Database Security, Audit, Privacy and Support Blog

Let Us Come to You!Get a sneak peek at the On-site Training courses to be featured in our next mailer. Mention that you saw this on the home page of The IIA's Web site, and we will offer you special pricing on these as well as many other courses! Learn more.

Another resource available for those seeking to better understand and manage their SOD risks and issues. Corporate and IT executives continue to feel the pressures of assuring federal regulators, auditors, boards of directors, and stockholders that corporate financial...

Recently, the US Government implemented a new rule and proposed yet more rules regarding ethics and corporate compliance programs for government contractors. This marks a continuing shift towards adopting a more aggressive approach in addressing government contractor fraud,...

Securities and Exchange Commission chairman Christopher Cox asked Congress to approve his nearly $1 billion budget request for fiscal year 2009. If lawmakers agree the SEC needs its first budget increase in three years, the commission will have realized a roughly 4 percent...

April/May IIA Research Foundation (IIARF) Report Available The current edition of RF Report is now online. Share Rod Winters' reflections on highlights from the past three years and the focus for the future as he steps down as IIARF president; CBOK's next steps are announced; St. Louis Chapter research addresses the dreaded m-word (meetings); and a long-time supporter explains why research plays an important role in taking the profession to the next level. You can also read about five new products that bring a higher level of competency to both the practitioner and the profession.

Read along with internal auditors across the globe! Every profession has a body of knowledge on which practices, performance, and new initiatives are based, and internal auditing is no exception. Recently, influences such as technology, globalization, corruption, fraud, changes in regulations, and expectations of stakeholders have all affected the practice of internal auditing. To determine just how much these and other internal and external factors have changed the roles internal audit practitioners play in organizations all around the world, The Institute of Internal Auditors Research Foundation (IIARF) conducted a global survey in 2006 to contribute to the profession's "body of knowledge."In December 2007, The IIARF's A Global Summary of the Common Body of Knowledge (CBOK) survey was made available to all members of The Institute of Internal Auditors (IIA) as a free download from The IIA 's Web site. The results of CBOK will drive many critical aspects of the profession and will help define its future and ensure that it remains a valued profession. Each month, you can read an article on a featured research topic along with a recommended course of action. The article will provide some insight from the data of the featured topic and is something you can reproduce and use as needed. If you have questions about "CBOK of the Month" or need further assistance with interpretation of CBOK data, please contact research@theiia.orgApril's "CBOK of the Month" research topic: "Continuing Professional Development"(PDF)

The Sarbanes-Oxley Act of 2002 has been viewed as a watershed event in dealing with corporate fraud. In addition to its extensive provisions dealing with internal controls and corporate accounting procedures, the law adopted new crimes and pushed the United States...

Dreading your pending SOX initiative? Or the thoughts of IPO? Or how you might refine your implementation? Hopefully, "Sarbanes-Oxley Section 404A Guide for Small Business" from the SEC takes some of the sting out of it. This incorporates much of the thinking and...

Sometimes after announcing they need to restate their financials, companies go into shutdown mode. For up to two years, investors won't see a regulatory filing or hear a significant financial peep while a company tidies up its past. The Securities and Exchange Commission's...

The frequency of financial restatements by U.S. public companies began to increase before the Sarbanes-Oxley corporate reform law was passed in 2002, according to a study commissioned by the U.S. Treasury Department and released on Wednesday. But restatements associated...

The growing number of companies restating their financial results has been cited as a reason to ease U.S. accounting standards by the Securities and Exchange Commission and Treasury Department. But the restatement problem may not be the big bad wolf it was originally...

In 2005, federal authorities concluded that a Monsanto consultant had visited the home of an Indonesian official and, with the approval of a senior company executive, handed over an envelope stuffed with hundred-dollar bills. The money was meant as a bribe to win looser...

Maybe so much of the Sarbanes Oxley legistlation has been to simply bring US filers up to par with governance and risk management practices that have been maturing around the globe. Standard and Poor's, one of the leading credit rating agencies for capital markets, has...

Since the advent of Sarbanes-Oxley, non-financial corporations have faced increasingly strong regulatory and compliance requirements aimed broadly at increasing transparency in their business practices. Risk management has been addressed at times, but usually as an...

The Board of Regents and The IIA's Certification Department are pleased to announce the initial launch of computer-based testing (CBT) registration for the Certified Internal Auditor® (CIA®) exam, which is the first step toward a full roll out of CBT. Registration for the specialty exams (CCSA®, CGAP®, and CFSA®) will begin in May. Candidates can now go online to register for the CIA exam, schedule their appointment with Pearson VUE, and track their certification progress. The initial launch version of the new candidate handbook is also posted online with complete instructions for applying to the certification programs, registering for exams, and scheduling appointments with Pearson VUE. Read more about this historic milestone!

from KPMG's "Audit Committee Insights" for March 5, 2008, originally published in the February 2008 issue of The CPA Journal. The Sarbanes-Oxley Act (SOX) of 2002's requirements regarding internal control over financial reporting requirements for management and auditors...

The Public Company Accounting Oversight Board today announced the 2008 series of its Forums on Auditing in the Small Business Environment. These forums are designed to help share important information with registered public accounting firms and public companies operating in...

Two IIA Programs Partner to Enhance the Professionalism of Your Staff and DepartmentThe IIA's premier benchmarking program, Global Audit Information Network (GAIN), and On-site Learning have joined forces to provide you and your staff the knowledge you need to reach maximum potential. With GAIN as the most trusted name for benchmarking services in the internal audit profession and On-Site Learning providing world-class training at your location, it only makes sense for these two programs to come together with a great opportunity. Now when you complete the GAIN Annual Benchmarking Study (ABS) and submit your data, you will receive a certificate for US $500 off any IIA on-site training program (two days or more in length). So don't wait another day. Participate in ABS, submit your data, and get your on-site training discount certificate today! Click here to learn more about GAIN. For a list of on-site training, click here.

Two IIA Programs Partner to Enhance the Professionalism of Your Staff and DepartmentThe IIA's premier benchmarking program, Global Audit Information Network (GAIN), and On-site Training have joined forces to provide you and your staff the knowledge you need to reach maximum potential. With GAIN as the most trusted name for benchmarking services in the internal audit profession and On-Site Training providing world-class training at your location, it only makes sense for these two programs to come together with a great opportunity. Now when you complete the GAIN Annual Benchmarking Study (ABS) and submit your data, you will receive a certificate for US $500 off any IIA on-site training program (two days or more in length). So don't wait another day. Participate in ABS, submit your data, and get your on-site training discount certificate today! Click here to learn more about GAIN. For a list of on-site training, click here.

Two IIA Programs Partner to Enhance the Professionalism of Your Staff and DepartmentThe IIA's premier benchmarking program, Global Audit Information Network (GAIN), and On-site Training have joined forces to provide you and your staff the knowledge you need to reach maximum potential. With GAIN as the most trusted name for benchmarking services in the internal audit profession and on-site Training providing world-class training at your location, it only makes sense for these two programs to come together with a great opportunity. Now when you complete the GAIN Annual Benchmarking Study (ABS) and submit your data, you will receive a certificate for US $500 off any IIA on-site training program (two days or more in length). So don't wait another day. Participate in ABS, submit your data, and get your on-site training discount certificate today! Click here to learn more about GAIN. For a list of on-site training, click here.

The IIA releases the second and third guides in the GAIT series; survey identifies need to address PCAOB/SEC revisions and business/IT risk linkageLAS VEGAS - Responding to organizations' need for guidance on assessing IT controls, The Institute of Internal Auditors (IIA) has issued two new documents in its Guide to the Assessment of IT Risk (GAIT) series. The guides address updates and revisions to regulations as well as the needs of organizations to link IT controls to critical business risks. A recent survey* of 895 auditors and corporate managers indicated that a majority of respondents would find the guidance helpful. Leveraging the philosophies discussed in GAIT's first guide, the second guide - GAIT for IT General Control Deficiency Assessments - gives auditors and management an approach to assess whether IT general control (ITGC)** deficiencies identified during their Sarbanes-Oxley Section 404 assessment represent significant deficiencies or material weaknesses in the system of internal control over financial reporting. It builds on guidance provided in 2004 by nine certified public accounting firms, A Framework for Evaluating Control Exceptions and Deficiencies, and reflects recent changes in the definitions of material weakness and significant deficiency."GAIT for IT General Control Deficiency Assessment provides a platform for internal auditors to use in discussing their deficiency assessment with external auditors, management, and others," says IIA Director of Standards and Practices Heriot Prentice, the central organizer behind the GAIT series. "It's based on the experiences of organizations over the last several years, and expands on management guidance from the U.S. Securities and Exchange Commission as well as guidance provided in the nine-firm framework by referencing the U.S. Public Company Accounting Oversight Board's Auditing Standard No. 5."The IIA also released its third guide in the series - GAIT for Business and IT Risk. This practice guide helps managers and auditors identify all the key controls that are critical to achieving business goals and objectives. It identifies the critical aspects of information technology that are essential to the management and mitigation of organizational risk. These critical IT functionalities and their corresponding risks can then be considered when planning audit work."GAIT for Business and IT Risk provides an approach for developing the scope for a business risk audit that looks at the appropriate IT controls," said Norman Marks, a member of the GAIT development team and vice president of internal audit for Business Objectives, an SAP company. "It addresses the misconception that IT and business risk need to be assessed independently and it enables chief audit executives to provide assurance on business risk with the comfort that IT-related issues are given the appropriate level of consideration.""This helps organizations identify the key IT controls necessary for reasonable assurance that selected business risks are adequately mitigated," Marks added.GAIT for IT General Control Deficiency Assessment and GAIT for Business and IT Risk were unveiled this week at The IIA's General Audit Management Conference being held March 17-19 in Las Vegas. Both sets of guidance can be downloaded free of charge from The IIA Web site at www.theiia.org/guidance/technology. ###* IIA survey: "GAIT - IT Assessment," March 14, 2007Key findings include:78.7 percent of respondents indicated that assessing control deficiencies in ITGCs is difficult.98.3 percent of respondents would find guidance (consistent with the PCAOB's Auditing Standard #5 and SEC revisions) helpful in assessing deficiencies in ITGCs.More than half of the respondents (56.7 percent) indicated that their methodology was not effective or only somewhat effective in identifying and assessing IT risks as a part of an overall audit of organizational risk.99.4 percent of respondents would find guidance helpful in identifying and assessing IT risks as a part of an overall audit of business risk.** IT general controls are those controls that assure the proper operation of IT applications and automated controls as well as controls that help to protect data and programs from unauthorized change.Contact: Scott McCallumOffice: 407-937-1247 Cell: 321-246-7649Scott.McCallum@TheIIA.org

The IIA's General Audit Management Conference began today at the Red Rock Casino, Resort, and Spa in Las Vegas, NV. with a presentation by legendary U.S. National Football League Coach and Hall of Fame member Don Shula. One of only two coaches to reach the Super Bowl three straight seasons, Shula spoke to the audience of chief audit executives (CAEs) about inspiring a winning team. Read the complete story ...

Responding to organizations' need for guidance on assessing IT controls, The Institute of Internal Auditors (IIA) has issued two new documents in its Guide to the Assessment of IT Risk (GAIT) series. The guides address updates and revisions to regulations as well as the needs of organizations to link IT controls to critical business risks. Leveraging the philosophies discussed in GAIT's first guide, the second guide - GAIT for IT General Control Deficiency Assessments - gives auditors and management an approach to assess whether IT general control deficiencies identified during their Sarbanes-Oxley Section 404 assessment represent significant deficiencies or material weaknesses in the system of internal control over financial reporting. GAIT for Business and IT Risk helps managers and auditors identify all the key controls that are critical to achieving business goals and objectives.Both sets of guidance can be downloaded free of charge from The IIA Web site at www.theiia.org/guidance/technology/GAIT.

Investor advocates are wary of a regulatory proposal that could decrease the number of times companies restate their financial results. Barbara Roper, director of investor protection for the Consumer Federation of America, contends that the suggested changes to the...

Don't miss The IIA's April 15 webinar, Getting the Most from Audit Relationships. Click here for more.

ALTAMONTE SPRINGS, Fla. -- Internal auditors remain in demand, with their average salaries rising almost five percent this year, according to the 2008 Salary Guide from Robert Half International. The report identifies internal auditing as one of five jobs that are positioned for growth in the upcoming year."With the growth we've seen in the profession over the last five years - it's not surprising," said David A. Richards, CIA, president of The Institute of Internal Auditors (IIA). "But it's also definitely good to know that organizations are continuing to highly value internal auditing as essential to conducting business effectively and efficiently during lean times."The Robert Half Salary Guide reported that internal audit managers at large companies will post the largest salary gains at 6.7 percent. Information technology auditing managers will also see more compensation for their expertise, with a salary bump of 5.5 percent. And chief audit executives, vice presidents of internal audit, and internal audit directors will make as much as $213K in salary, annually - a pay hike of at least three percent over last year. The report also cited the Certified Internal Auditor (CIA) as a valuable designation, and the southeast and north-central regions of the U.S. as areas in most demand for internal auditors."The market remains very competitive for highly skilled and experienced auditors who can fill those in-demand positions," said Paul McDonald, executive director of Robert Half Management Resources, a division of Robert Half International specializing in the placement of senior-level accounting and finance professionals on a project and interim basis. "Certification can greatly enhance an auditor's marketability and earning potential."The internal audit profession has surged in growth over the last decade, with The IIA's membership doubling to more than 150,000 since 2002. According to the American Society of Association Executives, typical associations grow at an average rate of about three percent, annually. ###About Robert Half and the 2008 Salary GuideRobert Half International is the world's first and largest specialized staffing firm. Its 2008 Salary Guide is based on an analysis of the thousands of job placements managed by the company's U.S. offices and includes an overview of the hiring environment and national average starting salary ranges for positions in accounting, finance, banking and financial services. About The IIAEstablished in 1941, The Institute of Internal Auditors is an international professional association with members in 165 countries and global headquarters in Altamonte Springs, Fla., USA. The IIA is the internal audit profession's global voice, standard-setter, and resource for professional training and certification.Contact: Scott McCallumOffice: +1(407) 937-1247 Cell: (321) 246-7649Scott.McCallum@TheIIA.org

ALTAMONTE SPRINGS, Fla. -- Internal auditors remain in demand, with their average salaries rising almost five percent this year, according to the 2008 Salary Guide from Robert Half International. The report identifies internal auditing as one of five jobs that are positioned for growth in the upcoming year."With the growth we've seen in the profession over the last five years - it's not surprising," said David A. Richards, CIA, president of The Institute of Internal Auditors (IIA). "But it's also definitely good to know that organizations are continuing to highly value internal auditing as essential to conducting business effectively and efficiently during lean times."The Robert Half Salary Guide reported that internal audit managers at large companies will post the largest salary gains at 6.7 percent. Information technology auditing managers will also see more compensation for their expertise, with a salary bump of 5.5 percent. And chief audit executives, vice presidents of internal audit, and internal audit directors will make as much as $213K in salary, annually - a pay hike of at least three percent over last year. The report also cited the Certified Internal Auditor (CIA) as a valuable designation, and the southeast and north-central regions of the U.S. as areas in most demand for internal auditors."The market remains very competitive for highly skilled and experienced auditors who can fill those in-demand positions," said Paul McDonald, executive director of Robert Half Management Resources, a division of Robert Half International specializing in the placement of senior-level accounting and finance professionals on a project and interim basis. "Certification can greatly enhance an auditor's marketability and earning potential."The internal audit profession has surged in growth over the last decade, with The IIA's membership doubling to more than 150,000 since 2002. According to the American Society of Association Executives, typical associations grow at an average rate of about three percent, annually. ###About Robert Half and the 2008 Salary GuideRobert Half International is the world's first and largest specialized staffing firm. Its 2008 Salary Guide is based on an analysis of the thousands of job placements managed by the company's U.S. offices and includes an overview of the hiring environment and national average starting salary ranges for positions in accounting, finance, banking and financial services. About The IIAEstablished in 1941, The Institute of Internal Auditors is an international professional association with members in 165 countries and global headquarters in Altamonte Springs, Fla., USA. The IIA is the internal audit profession's global voice, standard-setter, and resource for professional training and certification.Contact: Scott McCallumOffice: +1(407) 937-1247 Cell: (321) 246-7649Scott.McCallum@TheIIA.org

The Sarbanes-Oxley Act has many detractors. They claim that the Act is an over-burdensome piece of regulation, one that has imposed costly and unneeded obligations on issuers. It has driven U.S. companies to exit the public markets and “go private,” and it has deterred...

Read along with internal auditors across the globe! Every profession has a body of knowledge on which practices, performance, and new initiatives are based, and internal auditing is no exception. Recently, influences such as technology, globalization, corruption, fraud, changes in regulations, and expectations of stakeholders have all affected the practice of internal auditing. To determine just how much these and other internal and external factors have changed the roles internal audit practitioners play in organizations all around the world, The Institute of Internal Auditors Research Foundation (IIARF) conducted a global survey in 2006 to contribute to the profession's "body of knowledge."In December 2007, The IIARF's A Global Summary of the Common Body of Knowledge (CBOK) survey was made available to all members of The Institute of Internal Auditors (IIA) as a free download from The IIA 's Web site. The results of CBOK will drive many critical aspects of the profession and will help define its future and ensure that it remains a valued profession. Each month, you can read an article on a featured research topic along with a recommended course of action. The article will provide some insight from the data of the featured topic and is something you can reproduce and use as needed. If you have questions about "CBOK of the Month" or need further assistance with interpretation of CBOK data, please contact research@theiia.orgMarch's "CBOK of the Month" research topic: "Quality Assurance and Improvement"(PDF)

In 2006, The IIA released Sarbanes-Oxley Section 404: A Guide for Management by Internal Controls Practitioners, the first publication in the Professional Guidance Series of the Professional Practices Framework. This month, The IIA released a major update to the publication, incorporating guidance from the U.S. Public Company Accounting Oversight Board's (PCAOB's) Auditing Standard (AS) No.5 and management guidance issued by the U.S. Securities and Exchange Commission (SEC). In addition, the guide provides an extended discussion on direct and indirect entity-level controls, as well as the challenges faced by organizations in scoping IT general controls based on the insight and real-world experiences of internal auditors. Finally, the guide provides an updated checklist to help management teams ensure that their Section 404 programs are efficient, thereby streamlining management's process and creating major reductions in total cost. To download A Guide for Management, visit The IIA's Professional Practices Web page.