Database and ERP Security and Best Practice Management
Up-to-date syndicated information on database & ERP privacy, security, audit and compliance
Database and ERP audit plans and best practices at www.checklist20.com
-
The IIA releases and update of GTAG 1: Information Technology Risks & Controls
Posted on March 29th, 2012 No commentsThe nature of technology is that it changes: making it critical to ensure the most up-to-date information is available. Since the first edition of GTAG 1: Information Technology Controls, was issued in 2005, the technology landscape has exploded, warranting an update of the guide. The second edition of GTAG 1 still focuses on helping chief audit executives (CAEs) and their teams keep pace with the ever-changing and sometimes complex world of information technology (IT) by providing an overview of IT related risks and controls written in a reader-friendly style for non-technical business executives. It also empowers practitioners with the latest IT developements. However, it addresses critical developments since the first edition’s release. Both senior management and the audit committee have an expectation that the internal audit activity will provide assurance around all important risks, including those introduced or enabled by the implementation of IT. The GTAG series helps the CAE and internal auditors become more knowledgeable of the risk, control, and governance issues surrounding technology. The goal of GTAG 1 is to help internal auditors become more comfortable with general IT controls so they can confidently communicate with their audit committee and exchange risk and control ideas with the chief information officer (CIO) and IT management. This GTAG describes how members of governing bodies, executives, IT professionals, and internal auditors address significant IT related risk and control issues and presents relevant frameworks for assessing IT risk and controls. Moreover, it sets the stage for subsequent GTAG’s that cover specific IT topics, as well as associated business roles and responsibilities in greater detail. -
The IIA releases an update of GTAG 1: Information Technology Risks and Controls, 2nd Edition to Empower Practitioners with Latest IT Developments
Posted on March 29th, 2012 No commentsThe nature of technology is that it changes: making it critical to ensure the most up-to-date information is available. Since the first edition of GTAG 1: Information Technology Controls, was issued in 2005, the technology landscape has exploded, warranting an update of the guide. The second edition of GTAG 1 still focuses on helping chief audit executives (CAEs) and their teams keep pace with the ever-changing and sometimes complex world of information technology (IT) by providing an overview of IT related risks and controls written in a reader-friendly style for non-technical business executives. However, it addresses critical developments since the first edition’s release. Both senior management and the audit committee have an expectation that the internal audit activity will provide assurance around all important risks, including those introduced or enabled by the implementation of IT. The GTAG series helps the CAE and internal auditors become more knowledgeable of the risk, control, and governance issues surrounding technology. The goal of GTAG 1 is to help internal auditors become more comfortable with general IT controls so they can confidently communicate with their audit committee and exchange risk and control ideas with the chief information officer (CIO) and IT management. This GTAG describes how members of governing bodies, executives, IT professionals, and internal auditors address significant IT related risk and control issues and presents relevant frameworks for assessing IT risk and controls. Moreover, it sets the stage for subsequent GTAG’s that cover specific IT topics, as well as associated business roles and responsibilities in greater detail. Download now. -
The IIA releases an update of GTAG 1: Information Technology Risks & Controls, 2nd Edition
Posted on March 29th, 2012 No commentsThe nature of technology is that it changes: making it critical to ensure the most up-to-date information is available. Since the first edition of GTAG 1: Information Technology Controls, was issued in 2005, the technology landscape has exploded, warranting an update of the guide. The second edition of GTAG 1 still focuses on helping chief audit executives (CAEs) and their teams keep pace with the ever-changing and sometimes complex world of information technology (IT) by providing an overview of IT related risks and controls written in a reader-friendly style for non-technical business executives. However, it addresses critical developments since the first edition’s release. Both senior management and the audit committee have an expectation that the internal audit activity will provide assurance around all important risks, including those introduced or enabled by the implementation of IT. The GTAG series helps the CAE and internal auditors become more knowledgeable of the risk, control, and governance issues surrounding technology. The goal of GTAG 1 is to help internal auditors become more comfortable with general IT controls so they can confidently communicate with their audit committee and exchange risk and control ideas with the chief information officer (CIO) and IT management. This GTAG describes how members of governing bodies, executives, IT professionals, and internal auditors address significant IT related risk and control issues and presents relevant frameworks for assessing IT risk and controls. Moreover, it sets the stage for subsequent GTAG’s that cover specific IT topics, as well as associated business roles and responsibilities in greater detail. Download now. -
New from The IIA Research Foundation! Advancing Organizational Governance: Internal Audit’s Role
Posted on March 28th, 2012 No commentsLong gone are the days when internal audit simply tested controls. Today, practitioners have a multi-dimensional job description that focuses on adding value and meeting stakeholder demands on a number of fronts. One issue that has garnered significant attention in recent years is organizational governance. It is an area of opportunity for internal audit to demonstrate to true scope of its value. However, before practitioners dive into to the issue, they should understand the roles they can fill, how to approach them, and what value they are ultimately going to add in the process. Advancing Organizational Governance: Internal Audit’s Role is a how-to guide to help practitioners fully explore the tremendous opportunities in this area. Available in hardcover and downloadable PDF. Click here for this and other titles at The IIA Research Foundation Bookstore. -
Recently Released from The IIA Research Foundation: 10 Key Techniques to Improve Team Productivity
Posted on March 22nd, 2012 No commentsWith the rising demands being placed on practitioners today, the focus is often on budgets, reporting, skill sets, technology and the like. All of these are important components to a successful internal audit function, but if they do not have a skilled leader at the helm, an organization will still fail to deliver value to stakeholders. 10 Key Techniques to Improve Team Productivity: A Guide to Developing Your Team’s Full Potential takes a look at steps leaders can take to bring out the best in their teams to meet and exceed the expectations of stakeholders by investing in the success of each member of the team. Available in hardcover and downloadable PDF. Click here for this and other titles at The IIA Research Foundation Bookstore. -
IIA Appears Before PCAOB on Audit Firm Rotation
Posted on March 22nd, 2012 No commentsToday, IIA North American Board Chair Lawrence Harrington, CIA appeared at a public meeting of the PCAOB to present The IIA's position on mandatory audit firm rotation and independence. Read his full comments to the PCAOB here: -
American Hall of Distinguished Audit Practitioners Announced
Posted on March 19th, 2012 No commentsNational Board Recognizes Exemplary Internal Auditors ALTAMONTE SPRINGS, Fla. — The North American Board (NAB) of The Institute of Internal Auditors (IIA) is pleased to announce the names of the nine inaugural inductees of the American Hall of Distinguished Audit Practitioners. This is the first honor specifically designed to recognize American internal audit practitioners who have made extraordinary contributions to the internal audit profession in the United States. To be considered for the honor, an internal auditor must exemplify high ethical conduct, integrity, moral character, service, and leadership; and be nominated by at least two individuals who are actively engaged in the profession. Not only have the inaugural members of the American Hall diligently served their employing organizations, but they also have provided thought leadership in advancing internal audit education and knowledge throughout the U.S. The inaugural members of the American Hall of Distinguished Audit Practitioners include Cynthia Cooper, the former chief audit executive (CAE) at Worldcom, who courageously blew the whistle on fraudulent accounting practices and was named one of Time magazine’s Persons of the Year; United Airlines VP of Internal Audit Steve Goepfert, who has been an influential advocate for the internal audit profession and internal audit education, and has held numerous IIA volunteer leadership roles including the 2006-2007 chairman of The IIA’s Global Board of Directors; Ralph Purpur, retired VP of auditing at Estee Lauder, who served as a dedicated volunteer leader for The IIA for more than 20 years and chaired the IIA’s building fund campaign in 2000 that raised nearly $1 million; Director of the LSU Center for Internal Audit Glenn Sumners, who founded the country’s (and the world’s) first higher education program for internal auditing and The IIA’s first Internal Audit Educational Partnership; and Bill Taylor, retired Auditor General of the Inter-American Development Bank, who served in key volunteer leadership positions for three decades, including the 1995-96 IIA Chairman, and one of only four individuals to have received The IIA’s Lifetime Achievement Award. Four American Hall inaugural members received the honor posthumously in recognition of their significant contributions to the early years of the profession. These inductees include one of the three founders of The IIA, Victor Brink, who served as CAE at Ford Motor Company and a professor of internal auditing at Columbia University, and who authored the first internal audit textbook; Bradford Cadmus, who served as the first managing director of The IIA and was instrumental in growing the profession and The IIA globally; Larry Sawyer, widely known as the “father of modern internal auditing,” who wrote numerous editions of Sawyer’s Internal Auditing — the first extensive manual on the profession and its practice; and John Thurston, who was one of The IIA’s founding fathers, its first chairman, and an eminent authority in the field of internal auditing. “American IIA members have long demonstrated the professionalism, expertise, and leadership required to help set the bar for the practice internal auditing in this country,” says IIA North American Board Chairman Larry Harrington. “We are so pleased to recognize and showcase the dedication and achievements of these exemplary practitioners by inducting them into the American Hall of Distinguished Audit Practitioners.” The IIA serves more than 170,000 members worldwide, with approximately 70,000 residing in North America. ### -
New IPPF Practice Guide Released: Coordinating Risk Management and Assurance, Supporting Standard 2050: Coordination
Posted on March 19th, 2012 No commentsTo support members in accurately interpreting and effectively complying with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), The IIA produces practice guidance related to specific Standards. The IIA has released its latest Practice Guide to help leaders understand how to effectively coordinate risk management and assurance activities among constituencies and across organizational functions. Risk management is fundamental to organizational control and critical to providing sound corporate governance. It touches all organizational activities. The establishment of an effective enterprise-wide risk management system is a key responsibility of management and the board; which are responsible for adopting a holistic approach to the identification of organizational risks, creating controls to mitigate those risks, and monitoring and reviewing the identified risks and established controls. They should ensure risk management is integrated into the organization, at both strategic and operational levels. Standard 2050: Coordination states, “The chief audit executive [CAE] should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.” This responsibility requires the CAE’s inclusion and participation in the organization’s assurance provider framework. This framework can consist of internal audit, external audit, governance, risk management, or other business control functions/disclosures performed by the organization’s management team. Inclusion and participation in this framework helps ensure the CAE is aware of the organization’s risks and controls in relation to organizational goals and objectives. As part of the IPPF, this practice guide utilizes the fundamental principles established by the Standards to provide a process for valuing the work of others and assessing the reliability of assurance providers. Ultimately, responsible coordination attracts greater reliance on internal audit, decreasing the cost of compliance and increasing the efficiency for providing assurance. IIA Practice Guides provide guidance for conducting internal audit activities. They represent strongly recommended guidance that includes detailed processes and procedures such as tools and techniques, programs, and step-by-step approaches for effective implementation of The IIA's mandatory guidance. All of the guides are available as a free download to members. Guides are available for purchase to non-members through The IIA Research Foundation Bookstore. Download your copies today! -
New IPPF Practice Guide Released: QAIP to Help IA Functions Achieve and Maintain Quality
Posted on March 18th, 2012 No commentsQuality in internal audit is guided by both an obligation to meet customer expectations, as well as professional responsibilities inherent in conforming to the Standards. To help practitioners interpret the Standards related to quality, The IIA has produced this Practice Guide, Quality Assurance and Improvement Program (QAIP). The document discusses the purpose behind developing a QAIP and provides guidance on the key elements that comprise it. It covers those elements required for conformance with the Standards, as well as elements that constitute better practice. QAIPs need to be tailored to the specific needs of each internal audit activity and, therefore, may come in a myriad of forms. However, this document provides a generic framework for developing a QAIP that can be applied regardless of the size or nature of the internal audit activity. As part of the IPPF, this practice guide utilizes the fundamental principles established by the Standards to provide a process for valuing the work of others and assessing the reliability of assurance providers. Ultimately, responsible coordination attracts greater reliance on internal audit, decreasing the cost of compliance and increasing the efficiency for providing assurance. IIA Practice Guides provide guidance for conducting internal audit activities. They represent strongly recommended guidance that includes detailed processes and procedures such as tools and techniques, programs, and step-by-step approaches for effective implementation of The IIA's mandatory guidance. All of the guides are available as a free download to members. Guides are available for purchase to non-members through The IIA Research Foundation Bookstore. Download your copies today! -
Help Shape the CRMA® Exam
Posted on March 12th, 2012 No commentsThe IIA's Certification Department is conducting a global job analysis survey designed to shape the content of the exam for the Certification in Risk Management AssuranceTM (CRMA). The survey asks participants to rate the knowledge, skills, and abilities required to test risk management assurance competencies, and is open to all chief audit executives (CAEs), internal audit directors and managers, risk management professionals, as well as any individuals who have completed or are in the CRMA professional experience recognition (PER) process. Open now until March 30, 2012, your participation in the survey will assist The IIA in constructing the exam syllabus, scheduled for release later this year. Click here to participate in this 15-minute survey. -
IIA Responds to Exposure Drafts
Posted on March 12th, 2012 No commentsIn its role as the internal audit profession’s chief advocate, The Institute of Internal Auditors (IIA) provides input on a variety of corporate governance and risk management issues around the world. After surveying members and gaining insights from internal audit thought leaders, The Institute recently responded to several organizations seeking input on newly proposed guidance, revisions to existing guidance, or legislative mandates affecting the work of internal auditors. In August 2011, the U.S. Public Company Accounting Oversight Board (PCAOB) exposed for comment a Concept Release on Auditor Independence and Audit Firm Rotation. The IIA responded in December by saying that mandatory firm rotation would impose several risks and recommended a variety of alternatives to ensure the effectiveness and quality of financial statement auditing. The IIA will appear in front of the PCAOB at a public meeting on March 22 to present its perspectives. In related news, Jeanette Frenzel – an IIA member, Certified Internal Auditor, and recent member of The IIA’s International Internal Audit Standards Board – was appointed to the five-member PCAOB. On February 29, The IIA provided comments to the Professional Accountants in Business (PAIB) Committee of the International Federation of Accountants regarding their exposure draft of International Good Practice Guidance for Evaluating and Improving Internal Control in Organizations. The IIA’s comments focused on the competencies required to evaluate an organization’s internal control system holistically, and whether the draft guidance is comprehensive. The IIA also recently responded to the well-known Basel Committee on Supervision. Basel’s recently released Consultative Document, “The Internal Audit Function in Banks” in an effort to replace a similar document from 2001. As the banking industry and internal audit profession have undergone significant changes in the past decade, The IIA applauded the update and made a number of recommendations to strengthen the guidance – including direct reference to The IIA’s Professional Practices Framework. The IIA’s comments were submitted on March 2. To view The IIA’s latest responses to regulators and oversight bodies, visit http://www.theiia.org/guidance/additional-resources/responses-to-regulators/. -
Help Shape the CRMA® Exam
Posted on March 8th, 2012 No commentsThe IIA's Certification Department is conducting a global job analysis survey designed to shape the content of the exam for the Certification in Risk Management AssuranceTM (CRMA). The survey asks participants to rate the knowledge, skills, and abilities required to test risk management assurance competencies, and is open to all chief audit executives (CAEs), internal audit directors and managers, risk management professionals, as well as any individuals who have completed or are in the CRMA professional experience recognition (PER) process. Open now until March 30, 2012, your participation in the survey will assist The IIA in constructing the exam syllabus, scheduled for release later this year. Click here to participate in this 15-minute survey. -
Tap Into the Expert Instruction of On-site Training and Save!
Posted on March 5th, 2012 No commentsThis month, IIA On-site Training is featuring the popular facilitator, Mark Kolman, CIA, CPA, CISA, CFE, and the course, Audit Manager Tools and Techniques. Be sure to check out both for special offers. What can IIA On-site Training do for you? Deliver an ever-expanding course library on a wide variety of topics. Customize training to your needs. Provide superior facilitation by subject matter experts. Combine live and virtual course delivery. Deliver training on your schedule and at your location. -
New from The IIA Research Foundation! Insight: Delivering Value to Stakeholders
Posted on March 2nd, 2012 No commentsLong gone are the days when internal audit simply tested controls. Today, practitioners have a multi-dimensional job description that focuses on adding value and meeting stakeholder demands on a number of fronts. One issue that has garnered significant attention in recent years is organizational governance. It is an area of opportunity for internal audit to demonstrate to true scope of its value. However, before practitioners dive into to the issue, they should understand the roles they can fill, how to approach them, and what value they are ultimately going to add in the process. Advancing Organizational Governance: Internal Audit’s Role is a how-to guide to help practitioners fully explore the tremendous opportunities in this area. Available in hardcover and downloadable PDF. Click here for this and other titles available at The IIA Research Foundation Bookstore. -
Enter To Win a $1000 Gift Card – IIARF Bookstore Sweepstakes
Posted on March 2nd, 2012 No commentsThe IIA Research Foundation Bookstore is excited to give you a chance to WIN, WIN, WIN! Through April 30, 2012, you are invited to take part in an enter-to-win sweepstakes for an exclusive prize giveaway — $1,000 IIARF Bookstore gift card. No purchase is necessary. And just for entering, you will receive special bookstore coupon to take $10 off of their next purchase. Details can be found by clicking here. The IIARF Bookstore is a one-stop-shop for internal audit resources such as books, training materials, certification preparation, interactive programs, and more. Featuring the most comprehensive collection of practitioner-reviewed content, products have been reviewed by internal auditors to guarantee a perfect fit. -
Special Webinar on March 7th – Proposed Changes to International Standards
Posted on March 2nd, 2012 No commentsJoin us for this special webinar knowledge briefing on the proposed changes to the International Standards. If you are unable to join us, we encourage you to pass this invitation to one of your staff members. Space is limited to 2000 IIA Members for the live session, so register now. A recorded playback will be available for anyone who is unable to attend. Title: Proposed Changes to International Standards Speakers: Andrew Dahle, IIASB Chairman, Partner of PricewaterhouseCoopers Karine Wegrzynowicz, IIASB Member, Senior Director Of Internal Audit, Crocs Inc. March 7, 2012 1:00 - 2:00 p.m. EST For IIA Members Only – No Charge for Participation CPE: 1 hour The International Internal Audit Standards Board (IIASB) recently conducted a comprehensive review of the International Standards for the Professional Practice of Internal Auditing (Standards) and is proposing changes to some of the Standards. Part of the established process includes the exposure of the proposed changes to the public. The proposed revised Standards will have a 90-day exposure period from February 20, 2012, to May 20, 2012. The most significant elements of the IIASB proposal would clarify the responsibilities of CAEs and other internal auditors as well as the internal audit activity as a whole for conforming with the Standards; clarify the CAE’s role in communicating unacceptable risks; and highlight the option of self-assessment with independent validation as a mean of external quality assessment. The IIA will be hosting a free webinar on March 7, from 1:00 pm to 2:00pm (US Eastern Standard Time) to review the proposed changes. This webinar will be available live to the first 2,000 IIA Members and via replay shortly after the event for members and non-members that are not able to listen live. For more information, please visit the exposure instructions online. -
COSO Releases Thought Paper on Enhancing Board Oversight by Avoiding and Challenging Traps and Biases in Professional Judgment
Posted on March 1st, 2012 No commentsALTAMONTE SPRINGS, Fla. – Mar. 01, 2012 –The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls, and fraud deterrence – is releasing a thought paper Enhancing Board Oversight: Avoiding Judgment Traps and Biases. The paper is another of a series of COSO’s thought papers through which COSO aims to provide thought leadership on issues that bear on ERM, internal control, and fraud deterrence. Consistently making high quality professional judgments in a constantly changing and global business environment has become extremely challenging. This thought paper, developed by KPMG LLP, the audit, tax and advisory firm, and Brigham Young University professors Steven M. Glover, CPA, Ph.D. and Douglas F. Prawitt, CPA, Ph.D., details a five-step judgment process that board members and others can use to overcome common pitfalls and mitigate the effects of judgment bias. The judgment process is based on KPMG’s Professional Judgment Framework, developed in collaboration with Glover and Prawitt. The framework, among other things, enables individuals to identify where and when the quality of judgments tends to be threatened by predictable, systematic judgment traps and biases. Awareness of such traps and biases can enable directors to improve the consistency and quality of their own judgments and enable them, in their oversight role, to constructively improve the judgments of management. The growing complexities of the global business environment and demands for effective corporate governance and oversight have placed a premium on sound judgment and decision making. According to KPMG partner George Herrmann, one of KPMG’s contributors to the thought paper, “As business becomes more complex, the demand for effective corporate governance and oversight has never been greater, putting a premium on sound judgment and decision making. This thought paper can help board members better understand where they, and others, are vulnerable to predictable bias traps and how to effectively challenge their own judgments and those of others.” “Previously issued COSO materials have called attention to the importance of sound professional judgment as related to the Board’s role in overseeing “the tone at the top,” enterprise risk management, fraud deterrence processes, and other matters,” according to David Landsittel, COSO Chairman. “This paper serves to remind board members of steps they can take to add further assurance that sound judgment is consistently exhibited in the many issues that they address.” Copies of this thought paper can be downloaded free of charge from COSO’s website (www.coso.org) as well as the websites of COSO’s five sponsoring organizations. COSO encourages practitioners and others interested in strengthening ERM, internal control, or fraud deterrence to visit its website to learn more about Enhancing Board Oversight: Avoiding Judgment Traps and Biases and download free of charge other thought papers on ERM. ### About COSO Originally formed in 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence. COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). www.coso.org -
COSO Releases Thought Paper on Enhancing Board Oversight by Avoiding and Challenging Traps and Biases in Professional Judgment
Posted on March 1st, 2012 No commentsALTAMONTE SPRINGS, Fla. – Mar. 01, 2012 –The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls, and fraud deterrence – is releasing a thought paper Enhancing Board Oversight: Avoiding Judgment Traps and Biases. The paper is another of a series of COSO’s thought papers through which COSO aims to provide thought leadership on issues that bear on ERM, internal control, and fraud deterrence. Consistently making high quality professional judgments in a constantly changing and global business environment has become extremely challenging. This thought paper, developed by KPMG LLP, the audit, tax and advisory firm, and Brigham Young University professors Steven M. Glover, CPA, Ph.D. and Douglas F. Prawitt, CPA, Ph.D., details a five-step judgment process that board members and others can use to overcome common pitfalls and mitigate the effects of judgment bias. The judgment process is based on KPMG’s Professional Judgment Framework, developed in collaboration with Glover and Prawitt. The framework, among other things, enables individuals to identify where and when the quality of judgments tends to be threatened by predictable, systematic judgment traps and biases. Awareness of such traps and biases can enable directors to improve the consistency and quality of their own judgments and enable them, in their oversight role, to constructively improve the judgments of management. The growing complexities of the global business environment and demands for effective corporate governance and oversight have placed a premium on sound judgment and decision making. According to KPMG partner George Herrmann, one of KPMG’s contributors to the thought paper, “As business becomes more complex, the demand for effective corporate governance and oversight has never been greater, putting a premium on sound judgment and decision making. This thought paper can help board members better understand where they, and others, are vulnerable to predictable bias traps and how to effectively challenge their own judgments and those of others.” “Previously issued COSO materials have called attention to the importance of sound professional judgment as related to the Board’s role in overseeing “the tone at the top,” enterprise risk management, fraud deterrence processes, and other matters,” according to David Landsittel, COSO Chairman. “This paper serves to remind board members of steps they can take to add further assurance that sound judgment is consistently exhibited in the many issues that they address.” Copies of this thought paper can be downloaded free of charge from COSO’s website (www.coso.org) as well as the websites of COSO’s five sponsoring organizations. COSO encourages practitioners and others interested in strengthening ERM, internal control, or fraud deterrence to visit its website to learn more about Enhancing Board Oversight: Avoiding Judgment Traps and Biases and download free of charge other thought papers on ERM. ### About COSO Originally formed in 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence. COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). www.coso.org -
Members-Only Book Sale: $10 Books — Ends March 2nd
Posted on February 26th, 2012 No commentsMembership Means More Savings on IIARF Bookstore Products! Your membership gives you access to hundreds of valuable products and services, many of which are offered free or at exclusive members-only pricing. The IIA Members-Only quarterly book sale is on now. Don’t wait! You only have five days to take advantage of discounts up to 80 percent off! Books as low as US $10! Quantities are limited, so don’t delay! Order online between now and 5:00 p.m. EST on Friday, March 2nd to save! CLICK HERE TO GO TO THE MEMBERS ONLY BOOKSTORE SALE PAGE Please note: You must be logged in as a member to receive discounts. -
Report From the Audit Executive Center
Posted on February 26th, 2012 No commentsALTAMONTE SPRINGS, Fla. — Recently, The Institute of Internal Auditors (IIA) and Raytheon Co. gathered a group of chief audit executives (CAEs) from 10 leading companies to discuss ideas, solutions, and tools participants have found effective in helping organizations manage risk. The event provided participants with a forum in which to share their contemporary practices in risk management. “The roundtable session was very informative,” says Delta Airlines Vice President of Corporate Audit and Enterprise Risk Management Kiko Harvey. “It was interesting to learn about the different approaches these large and successful companies are using to address enterprise risk management,” she says. The experience was chronicled in a special report, Contemporary Practices in Risk Management: Implementing Ideas From Leading Companies, produced by The IIA’s Audit Executive Center. “It’s all about continuous improvement,” says Ratheon’s Six Sigma Master Expert and Learning Champion Kathryn Bingham, who authored the report. “Rather than being complacent, it’s important to look for better ways of doing things, learn from and share with others, and report on what we all know and do best. Appropriate for companies of any size, the report discusses a number of practices leading companies are employing to augment and enhance their overall risk management activities.” Bingham emphatically makes the point that resources are especially stretched in small internal audit departments and, yet, they have the same responsibilities as do their peers in large organizations or government agencies. Likewise, for the greatest payoff, small internal audit functions can use the same tools implemented by their larger counterparts. “We all benefit from the shared learning brought about by networking, exploring ideas, and benchmarking in pursuit of knowledge,” says Bingham. According to the report, common risk management activities include ensuring that one or more champions for risk management are assigned from the senior management ranks, identifying risks, developing the audit plan, and communicating with the board. However, these activities must be conducted on an ongoing basis — not as a checklist to be compiled and completed once a year. Roundtable participants work in several industries including: aerospace and defense, consumer retail, global manufacturers of large products, financial services, chemical engineering, and transportation. The report on the event provides detailed information on different components of the risk management process, including the risk universe, risk management and ranking approaches, communication techniques, ways to communicate with the audit committee, and tools for confronting the risk environment. The report paints a broad picture of the total risk landscape, clarifying how risk appetite and risk tolerance relate to operational, financial, and strategic goals. Also included are specific strategies for enhancing a company’s risk management effectiveness. “A simple action, such as the creation of an advisory board or council, can be deployed by any internal audit organization,” says Ratheon Vice President, Internal Audit Larry Harrington, CIA. “By engaging key players in discussions regarding the challenges and risk environments within a function, the organization can better grasp the dynamics of risk coverage, interrelatedness, and potential gaps,” he continues. Implementation ideas shared by roundtable participants include strategies such as identifying new inputs for assessing risks, evaluating a broad range of reputational risk factors, spearheading discussions on risk awareness, trends, and emerging issues; creating a shared risk language and assessment methodology; and presenting ideas and information to the audit committee that showcase audit actions or value-added initiatives, which may not be on the board’s radar. Another example of the information shared is a framework that contrasts a top-down, shareholder value-based approach with a traditional bottom-up risk assessment and audit plan process. According to the information provided in the report, the bottom line is that internal audit efforts are neither single events nor static in nature. Instead, effective audit efforts pertaining to risk management consist of scanning the environment to understand the changes that occur in an ongoing basis. Regardless of an organization’s size, it is critical for internal auditors to fully grasp and integrate different risk assessment approaches to focus on continuous improvement. This helps to create a risk identification and management brand throughout the organization and, as a result, internal audit gains a seat at the table. Co-hosting such events as this CAE roundtable on risk management is just one of the many activities specifically designed for audit leaders and conducted by The IIA’s Audit Executive Center. A comprehensive program for CAEs from diverse industries and organizations of all sizes, the Center provides instant access to a virtual community through its Web portal. The Center regularly keeps its members on the leading edge through news alerts, articles, discussion forums, newsletters, benchmarking reports, and white papers. Contemporary Practices in Risk Management: Implementing Ideas From Leading Companies is available as a complimentary report from The Audit Executive Center. Coming soon, the Center will publish step-by-step guidance for better managing stakeholder expectations, as well as a Special Report that highlights some of the main risks associated with mergers and acquisitions and how internal auditors can add value to the process. For more information on the Audit Executive Center, visit The IIA’s website at www.theiia.org/CAE. -
Draft Revisions to Professional Standards Would Improve the Global Practice of Internal Auditing
Posted on February 23rd, 2012 No comments- The IIA’s International Internal Audit Standards Board is seeking comments before May 20 on its effort to increase conformance with the International Standards for the Professional Practice of Internal Auditing. ALTAMONTE SPRINGS, Fla. — The IIA is soliciting comments on the changes to the International Standards for the Professional Practice of Internal Auditing (Standards) proposed by the organization’s International Internal Audit Standards Board (IIASB). “Our proposals are the result of IIASB deliberations over the past two years and reflect input the Board already has received from internal auditors and stakeholders, as well as global surveys and other research focused on the Standards,” says IIASB Chairman Andrew Dahle. “Much of the draft revisions would improve the wording clarity of the Standards and would not change the intent of the Standards themselves. However, the IIASB believes these revisions, in their totality, would substantively improve the practice of internal auditing around the globe.” The IIASB will meet July 12-13 to review comments received by the May 20 deadline. It plans to release a final version of the Standards revisions in October, following a process review by the independent International Professional Practices Framework Oversight Council. Those final changes will take effect Jan. 1, 2013. The most significant elements of the IIASB proposal would clarify the responsibilities of CAEs and other internal auditors — as well as the internal audit activity as a whole — for conforming with the Standards; clarify the CAE’s role in communicating unacceptable risks; and highlight the option of self-assessment with independent validation as a means of external quality assessment. More specifically, the proposal comprises: Responsibility for conformance with the Standards. The IIA’s Code of Ethics unmistakably requires IIA-member practitioners to perform internal audit services in accordance with the Standards, but the IIASB found some internal auditors are confused about their individual responsibility for their organization’s overall conformance with the Standards. The proposed change to the Standards introduction would clarify the differences in responsibilities of internal auditors, the CAE, and the internal audit activity for Standards conformance. Communication by the CAE on unacceptable risk. The IIASB notes some surveys indicate that confusing wording may be responsible in substantial part for relatively low conformance with Standard 2600, which requires the CAE to communicate when he or she concludes senior management has accepted a level of risk that may be unacceptable to the organization. The proposed change would simplify and clarify some of that current wording. The proposal also would explain that the CAE’s role is to communicate the matter of unacceptable risk, if unresolved by senior management, to the board but not to resolve the risk itself. Quality assurance and improvement program (QAIP) requirements. The IIASB also notes surveys and other research show relatively low conformance with the QAIP requirements of the 1300 series of the Standards. “In order to increase focus on the QAIP requirements and to clarify ways in which conformance may be achieved,” the IIASB is proposing changes that would clarify that external assessments can either be in the form of a full external assessment or a self-assessment with independent validation. Although most internal audit activities would be expected to get the full external assessment, the IIASB says it wants to encourage others not yet conforming “to embrace practical methods of achieving conformance with the QAIP requirement.” Timely adjustments to the internal audit plan for organizational changes. Stakeholders have pointed out to the IIASB that the Standards do not specifically require timely changes to the risk-based internal audit plan when substantial and relevant organizational changes occur. Proposed changes to Standard 2010 would require the CAE to review and adjust the audit plan as necessary in response to changes in the organization’s business, risks, operations, programs, systems, or controls. Addressing risks to the achievement of strategic objectives. Although the current Standards contain language to ensure internal auditing is risk-based, Standards 2120.A1 and 2130.A1 do not specifically ensure coverage of risks to the achievement of the organization’s strategic objectives. Proposed changes to these standards would clarify that internal audit plans should align with strategic risks to the organization. Adding examples of functional reporting to the board. The changes to Standard 1110 proposed by the IIASB would add approval of the internal audit budget and of remuneration of the CAE to the examples of functional reporting to the board. These examples, when in place, would further demonstrate the organizational independence of the internal audit activity, the IIASB says. The IIASB also proposes adding the definitions of overall opinion and engagement opinion to the Standards Glossary and changing the definitions of risk, control processes, and board. The full text of the proposed revisions and an online response tool are available on The IIA’s global website in English, French, German, Italian, Korean, Montenegrin, Polish, Portuguese, Romanian, and Spanish. Comments also can be made via email to iia-exposure@theiia.org with the subject line “Standards Exposure.” ### Media Contact: Scott McCallum Manager, Corporate Communications +1-407-937-1247 scott.mccallum@theiia.org -
We Value Your Opinion – Pulse of the Profession: 2012 Emerging Trends Survey
Posted on February 22nd, 2012 No commentsThe IIA is seeking all internal audit leaders to weigh in. The existing compliance, regulatory, and economic environment will continue to exert significant influence on audit plans, priorities, and activities. Trends indicate that internal audit plans continue to rebalance away from a post-Sarbanes-Oxley financial controls focus to assessments of business and strategic risks. The survey will take about 15 minutes to complete. Your input will directly influence the Audit Executive Center’s and The IIA’s thought leadership and benchmarking information on what you consider emerging trends and topics for the profession.It will be shared at upcoming IIA events/conferences and incorporated into a final knowledge-based report that will be made available to you. Reply by February 29, 2012. Take the survey now. -
Proposed Changes to the Standards is Open for Comment – Your Input is Vital
Posted on February 21st, 2012 No commentsThe International Internal Audit Standards Board (IIASB) of the Institute of Internal Auditors (IIA) recently conducted a comprehensive review of the International Standards for the Professional Practice of Internal Auditing (Standards) and is proposing changes to some of the Standards. The changes reflect consideration of input the IIASB has received from internal auditors and stakeholders, as well as global surveys and other research focused on the Standards. Exposure Period Part of the established process includes the exposure of the proposed changes to the Standards to stakeholders of the profession to ensure that the modifications are clear, understandable, and consistent with the practice of internal auditing. The proposed revised Standards will have a 90-day exposure period from February 20, 2012, to May 20, 2012. Purpose for the Exposure The proposed changes include: Clarifying the responsibilities of internal auditors, the Chief Audit Executive (CAE) and the internal audit activity for conforming with the Standards. Increasing focus on the Quality Assurance and Improvement Program requirements and clarifying ways in which conformance may be achieved. Clarifying the CAE's role to communicate unacceptable risk. Explicitly requiring timely adjustments to the internal audit plan for changes. Increasing coverage of risks to the achievement of strategic objectives. Adding more examples of functional reporting to the board. Adding the definitions of "overall opinion" and "engagement opinion" into the glossary, as well as changing the definitions of "risk" and "board." How to Respond To facilitate your response to this exposure draft, you will complete an online survey that guides you through each of the proposed changes to the Standards and glossary. The survey — which is available in English, French, German, Italian, Korean, Montenegrin, Polish, Portuguese, Romanian, and Spanish — will allow you to vote on whether you agree with the proposed additions or revisions and to provide additional comments. Access to the exposure instructions and online survey. -
Proposed Changes to the Standards Open for Comment – Your Input is Vital
Posted on February 21st, 2012 No commentsThe International Internal Audit Standards Board (IIASB) of the Institute of Internal Auditors (IIA) recently conducted a comprehensive review of the International Standards for the Professional Practice of Internal Auditing (Standards) and is proposing changes to some of the Standards. The changes reflect consideration of input the IIASB has received from internal auditors and stakeholders, as well as global surveys and other research focused on the Standards. Exposure Period Part of the established process includes the exposure of the proposed changes to the Standards to stakeholders of the profession to ensure that the modifications are clear, understandable, and consistent with the practice of internal auditing. The proposed revised Standards will have a 90-day exposure period from February 20, 2012, to May 20, 2012. Purpose for the Exposure The proposed changes include: Clarifying the responsibilities of internal auditors, the Chief Audit Executive (CAE) and the internal audit activity for conforming with the Standards. Increasing focus on the Quality Assurance and Improvement Program requirements and clarifying ways in which conformance may be achieved. Clarifying the CAE's role to communicate unacceptable risk. Explicitly requiring timely adjustments to the internal audit plan for changes. Increasing coverage of risks to the achievement of strategic objectives. Adding more examples of functional reporting to the board. Adding the definitions of "overall opinion" and "engagement opinion" into the glossary, as well as changing the definitions of "risk" and "board." How to Respond To facilitate your response to this exposure draft, you will complete an online survey that guides you through each of the proposed changes to the Standards and glossary. The survey — which is available in English, French, German, Italian, Korean, Montenegrin, Polish, Portuguese, Romanian, and Spanish — will allow you to vote on whether you agree with the proposed additions or revisions and to provide additional comments. Access to the exposure instructions and online survey. -
New Issue of Tone at the Top: Below the Surface
Posted on February 19th, 2012 No commentsServing on an audit committee is one of the most prestigious and challenging roles in business. So much so, its inherent responsibilities could result in a very serious case of sleep deprivation! This edition of Tone at the Top addresses the top concerns expressed by audit committees today, and how internal auditing can help them rest assured they’re able to carry out their governance duties effectively. Plus, New Look and Circulation—we’re excited to unveil a new look for Tone at the Top and an increased distribution from quarterly to bi-monthly. Download your copy now. Tone at the Top provides executive management, boards of directors, and audit committees with concise, leading-edge information on such issues as ethics, internal control, governance, and the changing role of internal auditing; and guidance relative to their roles in, and responsibilities for, the internal audit function. Your colleagues and audit committee and board members are invited to receive complimentary subscriptions to Tone at the Top. Register online. -
New Issue of Tone at the Top: Rest Assured.
Posted on February 19th, 2012 No commentsServing on an audit committee is one of the most prestigious and challenging roles in business. So much so, its inherent responsibilities could result in a very serious case of sleep deprivation! This edition of Tone at the Top addresses the top concerns expressed by audit committees today, and how internal auditing can help them rest assured they’re able to carry out their governance duties effectively. Plus, New Look and Circulation—we’re excited to unveil a new look for Tone at the Top and an increased distribution from quarterly to bi-monthly. Download your copy now. Tone at the Top provides executive management, boards of directors, and audit committees with concise, leading-edge information on such issues as ethics, internal control, governance, and the changing role of internal auditing; and guidance relative to their roles in, and responsibilities for, the internal audit function. Your colleagues and audit committee and board members are invited to receive complimentary subscriptions to Tone at the Top. Register online. -
Announcing IIA slate for 2012-2013 Officers and Board of Directors
Posted on February 15th, 2012 No commentsThe Global Nominating Committee is pleased to announce the nominees for the Executive Committee, Directors at Large, Institute Directors, and North American Directors. These candidates have agreed to serve subject to election at the Annual Business Meeting in Boston, Massachusetts on July 11, 2012. The new leaders will take office immediately upon election. All members are invited to attend and may vote in person or by proxy. Officers are elected for one-year terms; Institute Directors, North American Directors, and Directors-at-large serve one- or two-year terms. Click here to see the announcement of the 2012-2013 slate of nominees. The Institute of Internal Auditors Global Headquarters 247 Maitland Avenue Altamonte Springs, FL 32701 U.S.A. Tel: +1-407-937-1224 Fax: +1-407-937-1101 E-mail: governance@theiia.org Web:http://www.theiia.org -
2013 CIA Candidate Transition Plan and Exam Content Map Now Available
Posted on February 7th, 2012 No commentsThe Professional Certifications Board (PCB) has announced the transition plan for Certified Internal Auditor® (CIA®) program candidates who cannot complete their certification before the new exam is launched in mid-2013. The plan explains how credit for partial completion in the four-part exam will translate to the three-part exam format, and it indicates any additional requirements for achieving credit for specific parts. To assist candidates with their transition, The IIA also has released a document that shows the realignment of content from the four-part structure to the 2013 three-part exam format. The content map highlights which content has transitioned to a new part, has been removed or added, or has changed knowledge level on the exam. Read more about The CIA Candidate Transition Plan in the Certification News section of The IIA’s Global website. Download the CIA Four-part to Three-part Exam Content Map. -
Audit Executive Center Hosts Roundtables on COSO Framework Exposure Draft
Posted on February 7th, 2012 No commentsThe IIA’s Audit Executive Center recently hosted three roundtables to garner insight from the internal audit profession on the exposure draft of proposed updates, revisions, and enhancements to the 1992 Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control — Integrated Framework (Framework), which was released for public comment in December. Roundtable discussions explored seven observations on the exposure draft. Read more . . . -
Internal Auditor Unveils New Look, App
Posted on February 1st, 2012 No commentsInternal Auditor magazine has launched a new look AND a smartphone app. The magazine went through a major redesign to create a look that is up-to-date, more reader friendly, and translates easily to mobile editions of the publication. “From the cover to every inside page, our design firm, Yacinski Design LLC, used a cleaner, more open look and a wider variety of design elements to create a more interesting appearance for the publication,” say Editor in Chief Anne Millage. “The firm captured our vision for the redesign perfectly.” The new app includes the digital edition of the redesigned magazine, daily news updates, and the latest posts from InternalAuditorOnline’s “Chambers on the Profession” and “Marks on Governance” blogs. Readers can access the magazine via their iPhone, iPad, iPod, or Android phone by downloading the app from either the App Store or Android Market using their member/subscriber number and password. They must currently receive the publication to be able to download the app. For more information: http://www.theiia.org/intAuditor/mobileapp/