Richard Chambers On The Profession No Description Blogo Wed, 23 Apr 2014 22:18:35 GMT en-us Tim Leech Richard: My elevator pitch is really short - Internal audit can help management and the board increase certainty the organization achieves what they want for long term success, and avoid or mitigate events they don't want that materially erode entity value.    Should be doable even if the trip is only a couple of floors.

]]> Tue, 22 Apr 2014 14:24:31 GMT
David Griffiths Tue, 22 Apr 2014 11:30:51 GMT Brian Robb Thanks Richard. Yes a simple, attention grabbing and easy to grasp explaination of what we do is something we need to keep in our back pocket. I sometime use the term "I am in the business improvement area" or "I help the organisation in achieving sustainable performance" which can lead to a clarification question and interest from the person asking. Sometime I also may use an example of a recent and publicly known piece of work to illustrate the type of work we do.

It will certainly be useful to hear other people's "elevator pitch".

]]> Mon, 21 Apr 2014 21:31:31 GMT
David Griffiths Sun, 20 Apr 2014 11:54:15 GMT Moses Ntuli Tue, 15 Apr 2014 15:29:48 GMT Tim Leech Richard: My top risk for 2014's radar is a risk that has been on my list of risks auditors should focus on since I started in the profession 30 years ago - senior management teams that don't see reporting on the true state of retained risk to the board of directors on top value creation and potential value erosion objectives as their job.   Internal audit methods that don't focus on this risk (e.g. IA shops that don't want to comply and/or don't know how to comply with IIA Professional Practice Standard 2110 and provide reports on the effectiveness of risk processes) should also be included.   I think when these two risks are focused on correctly all the risks above would be covered.  If management doesn't think cyber security, third party risks, cloud computing, etc are issues they should be covering in their reports on risk to the board that is a major risk. If internal audit thinks they should do it  (report on risk status) for management instead of management reporting themselves that is also a major misalignment of responsibility IMHO.  As you know, I don't share your positive views on COSO 2013.  I think adopting COSO 2013 is more likely to be part of the problem not the solution to enhancing risk governance globally.  Controls are not the only way you "treat" risks.  Requiring companies adopt COSO ERM 2004 would be a better step if one has to choose.

]]> Tue, 15 Apr 2014 15:16:53 GMT
Atul Gupta being an internal auditor in banking and finance, i couldn't agree more on cybersecurity as top risk.

]]> Tue, 15 Apr 2014 12:28:39 GMT
Farrukh Mazher  FYI

]]> Tue, 15 Apr 2014 09:24:49 GMT
Chinedu Umechukwu In this world of digital mobility, most of the reports are read on the go. Therefore, reports need to be concise, delivering only critical information on positive or negative exposure faced by the company.

Auditors should also consider the structure of info - graphics introduced in the report as some may not display properly across mobile platforms.

A member of the audit committe of a company I know complained that reports received from the CAE suffers from wrong formating and alignment which distorted the contents of the report.

]]> Sat, 12 Apr 2014 20:18:30 GMT
Hussain  Thanks Richard, good points.

As auditors we do expect the needs, and based on those expectations we build our report methodlogy, even without testing those expections or getting any feedback.

all needs are changeable,  we have to review our report methodlogy and keep close relation to our stakeholders.


]]> Fri, 11 Apr 2014 12:13:34 GMT
Harish Kumar Besides all the other criticisms against internal audit for an organization of any size viz., small or medium or large, the internal audit has the same common issue viz., "do more with less budget dollars", "coordinate more with external audit & save some budget dollars for the company" & "both groups (internal audit & external audit) are fighting the same issue viz., fill the right staff need at the right time. Not to say the least, staffing rotation is high in the midst of busy time period and no one has time to sit with auditors & answer their queries. Audit committee is on top telling the internal auditor to have more audits done since you have the staff to do the audit now.  Audit committee does not like internal audit and external audit work on the same topic or audit subject utilizing each others' leverage on audit work papers since audit risk may not necessarily go away at the end of the day for audit committee iether. This type of coordination may lead to dispute and legal problems where one group will drag the other group for their own problems in their own organization. That is really chaos. Not a great situation to be in for internal auditors to begin with at the first place.

]]> Wed, 09 Apr 2014 17:23:41 GMT
Harish Kumar Audit plan execution is as important as planning the audit in itself. It is important that audit process is understood by the auditees also in certain types of audit. Audit committee's understanding of the audit process is not enough in this instance. It is important for auditor to know beforehand that there is a possibility that auditee will front run the audit issue in order to defuse the audit issue & distract auditor's attention or just play it out to appease to political individuals within an organization so that audit is undermined on its own without any serious audit findings reflecting that auditee's hide behind the process adequacy controls. In that instance also, auditor is running the risk of not bringing out the audit issues at the appropriate level of authority where gulty party or culprit would otherwise been caught earlier than late.

]]> Wed, 09 Apr 2014 16:28:56 GMT
Tim Leech Richard:  Thanks for sounding an alarm to members that survey statistics and feedback are suggesting increased dissatisfaction on the part of some key IA stakeholder groups.   My belief is that the IIA needs to carefully assess the new risk governance expectations that are emerging from  groups like the Financial Stability Board, the FRC in the UK, and financial regulators and the NACD in the U.S. and objectively determine if current IIA CIA/CRMA certification and training curriculum are equipping internal auditors to fully support boards of directors that are now expected to oversee management's risk appetite and tolerance. Francine McKenna's point above is also a key element that needs to be addressed.  I encourage my clients and audiences to join or at least monitor the NACD in the U.S., ICD in Canada and other organizations in other countries to really understand what boards and regulators want from IA.  Sometimes boards need help to take the time to identify and articulate their needs and expectations, just as customers of many goods/services often don't tell suppliers what they really want until after they have changed suppliers.  The work you and Paul Sobel are doing globally to raise the alarm is excellent, but more needs to be done across the full range of IIA standards, certifications, conferences and training offerings to ensure IA remains fully relevant to key customers in the years ahead

]]> Tue, 08 Apr 2014 14:26:53 GMT
Francine McKenna Tue, 08 Apr 2014 14:02:44 GMT John Poole Thu, 03 Apr 2014 15:02:10 GMT Idris olufowobi  This is very nice advice to us auditors.

]]> Thu, 03 Apr 2014 10:37:51 GMT
Brian Robb Thanks Richard for your words of wisdom. Your ten points are certainly worthy of applying to our role to be successful. We must not lose sight of what we are here for and who is our key stakeholder and what do they think of what we provide to them. It is now the time for us to step out of the shadows and be the business partner we were always meant to be.

]]> Wed, 02 Apr 2014 01:14:53 GMT
Florence Obiha  I think it's high time the IIA step up their game on their roles and responsibilities of internal audit and showing honesty and independence in executing their duties to the best of IIA best practise. Also not compromising  in anyway will earn the organisation it's respect it deserves .

]]> Tue, 01 Apr 2014 18:38:27 GMT
William Gillette Excellent article and a long over due source dor education, certifications, knowledge and networking amongst government auditors will be of emence value. I look forward to the opportunity to utilize this source of information through the ACGA.

]]> Tue, 01 Apr 2014 14:10:16 GMT
Lynn Scully It's scary being out on a limb, but sometimes you are negligent as an auditor if you don't go there.  I see my role as advisory, but there have been times that I've had to assert myself and nudge leaders in a particular direction.  It isn't easy, and you have to have good instincts about how far you can push your concerns, lest you fall out of the tree!

I believe that auditors must pick their battles wisely, earning the respect of others by conducting such battles with the utmost respect and professionalism.  There is no better way to have a long-lasting positive impact on the control environment.

]]> Fri, 28 Mar 2014 14:14:35 GMT