Compliance Week TV

 In our first Compliance Week TV video we hear from Frank Diana, executive vice president of enherent Corporation, who discusses the challenges involved in information management.
Watch the video in full screen now

CPE Credits On Demand!

Subscribers can now earn FREE Continuing Professional Education (CPE) credits by watching Compliance Week Webcasts on critical topics related to corporate compliance and risk -- on demand, so at your convenience! For subscribers only.
Earn CPE for free now

Compliance Week Podcasts …

This week’s podcast features Lucy Marcus, CEO of Marcus Venture Consulting, talking about shareholder and director activism, and how corporate executives can work with them more effectively. Hear the podcast now or …

Follow Compliance Week podcasts on iTunes.

… and Compliance Week on Twitter!

You can also follow Compliance Week Editor Matt Kelly on Twitter, for the latest regulatory observations and updates. More than 2,600 followers and ranked the most influential Twitter feed on compliance!

Compliance Week LinkedIn Group

 Visit the Compliance Week has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day among themselves. Open to all, free to join.

Webcasts of the Week

 Defining and Executing Systematic, Risk-Based Third-Party Due Diligence for FCPA Compliance
Sponsored by The Steele Foundation

Help Wanted: Ad of the Week

 Compliance Education & Communications Mgr.
Submitted by Oracle

Event of the Week

 Corporate Governance Programs
Courtesy of Harvard Business School

Thought Leadership of the Week

Access Management: Efficiency, Confidence, Control
Courtesy of SAP

The Resource Exchange

Code of Conduct
Submitted by BP

Sample Risk Acceptance Request
Submitted by Circuit City

Featured Databases

Whistleblower Guidelines
Search Whistleblower Policies, Contract Options

Class-Action Filings
Download Text of Class-Action Complaints

GRC Illustrated Series

 Improving GRC by Visualizing Your Data
The 24th Installment in This Exclusive Series

Recent Columns By Dan Swanson On Internal Audit, IT

Headshot
Compliance Week columnist Dan Swanson is a 26-year internal audit veteran, who most recently was director of professional practices at the Institute of Internal Auditors. The author of more than 70 articles on internal auditing, Swanson has completed audit projects for more than 30 different organizations, and has completed nearly 100 internal audits. An expert on financial, operational and IT audits, his most recent columns are below:

  Title & Description Date Type of Article
1. Scoping Out an Audit of Privacy Programs
Any corporation of any size today must worry about privacy and information security. Protecting sensitive information has always made good sense, but most developed nations now have laws that restrict some uses of at least some types of data.
 By Dan Swanson, Compliance Week Columnist
04/07/09 Columns & Editorials
2. How to Weigh IT Investment Decisions
Corporate management has always been told to invest wisely in IT. The board has always been told to ensure management invests wisely in IT. It’s a truism everyone states all the time.
 By Dan Swanson, Compliance Week Columnist
02/03/09 Columns & Editorials
3. Giving Finance Dept. the Audit It Deserves
Usually I write a column about how to audit some aspect of a whole enterprise—say, how the company manages risk, or how executives invest their IT dollars. That’s important. But we shouldn’t lose sight of the nuts and bolts: Companies are run by specific departments doing specific jobs, and they need auditing too. So we’re going to get back to our internal auditing roots this month, starting with the finance department.
 By Dan Swanson, Compliance Week Columnist
07/01/08 Columns & Editorials
4. Auditing a Company’s IT Strategies
Today’s IT solutions are complex, and they are getting more challenging to implement all the time. One of the great questions for management at any company these days is simply whether all the investment in those systems is worth it. Internal auditing can play a critical role there, measuring and inspecting how the IT investment process—specifically, how IT investment is managed—works.
 By Dan Swanson, Compliance Week Columnist
06/03/08 Columns & Editorials
5. Auditing Your ERM Program
Everyone talks about the need for good risk-management programs, but nobody seems to know how to audit them to ensure they actually work.
 By Dan Swanson, Compliance Week Columnist
05/06/08 Columns & Editorials
6. Educating Staff Leads to Improved IT Security
In today’s business environment, information security and protection of information assets are vital to the long-term success of all organizations. Information is the lifeblood of corporations and a vital business asset. IT systems connect every internal department of a company and connect the whole company to myriad suppliers, partners, customers, and others on the outside, too.
 By Dan Swanson, Compliance Week Columnist
04/01/08 Columns & Editorials
7. Establishing Accountability for Your Antifraud Efforts
Some companies have far lower levels of misappropriation of assets and fraudulent financial reporting than others. Why? Because they aggressively take steps to prevent and detect fraud, end of story.
 By Dan Swanson, Compliance Week Columnist
03/04/08 Columns & Editorials
8. What Internal Auditors Want
In my line of work, I’m often asked exactly what internal auditing is supposed to be. According to the International Standards for the Professional Practice of Internal Auditing, the answer is pretty straightforward: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.”
 By Dan Swanson, Compliance Week Columnist
02/05/08 Columns & Editorials
9. Enhancing Your Internal Audit Performance
The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and objective assurance on governance, risk management, and control processes, as well as consulting services to improve operations. With this critical responsibility to fulfill, implicit in executing those duties is internal audit’s continuous improvements to its own practices.
 By Dan Swanson, Compliance Week Columnist
01/08/08 Columns & Editorials
10. Are You Protecting Your Digital Assets?
Safeguarding assets has been an important objective of all organizations for centuries. In today’s digital age however, what does safeguarding your assets really mean? Who is responsible for it? And how is “protection” actually achieved?
 By Dan Swanson, Compliance Week Columnist
12/04/07 Columns & Editorials
11. Auditing Records Management
In a column at the start of the year, I contended that auditing records management programs should be one of your top dozen priorities for 2007. This month’s column explores that important subject in more detail.
 By Dan Swanson, Compliance Week Columnist
11/06/07 Columns & Editorials
12. Ensuring Technology Changes Are Well Managed
Information technology is critical to the long-term success of most organizations. It is a key reason for the cost of operations, and cost of operations tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes, and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing, business intelligence, and the like.
 By Dan Swanson, Compliance Week Columnist
10/02/07 Columns & Editorials
13. Operational Resiliency: The Next Business Priority!
As I’ve mentioned in previous columns, ensuring that an organization can recover from disaster is a basic business requirement the board should explore regularly with management. Nowadays, leading companies are taking this requirement and turning it into a strategic advantage: Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality, and efficiency. It’s an effort you should embrace, too.
 By Dan Swanson, Compliance Week Columnist
09/05/07 Columns & Editorials
14. Internal Audit’s Seat At The Governance Table
In June 1999, the Institute of Internal Auditors approved a new definition for internal auditing. Internal auditing was described as “an independent, objective assurance and consulting activity,” which isn’t exactly news.
 By Dan Swanson, Compliance Week Columnist
07/03/07 Compliance Week Coverage
15. The Tipping Point For Board Oversight Of IT
Traditionally, and properly, a company’s board of directors has focused on governing the organization; that is, the board ensures that the right CEO is in place, that the right business strategies have been developed, that performance is reported regularly and trending properly, and that the right questions are being asked of management.
 By Dan Swanson, Compliance Week Columnist
06/05/07 Columns & Editorials
16. Auditing Information Security: Are You Protected?
I recently read that many people worry about accidental death, particularly in ways that are very frightening: poisonous snakes or spiders, or even alligator attacks. This same article noted that based on official death statistics, the vast majority of people actually die from chronic health causes: heart attacks, obesity, and other ailments that result from poor attention to long-term personal fitness. In 2003, accidental deaths in the United States numbered around 100,000; chronic health-related deaths were more than 2.4 million.
 By Dan Swanson, Compliance Week Columnist
05/01/07 Columns & Editorials
17. The Value Of ‘Performance Measurement’
Steven Covey, author of The Seven Habits of Highly Effective People, and many others quite rightly recommend that when you start any kind of new project, you should begin with the end in mind. What does that involve?
 By Dan Swanson, Compliance Week Columnist
04/10/07 Columns & Editorials
18. Auditing Business Continuity Efforts, Part II
n last month’s column, I introduced auditing your business continuity plan and disaster recovery program by providing an overview of what an effective program consists of, what the typical internal auditor’s roles in BCP and DR are, and what the key audit scoping issues are. We’re going to complete the discussion this month by providing further guidance regarding audit planning efforts, audit fieldwork activities, and reporting of results and improvement efforts.
 By Dan Swanson, Compliance Week Columnist
03/06/07 Columns & Editorials
19. How To Audit Business Continuity Programs
Being able to continue critical business functions while responding to a major disaster, and then to return to normal operations efficiently and cohesively afterward, is a critical success factor for all organizations. Effective business continuity (BCP) and disaster recovery (DR) programs are vital and have become a necessary cost of doing business. They must receive adequate attention and support from management if the company is to survive and remain competitive in a post-disaster situation.
 By Dan Swanson, Compliance Week Columnist
02/06/07 Columns & Editorials
20. Auditing To Spot Fraud, From Start To End
The Sarbanes-Oxley Act was enacted to help fight corporate fraud. Public companies have spent untold millions to comply and hired compliance and ethics officers ostensibly to ensure that the law is adhered to.
 By Dan Swanson, Compliance Week Columnist
01/09/07 Columns & Editorials
21. Setting Long-Term Goals For Internal Audit
As I have discussed in past columns, internal audit efforts must be risk-based and contribute to the long-term assurance needs of the organization and its board. A formal risk-assessment audit must be completed at least annually and the results of that assessment should direct audit priorities.
 By Dan Swanson, Compliance Week Columnist
12/05/06 Columns & Editorials
22. The Internal-Audit Function, From Step Zero
Internal auditing can provide managers and the board with valuable assistance by giving objective assurance about their organization’s governance, risk-management and control processes. Establishing a robust internal-audit function is a long-term and worthwhile investment for most organizations because an internal-audit department can act as an independent advisor for the board and senior management.
 By Dan Swanson, Compliance Week Columnist
11/07/06 Columns & Editorials
23. The Importance Of Auditing IT Projects Well
Internal audit’s role regarding the implementation of IT initiatives varies widely, but also provides a significant opportunity for internal audit to deliver real value to the board and executive management. That is, internal auditors should play an important role in ensuring that IT investments are well-managed and have a positive effect on an organization.
 By Dan Swanson, Compliance Week Columnist
10/03/06 Columns & Editorials
24. The Art Of Expressing An Internal Audit Opinion
Executive management, audit committees, and the board want to know whether their internal control systems work. The chief audit executive is often requested to issue an opinion on the adequacy of internal controls within the organization to meet this assurance need. If a CAE does issue a formal opinion, it’s crucial that all parties clearly understand the areas and issues the CAE is addressing in doing so. Otherwise, brace yourself for expectation gaps.
 By Dan Swanson, Compliance Week Columnist
09/06/06 Columns & Editorials
25. Driving Internal Audit With Risk Assessments
Most organizations have numerous potentially auditable entities (corporate initiatives, business lines, systems, regulatory requirements; the list is endless) and internal audit must decide which of these potentially auditable entities they are going to tackle first. The audit risk assessment works to bring at least a semblance of order to the audit universe, evaluating the various possibilities and attempting to address the potential risks facing the organization.
 By Dan Swanson, Compliance Week Columnist
08/08/06 Columns & Editorials
26. Giving Internal Audit An Effective Mandate
Internal auditing’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. For internal audit to be effective, however, the mandate of the internal audit function must be clearly defined, agreed to by all stakeholders, and approved by the board.
 By Dan Swanson, Compliance Week Columnist
07/05/06 Columns & Editorials
27. Auditing Ethics And Compliance Programs
Broadly understood, compliance is an important mechanism that helps make governance effective. Monitoring and maintaining compliance is not just to keep the regulators happy; compliance with regulatory requirements and the organization’s own policies is a critical component of effective risk management.
 By Dan Swanson, Compliance Week Columnist
06/06/06 Columns & Editorials
28. Twenty Questions For Directors To Ask Internal Auditors
The internal audit department’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. Audit committees, of course, are responsible for providing oversight to the internal audit efforts within the organization—so how audit committees work with their internal audit staff is crucial to the success of the entire internal audit operation.
 By Dan Swanson, Compliance Week Columnist
05/09/06 Columns & Editorials
29. The Vital Need For Quality Internal Auditing
In the past few years, massive efforts have been expended to prepare and implement the requirements of the Sarbanes-Oxley Act, in particular Section 404. While a corporation’s management and board of directors have always been responsible for internal control, the level of scrutiny by the investing public and the regulatory bodies has reached new levels. As a result, today more than ever before an organization’s internal audit function must be robust and contribute to ensuring the accuracy of financial reporting.
 By Dan Swanson, Compliance Week Columnist
04/04/06 Columns & Editorials

Records per page: Page: 1