Richard Chambers On The Profession

ALIMPA DEBORAH

Tue, 21 May 2013 11:31:33 GMT

Goodafternoon Richard:Wonderful attributes! You have them then u have it great.

David Hall

Sat, 18 May 2013 22:08:26 GMT

Richard this is great. It reinforces the approach I have taken to my career which has brought me satisfaction. I believe this advice also stands true for those of us who are involved in voluntary activities such as the IIA's chapters,committees etc. We often dedicate a good amount of our time to leadership, planning, execution and interacting with other volunteers so we should make it count, along with our professional careers.

Denis Lefort

Fri, 17 May 2013 20:09:26 GMT

Would I be too bold to suggest to CAEs not to make recommendations and to focus on factual findings and appropriate action plans developed and adopted by management while having IA to make sure these plans would truly remedy/address the issues and risks at stake... And if not, CAEs would state in their report that these action plans are unacceptable....

Most of the time, internal auditors and management agree on factual findings and where a lot of time is lost is during the discussing process preceding the issuance of the audit reports. Who is the best placed to address an issue: management or the internal auditors...

For sure, I must be too bold...

Denis

Michael Fardella

Fri, 17 May 2013 18:52:50 GMT

Excellent article Richard. I've certainly had experiences related to a few of the 5 points listed. I've helped implement corrective actions, have offered writes-ups and certain analytics requested by the business (where appropriate) and have been commended by management for identifying internal control improvements and alike. However, it must be said, at least based on my own experiences, that management does not always look favorably on internal audit "home runs". They can sometimes incite an opposite reaction.

But this is the exception on not the norm.

Kind regards,

Mike

Maunda Land

Thu, 16 May 2013 21:05:58 GMT

Richard, I think this blog post is outstanding. It should be shared with every college student and working professional. To echo your comments, people often go through life trying to live up to the expectations of others and may not choose a career in the area of their passion. But true success, fulfillment and happiness comes when a person can have a career that utilizes their passions. Being passionate doesn’t mean that you will love every aspect of you job, but it does give you the opportunity to press in to your area of passion and make a meaningful contribution. Greatness resides in those that press into their passions and choose to live their life in full color.

Kristen Jason

Wed, 15 May 2013 19:53:06 GMT

So true. I always like to remember that there are no rehearsals in life, and only get a chance to do this once.

Terri Freeman

Wed, 15 May 2013 19:40:12 GMT

So true

Adeel

Wed, 15 May 2013 16:04:31 GMT

Beautifully Written ! Simply if we enjoy our work it will add colors at work place and in our personality as well.

Sam Huibers

Tue, 14 May 2013 18:32:55 GMT

The first that comes to my mind is that the world is changing and so do we need to adapt the way we perform our audit activities.

I have also just read PwC’s 2013 State of the Internal Audit Profession Study which reveals that "many internal audit functions are not keeping pace with changes—which poses a major challenge for companies (and audit committees) seeking to determine their future strategies for, and investment in, internal audit."

My personal view is driven by the fact that in this era of dynamically changing environments, globalization and new technologies companies need to re-visit their strategy on a continuous basis. Technological innovation can create a paradigm shift leading to changes in the market and the ways markets and organizations operate. The introduction of the computer resulted in ongoing automation of processes and after some period of time elapsed also continuous monitoring / auditing became introduced and more widely accepted. Apparently the efficiency gains have prevailed the idea of big brother is watching you.

The redesign of the organization, processes, and systems, are often executed through (large) projects. With increasing demands from management on the internal audit profession, the question is also raised of how the auditor’s traditional assurance role can be redefined and more proactive project auditing roles and techniques can be applied.

I am aware there are still many discussions on how the auditor can be more proactive in a changing environment ( this week I will also publish an article about "proactive project auditing" in the American journal - EDPACS, NO. 5 -) . I strongly prefer to see the glass half full keeping in mind the words of Darwin: "It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change."

Kevin Mayeux

Mon, 13 May 2013 17:02:29 GMT

Well said, Richard. When anyone spends the majority of their waking hours at a job or career, they should get personal and professional satisfaction out of it. One's job should be something that adds to one's personal satisfaction, as well as their personal & professional growth. What we pour into our jobs is a demonstratable representation of how we want to live our lives, have others see us, and the impact that we want to make whiel we are on this journey.

Vinnate Hall

Tue, 07 May 2013 16:55:18 GMT

I am in total agreement with your commentary......"putting your findings in context" will certainly make a difference between a 'good' and a 'bad' report. Some good words from the wise!!!!

shalinder

Mon, 06 May 2013 05:27:07 GMT

Hi Richard....I think the AC should also ask the following:

1) Is the Internal Audit function resourced adequately – in terms of number of auditors, as well as expertise?

2) How is the Organizational Responsiveness – in terms of action on audit findings in general, and in particular on areas of serious concern highlighted by the auditors?

3) Is the Internal Audit function able to give independent ratings for Businesses & Managers (basis audit findings, control environment, and approach towards compliances) – ratings which impact the performance evaluation of the businesses/ people – thereby influencing behavior and closing the loop?

Also besides this it is important that the AC should ask questions directly to the Senior Managment based on Audit findings.

adad

Sun, 05 May 2013 16:21:51 GMT

This is a ">

Buffie Hennigan

Fri, 03 May 2013 15:51:20 GMT

Great topic and all good points noted in earlier comments. As Vincent noted, the key would be to tread carefully with the client. I too am all for employing new technologies to make the audit process more efficient. I think it would come down to getting buy in from company management, both in audit and on the client side, to work together to employ new methods to further support the company in meeting overall objectives. If the implementation of this technology had benefits on the business side as well, it would be easier for audit to "share" in it's use, rather than to lead with it. I've considered using those fancy pens that record the notes you take for conversion into a typewritten document, given that the note taking process during a walkthrough is tedious and often times you lose a good amount of the comment if you don't document the results timely. I also like to use my laptop to take notes, and now days iPads or other tablets would make that process even easier. I think if the company as a whole adopts a new technology, it becomes easier for audit to use it as well without pushback from clients.

Vincent Mokwenye

Thu, 02 May 2013 23:57:24 GMT

Google Glass technology, side effects, security concerns, risks, legal and compliance implications, management policies, user acceptance and /or rejection, audit efficiency and effectiveness, work paper synchronization, fears of ownership and control of data stored in the clouds....the list of concerns go on an on. All these are legitimate issues that can be fully considered as auditors embrace the new technology from Google Glass. As an auditor and a fan of technology, I am a stickler for any technology that eases the work of an auditor and increases audit efficiency and effectiveness. Embracing new technology is not always an easy thing to do but, as auditors and organizational change agents, we have the responsibility to be innovators that drive into new frontiers that will change for the better, the way we do business. It is in the light of this that I would welcome the new Google Glass technology. At least, for a start, we could deploy it in the walk-through and the control assessment of phases of an entity's structure. Since clients may not be open (as least not yet) to the notion of "being on tape", we may have to thread softly at first. We need to document the results, successes or failures of this new technology and so have a base with which we would "sell the idea" to management, (one way or the another). Richard, thank you for this article. I look forward to the debate that would follow. Vincent Mokwenye, CFE, CGAP, CGFM.

Brian Cathey

Thu, 02 May 2013 16:03:49 GMT

While attitudes may change over time as recording devices become ubiquitous, many today claim unease at the thought of such complete recording. Given our efforts to be perceived more as business partners than "police", we should carefully consider whether the introduction of a recording device may invoke images of Hollywood-style law enforcement interrogation rooms in our clients. The use of voice recorders has been generally frowned upon in audit interviews for some time for this reason.

From a security standpoint, there are confidentiality considerations. What networks may data gathered through the glasses traverse, what party has claim to the data which may be stored at these points, and what are the legal and company policy implications? As a computer, the device itself may introduce risks similar to other mobile devices entrusted to users.

While research into possible side effects of a new product are important, the fears of additional electromagnetic radiation seem overblown. The radiation of the device in question is in a spectrum which is already seeing very wide use, and has not been found to have measurable ill effect. As humans, we tend to improperly inflate miniscule risks, especially those which involve something rare, novel, beyond our control or understanding, or which have high emotional impact. As with mobile telephony and entertainment in wide use, we are likely to find the greatest personal risks from this new technology are those of accidents resulting from user distraction.

The larger social effects and privacy implications of a technology such as Google Glass becoming common likely require more than this comments section to address, though they are worth considering.

Thank you for the article. I look forward to the debate.

Brian Cathey, CISA, CISSP, OSCP, etc.

Doug van den Aardweg

Thu, 02 May 2013 15:49:18 GMT

Richard, lately there is far greater focus on the 'functional reporting line' to the audit committee and what that means. That's good. It's been fuzzy for too long. I concur with your questions 2 - 5, they must be asked and answers must be probed thoroughly. Your first question is too broad, the category 'conforms to' for external assessments is a one-size-fits-all and little comfort can be derived by an audit committee by that outcome. Another question for the CAE is "what is your major concern at the present time", is there anything that keeps the CAE awake at night and it may not be the risk profile of the organisation but rather the risk within the audit function - your 5 questions would not tease that out.

Audit Committees are playing a greater role in setting objectives, measuring effectiveness and assessing performance for CAE's. Robust questioning is an imperative As you say "the audit committees success is tied to the effectiveness of the internal audit department". Many audit committees don't realise that !

Tim Leech

Thu, 02 May 2013 14:01:53 GMT

Richard: Really good topic. The more boards engage and demand what they need from Internal Audit to meet their responsibilities to oversee management's risk appetite and tolerance the better. The key is deciding what really should be the "effectiveness criteria to evaluate IA.

We encourage boards to ask the following questions:

1. Is management providing the board with a materially reliable report on the areas/objectives with the highest levels of retained/residual risk? If the answer is no, why not?

2. What percentage of the organization's most important strategic objectives and potentally value eroding objectives have been risk assessed by management and/or internal audit? Which objectives in those categories have not been formally risk assessed by management and/or internal audit?

3. Do your auditors know how to complete reliable risk asseessments in accordance with ISO 31000 that cover not only "controls" but all forms of "risk treatments" including risk transfer, risk sharing and risk financing vehicles?

4. When your internal auditors complete assessments are they providing subjective opinions on what they think is "effective control" (which is actually deciding on acceptable levels of residual risks) or providing management with reliable information on residual risk status?

5. What is internal audit doing to enhance management/work unit risk asssessment/management capabilities?

William Clay Cochran

Thu, 02 May 2013 13:14:12 GMT

As a gadget geek and auditor, I have always thought that the majority of auditors are way behind the curve when it comes to using technology in audits. The thought of auditors using Google Glasses would be very interesting. Being able to document your audit work with voice capture and instant imaging would be great. With Google voice recognition capabilities and instant upload of data to the cloud, documentation of these walthroughs would be a breeze and would also be more accurate. Of course the privacy ramifications along with the auditee resistance would be a mountain to overcome.

Your column however made me also realize another tool that could also be very useful for auditors especially smaller, budget concious shops. Data collection and storage tools like Evernote would make great low cost audit workpaper packages. Evernote is capable of capturing and storing all types of data from written text, voice recording and photographs. It not only captures this data but also is very capable of organizing it through the use of data tags and notebooks.

With Evernote's cloud based platform, information is available anywhere through mutliple tools: laptop, iPad, Android tablet, iPhone, Android phone or the internet. All one needs is a connection to the internet. Using any Smartphone, an auditor could easily capture audio or pictures or makes notes for their audit. A quick cut and paste would also allow them to capture images of documentation into the workpapers.

Best of all, Evernote is a "free" tool for basic use and is very affordable for more data intensive power users. Evernote also allows controlled sharing of information for team use. Imagine combining Google Glasses with Evernote!

Thanks for getting me thinking or how new tech can be used!

Clay Cochran, CIA, CISA, CFSA, CRMA