet and big data environment is a compulsory requirement for professional practice. The competency profile is that of an all-round talent and accordingly (currently) difficult to find.
 
The Data Scientist and the financial function within the company
The question whether a controller can assume the tasks of a Data Scientist must be clearly denied in the context of the described competence profile. The current opinion in the industry is, that it is illusory to believe that controllers could also assume the tasks of a Data Scientist. However, controllers should know the job profile of a Data Scientist as well as the possibilities and limitations of Big Data. The cooperation between the tasks of a controller and a Data Scientist is an important source for the future economic success of companies.
 
The Data Scientist and Auditing
The advancing digitization also places new challenges on internal auditing in the selection of the audit methodology. Data Science offers the possibility to consider the analytics of data masses as a test step within an audit and in this way to create an additional benefit. This means, however, that the internal audit department must also acquire expertise in data science in addition to the already acquired competences, such as finance, business management and compliance. Since an individual auditor can hardly have all the competences mentioned above, these should be at least available within the team. If necessary, remember to include an external Data Scientist.
Along the lines of internal auditing, the external auditing is placed before conditions that were changed by digitization: the flood of data, the appropriate audit methods as well as the concern of finding young recruits within the auditors underline the need for efficiency gains. The surge in job advertisements for data scientists in audit centers, as well as first attempts to use artificial intelligence in this area, underscores this.

This feature blog was written by Prof. Dr. Nick Gehrke (Zapliance)

How an Internal Audit function will battle cyber security issues for your company WHEN it happens in 2017?

It is no longer a question queried in a boardroom by senior management of multinationals companies. Could we be hacked? It is now an inevitable occasion of when will we be hacked and how can we combat this data breach? Given the possible exposure and risk to a company’s valuable assets and information there is a duty for the board of directors to be adequately prepared for this occasion. How can they prepare for this? One major tool available to them is an internal audit team. Internal auditing is indispensable for helping companies manage cybersecurity threats and preventative programs. Here are some suggestions on how best to prepare.

1- Ensure your audit function is adequately prepared with talent, resources and budget.
It may be the responsibility for your HR department to ensure that you have hired the “IT Audit Dream Team”. Do not hinder this by not approving budgets for hire. In the long term this will cost your company more in time and in finances. Using specialised external executive search firms such as Audit International ensure you find the right skill and industry-specific experience to best facilitate your company as this is often challenging, Therefore management should prepare their companies to prioritize developing, training, and adequately hiring resources to the internal audit team.

2- Keep communication open with your Internal Audit Team
There is vital importance of engagement between the internal audit team and the business it serves. In order to comprehend where the cyber risks are coming from, you have to appreciate how the business works. This would include assessing firewalls, networks and apps, but also understanding the company’s processes and how it interacts with customers and sellers. Cyber security risks are moving targets. Most of the exposure lies in a company’s human element. You should ensure your internal audit teams are given a clear and thorough understanding of business operations. The only way this can really happen to keep an on-going rotation of internal audit staff into the business into various functions and units. This serves multiple purposes; it ensures retention of valuable talent in the company as they are then satisfied with their own personal career progression. It is a well-known fact in the recruitment space this is one of the key drivers for auditors to leave their role which in turn ends up costing the company time and resources to replace, train and hire new audit talent. Secondly it gives your auditors a better well rounded view of the company and thus can add more value and stay in tune with the company.
3- Ensure coordination between functions- IT and Internal Audit
Another integral part of this issue is the level of coordination between the internal audit team and other key functions and this is critical to the success of tackling your cyber issues and risks. You must ensure that your internal audit teams should be given access to other members of the IT Audit team. This can include the chief information officer and chief information security officer, as well as human resources, supply procurement, and business leaders. Coordination can make or break any important undertaking — and cybersecurity is no exception.

4- Where to start and what questions to ask first?
Below is a suggestion of where your audit committee can begin and what issues need to be addressed first.
• Currently it is important to ask, what interaction and coordination does the internal audit team have with other corporate functions (e.g., information technology, information security, operations, supply chain, human resources, etc.) related to cybersecurity matters?
• What skill sets does your internal audit team have that are related to information security? Cybersecurity? How do team members keep their skills current? How do you retain team members? Do you need to hire further talent to support them?
• Does the company perform internal and/or external system penetration testing? Are the tests announced or unannounced? What role, if any, does the internal audit team play? Is there open communication between all your functions to facilitate this?
• What types of prevention, detection, and reaction/response testing does the internal audit team perform in the threat and vulnerability management life cycle? Again do you have sufficient in-house talent to tackle all these problems? Are you supporting your team enough to support this in terms of team resources and talent?
• What role, if any, does the internal audit team play during a breach? Regular meetings and coordination could play an integral part in highlighting how these functions can support each other if a breach occurs which may then lead to quicker resolution of the problem.
• What role, if any, does the internal audit team play after a breach has occurred?
• Who performs cyber-related investigations within the organization?- Do you outsource this responsibility and if so would it be worth hiring an in-house function to address these issues.

According to a new study of more than 1,600 chief audit executives (CAEs), senior management and board members released by professional services specialist PwC yesterday, internal audit functions that have very effective leadership perform better and add greater value to their businesses.
The Big 4’s study found that more than 50% of participating stakeholders now believe internal audit is contributing significant value to the business.This is a significant increase on the same study conducted last year. It is also hoped that internal auditors will add considerable value and leadership within a company in the 5 years after joining.

The value of leadership

There is close correlation between strong leadership and internal audit’s ability to add value and deliver high performance,To continue fostering internal audit functions to become more trusted advisors within their organizations, stakeholders should promote strong internal audit leadership while audit executives work to elevate the performance and perceptions of their respective functions.

PwC also identified five characteristics consistently exhibited by the most effective internal audit leaders that all CAEs should adopt:

1)
Create and follow through on a vision.
PwC found that very effective internal audit leaders possess a strong vision that aligns with both a company’s strategic direction and stakeholders’ expectations. These leaders translate their visions into strategic plans and invest in capabilities in support of their vision, especially data analytics and technological tools that allow them to innovate on process.

2)
Source and retain the right talent.
According to PwC’s study, CAEs identified talent shortages as the most significant barrier to increasing their contributions as leaders. Additionally, as business transformation continues to evolve, additional new skills are needed. PwC says the most effective internal audit leaders exhibit two talent behaviors that stand out from the pack: a focus on mentorship and talent development, and an ability to source the right talent when needed.
PwC says very effective internal audit leaders also have a “no hierarchy in the room” policy, which facilitates staff development through open discussion and working as a team to solve problems. Fully 73 percent of these leaders use co-sourcing as part of their talent strategies.

3)
Empower the internal audit function.
Organizational position and the support of stakeholders plays an important role in the effectiveness of internal audit leaders. PwC found that 78 percent of very effective internal audit leaders are vice presidents or hold senior positions in their organization. Additionally, PwC found stakeholders are gravitating toward more senior leadership talent to fill the CAE role, noting their responsibility to empower the CAE by setting a culture that supports the importance of a strong control environment.
Demonstrate executive presence. Underscoring the need for leadership talent in the CAE role, PwC found that 90 percent of very effective internal audit leaders excel in demonstrating executive presence. They bring bold perspectives and think broadly about the company. PwC notes that internal audit leaders must inform, educate and influence stakeholders as well as earn their trust. One of the trickier challenges internal audit leaders face is communicating with a variety of internal and external stakeholders who each have different expectations of the function.

4)
Partner with the business in meaningful ways.
The most effective internal audit leaders set themselves apart by partnering with the business in meaningful ways. PwC says internal auditors should be able to stand out in three specific behaviors to become a very effective leader:
Develop relationships built on trust.
Build partnerships across the lines of defense to play greater roles in coordinating risk management across functions.
Use those connections to raise their level of engagement across the organization, taking on leadership roles in working with management, compliance, legal and other assurance functions to develop an integrated assurance strategy.
PwC notes that some very effective internal audit leaders have taken to renaming the internal audit function (e.g., to audit services) to rebrand it as a collaborative functions that partners with the business.

5)
Seeing clear and strategically
“It’s through close alignment with various stakeholders and owning internal audit’s role as a leadership function within the organization that can allow internal audit to help their companies keep up with the changing business and risk landscape,” Pett said. “But all this can’t be said and done without a clear vision, supported by a strategic plan and enabled with top talent.

For the full article click http://www.cio.com/article/3042157/leadership-management/5-characteristics-of-exceptional-internal-audit-leaders.html