Any corporation of any size today must worry about privacy and information security. Protecting sensitive information has always made good sense, but most developed nations now have laws that restrict some uses of at least some types of data. European countries have regulated personal data protection since the mid-1990s. Canada’s Personal Information Protection and Electronic […]
Dan Swanson
Posted inTechnology
How to Weigh IT Investment Decisions
Corporate management has always been told to invest wisely in IT. The board has always been told to ensure management invests wisely in IT. It’s a truism everyone states all the time. Too frequently, however, IT investment decisions by management and the board have relied on, and even deferred to, managers of the IT function. […]
Posted inAccounting & Auditing
Giving Finance Dept. the Audit It Deserves
Usually I write a column about how to audit some aspect of a whole enterprise—say, how the company manages risk, or how executives invest their IT dollars. That’s important. But we shouldn’t lose sight of the nuts and bolts: Companies are run by specific departments doing specific jobs, and they need auditing too. So we’re […]
Posted inTechnology
Auditing a Company’s IT Strategies
Today’s IT solutions are complex, and they are getting more challenging to implement all the time. One of the great questions for management at any company these days is simply whether all the investment in those systems is worth it. Internal auditing can play a critical role there, measuring and inspecting how the IT investment […]
Posted inFrom the Archive
Auditing Your ERM Program
Everyone talks about the need for good risk-management programs, but nobody seems to know how to audit them to ensure they actually work. Who bears responsibility for setting the parameters of an ERM program is pretty clear: the board of directors and the C-level executives. They decide what the risks are, what level of risk […]
Posted inData Privacy
Educating Staff Leads to Improved IT Security
In today’s business environment, information security and protection of information assets are vital to the long-term success of all organizations. Information is the lifeblood of corporations and a vital business asset. IT systems connect every internal department of a company and connect the whole company to myriad suppliers, partners, customers, and others on the outside, […]
Posted inInternal Controls
Establishing Accountability for Your Antifraud Efforts
Some companies have far lower levels of misappropriation of assets and fraudulent financial reporting than others. Why? Because they aggressively take steps to prevent and detect fraud, end of story. At these exemplary companies, management takes seriously its ethical responsibilities for designing and implementing systems, procedures, and controls to catch fraud—and, along with the board […]
Posted inInternal Controls
What Internal Auditors Want
In my line of work, I’m often asked exactly what internal auditing is supposed to be. According to the International Standards for the Professional Practice of Internal Auditing, the answer is pretty straightforward: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” You might want […]
Posted inAccounting & Auditing
Enhancing Your Internal Audit Performance
The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and objective assurance on governance, risk management, and control processes, as well as consulting services to improve operations. With this critical responsibility to fulfill, implicit in executing those duties is internal audit’s continuous improvements […]
Posted inInternal Controls
Are You Protecting Your Digital Assets?
Safeguarding assets has been an important objective of all organizations for centuries. In today’s digital age however, what does safeguarding your assets really mean? Who is responsible for it? And how is “protection” actually achieved? The COSO framework for enterprise risk management recognized the importance of safeguarding assets as an implicit component of effective internal […]
