Not a member? Subscribe Today | Forgot password?

Remember me

Ex-Institute of Internal Auditors Prof. Practices Director Dan Swanson

Compliance Week Columnist Dan Swanson is an internal audit veteran, who previously was director of professional practices at the Institute of Internal Auditors. The author of dozens of articles on internal auditing, Swanson has completed audit projects for more than 30 different organizations and has completed nearly 100 internal audits. An expert on financial, operational, and IT audits, his columns on auditing ethics, compliance, and ERM programs have been extremely popular.

Scoping Out an Audit of Privacy Programs

April 07, 2009

Any corporation of any size today must worry about privacy and information security. Protecting sensitive information has always made good sense, but most developed nations now have laws that restrict some uses of at least some types of data.

How to Weigh IT Investment Decisions

February 03, 2009

Corporate management has always been told to invest wisely in IT. The board has always been told to ensure management invests wisely in IT. It’s a truism everyone states all the time.

Giving Finance Dept. the Audit It Deserves

July 01, 2008

Usually I write a column about how to audit some aspect of a whole enterprise—say, how the company manages risk, or how executives invest their IT dollars. That’s important. But we shouldn’t lose sight of the nuts and bolts: Companies are run by specific departments doing specific jobs, and they need auditing too. So we’re going to get back to our internal auditing roots this month, starting with the finance department.

Auditing a Company’s IT Strategies

June 03, 2008

Today’s IT solutions are complex, and they are getting more challenging to implement all the time. One of the great questions for management at any company these days is simply whether all the investment in those systems is worth it. Internal auditing can play a critical role there, measuring and inspecting how the IT investment process—specifically, how IT investment is managed—works.

Auditing Your ERM Program

May 06, 2008

Everyone talks about the need for good risk-management programs, but nobody seems to know how to audit them to ensure they actually work.

Educating Staff Leads to Improved IT Security

April 01, 2008

In today’s business environment, information security and protection of information assets are vital to the long-term success of all organizations. Information is the lifeblood of corporations and a vital business asset. IT systems connect every internal department of a company and connect the whole company to myriad suppliers, partners, customers, and others on the outside, too.

Establishing Accountability for Your Antifraud Efforts

March 04, 2008

Some companies have far lower levels of misappropriation of assets and fraudulent financial reporting than others. Why? Because they aggressively take steps to prevent and detect fraud, end of story.

What Internal Auditors Want

February 05, 2008

In my line of work, I’m often asked exactly what internal auditing is supposed to be. According to the International Standards for the Professional Practice of Internal Auditing, the answer is pretty straightforward: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.”

Enhancing Your Internal Audit Performance

January 08, 2008

The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and objective assurance on governance, risk management, and control processes, as well as consulting services to improve operations. With this critical responsibility to fulfill, implicit in executing those duties is internal audit’s continuous improvements to its own practices.

Are You Protecting Your Digital Assets?

December 04, 2007

Safeguarding assets has been an important objective of all organizations for centuries. In today’s digital age however, what does safeguarding your assets really mean? Who is responsible for it? And how is “protection” actually achieved?

Auditing Records Management

November 06, 2007

In a column at the start of the year, I contended that auditing records management programs should be one of your top dozen priorities for 2007. This month’s column explores that important subject in more detail.

Ensuring Technology Changes Are Well Managed

October 02, 2007

Information technology is critical to the long-term success of most organizations. It is a key reason for the cost of operations, and cost of operations tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes, and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing, business intelligence, and the like.

Operational Resiliency: The Next Business Priority!

September 05, 2007

As I’ve mentioned in previous columns, ensuring that an organization can recover from disaster is a basic business requirement the board should explore regularly with management. Nowadays, leading companies are taking this requirement and turning it into a strategic advantage: Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality, and efficiency. It’s an effort you should embrace, too.

Internal Audit’s Seat At The Governance Table

July 03, 2007

In June 1999, the Institute of Internal Auditors approved a new definition for internal auditing. Internal auditing was described as “an independent, objective assurance and consulting activity,” which isn’t exactly news.

The Tipping Point For Board Oversight Of IT

June 05, 2007

Traditionally, and properly, a company’s board of directors has focused on governing the organization; that is, the board ensures that the right CEO is in place, that the right business strategies have been developed, that performance is reported regularly and trending properly, and that the right questions are being asked of management.

Auditing Information Security: Are You Protected?

May 01, 2007

I recently read that many people worry about accidental death, particularly in ways that are very frightening: poisonous snakes or spiders, or even alligator attacks. This same article noted that based on official death statistics, the vast majority of people actually die from chronic health causes: heart attacks, obesity, and other ailments that result from poor attention to long-term personal fitness. In 2003, accidental deaths in the United States numbered around 100,000; chronic health-related deaths were more than 2.4 million.

The Value Of ‘Performance Measurement’

April 10, 2007

Steven Covey, author of The Seven Habits of Highly Effective People, and many others quite rightly recommend that when you start any kind of new project, you should begin with the end in mind. What does that involve?

Auditing Business Continuity Efforts, Part II

March 06, 2007

n last month’s column, I introduced auditing your business continuity plan and disaster recovery program by providing an overview of what an effective program consists of, what the typical internal auditor’s roles in BCP and DR are, and what the key audit scoping issues are. We’re going to complete the discussion this month by providing further guidance regarding audit planning efforts, audit fieldwork activities, and reporting of results and improvement efforts.

How To Audit Business Continuity Programs

February 06, 2007

Being able to continue critical business functions while responding to a major disaster, and then to return to normal operations efficiently and cohesively afterward, is a critical success factor for all organizations. Effective business continuity (BCP) and disaster recovery (DR) programs are vital and have become a necessary cost of doing business. They must receive adequate attention and support from management if the company is to survive and remain competitive in a post-disaster situation.

Auditing To Spot Fraud, From Start To End

January 09, 2007

The Sarbanes-Oxley Act was enacted to help fight corporate fraud. Public companies have spent untold millions to comply and hired compliance and ethics officers ostensibly to ensure that the law is adhered to.

Setting Long-Term Goals For Internal Audit

December 05, 2006

As I have discussed in past columns, internal audit efforts must be risk-based and contribute to the long-term assurance needs of the organization and its board. A formal risk-assessment audit must be completed at least annually and the results of that assessment should direct audit priorities.

The Internal-Audit Function, From Step Zero

November 07, 2006

Internal auditing can provide managers and the board with valuable assistance by giving objective assurance about their organization’s governance, risk-management and control processes. Establishing a robust internal-audit function is a long-term and worthwhile investment for most organizations because an internal-audit department can act as an independent advisor for the board and senior management.

The Importance Of Auditing IT Projects Well

October 03, 2006

Internal audit’s role regarding the implementation of IT initiatives varies widely, but also provides a significant opportunity for internal audit to deliver real value to the board and executive management. That is, internal auditors should play an important role in ensuring that IT investments are well-managed and have a positive effect on an organization.

The Art Of Expressing An Internal Audit Opinion

September 06, 2006

Executive management, audit committees, and the board want to know whether their internal control systems work. The chief audit executive is often requested to issue an opinion on the adequacy of internal controls within the organization to meet this assurance need. If a CAE does issue a formal opinion, it’s crucial that all parties clearly understand the areas and issues the CAE is addressing in doing so. Otherwise, brace yourself for expectation gaps.

Driving Internal Audit With Risk Assessments

August 08, 2006

Most organizations have numerous potentially auditable entities (corporate initiatives, business lines, systems, regulatory requirements; the list is endless) and internal audit must decide which of these potentially auditable entities they are going to tackle first. The audit risk assessment works to bring at least a semblance of order to the audit universe, evaluating the various possibilities and attempting to address the potential risks facing the organization.

Giving Internal Audit An Effective Mandate

July 05, 2006

Internal auditing’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. For internal audit to be effective, however, the mandate of the internal audit function must be clearly defined, agreed to by all stakeholders, and approved by the board.

Auditing Ethics And Compliance Programs

June 06, 2006

Broadly understood, compliance is an important mechanism that helps make governance effective. Monitoring and maintaining compliance is not just to keep the regulators happy; compliance with regulatory requirements and the organization’s own policies is a critical component of effective risk management.

Twenty Questions For Directors To Ask Internal Auditors

May 09, 2006

The internal audit department’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. Audit committees, of course, are responsible for providing oversight to the internal audit efforts within the organization—so how audit committees work with their internal audit staff is crucial to the success of the entire internal audit operation.

The Vital Need For Quality Internal Auditing

April 04, 2006

In the past few years, massive efforts have been expended to prepare and implement the requirements of the Sarbanes-Oxley Act, in particular Section 404. While a corporation’s management and board of directors have always been responsible for internal control, the level of scrutiny by the investing public and the regulatory bodies has reached new levels. As a result, today more than ever before an organization’s internal audit function must be robust and contribute to ensuring the accuracy of financial reporting.

Subscribe to the RSS for this page [view all our RSS feeds here]

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week

Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets.

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor

COMPLIANCE WEEK SITEMAP

RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions

Compliance Week provides general information only and does not constitute legal or financial guidance or advice.