As I have discussed in past columns, internal audit efforts must be risk-based and contribute to the long-term assurance needs of the organization and its board. A formal risk-assessment audit must be completed at least annually and the results of that assessment should direct audit priorities. Over the past five years, a focus on short-term […]
Dan Swanson
Posted inInternal Controls
The Internal-Audit Function, From Step Zero
Internal auditing can provide managers and the board with valuable assistance by giving objective assurance about their organization’s governance, risk-management and control processes. Establishing a robust internal-audit function is a long-term and worthwhile investment for most organizations because an internal-audit department can act as an independent advisor for the board and senior management. Where an […]
Posted inData Privacy
The Importance Of Auditing IT Projects Well
Changes to a company’s IT infrastructure are a significant source of risk for every business; to protect the corporate crown jewels, robust change-management practices are absolutely critical. The need for a positive “control environment” within IT and a very unforgiving attitude regarding unauthorized IT changes cannot be overstated. In fact, a recent study by the […]
Posted inInternal Controls
The Art Of Expressing An Internal Audit Opinion
Executive management, audit committees, and the board want to know whether their internal control systems work. The chief audit executive is often requested to issue an opinion on the adequacy of internal controls within the organization to meet this assurance need. If a CAE does issue a formal opinion, it’s crucial that all parties clearly […]
Posted inInternal Controls
Driving Internal Audit With Risk Assessments
For an internal audit function to be effective, its efforts must be risk-based and must meet the organization’s long-term assurance requirements. Members of the board, the audit committee and executive management look to internal audit to cover the entire spectrum of risks and issues facing the organization; that is, they expect internal audit to assess […]
Posted inInternal Controls
Giving Internal Audit An Effective Mandate
Internal auditing’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. For internal audit to be effective, however, the mandate of the internal audit function must be clearly defined, agreed to by all stakeholders, and approved by the board. […]
Posted inInternal Controls
Auditing Ethics And Compliance Programs
Broadly understood, compliance is an important mechanism that helps make governance effective. Monitoring and maintaining compliance is not just to keep the regulators happy; compliance with regulatory requirements and the organization’s own policies is a critical component of effective risk management. It is one of the most important ways an organization achieves its business goals, […]
Posted inAccounting & Auditing
Twenty Questions For Directors To Ask Internal Auditors
The internal audit department’s unique position within a company provides management and audit committee members with valuable assistance, by giving objective assurance on governance, risk management and control processes. Audit committees, of course, are responsible for providing oversight to the internal audit efforts within the organization—so how audit committees work with their internal audit staff […]
Posted inAccounting & Auditing
The Vital Need For Quality Internal Auditing
In the past few years, massive efforts have been expended to prepare and implement the requirements of the Sarbanes-Oxley Act, in particular Section 404. While a corporation’s management and board of directors have always been responsible for internal control, the level of scrutiny by the investing public and the regulatory bodies has reached new levels. […]
