A Review of Recent PwC Reports on Boards, Audit Committees, and Governance

Posted on Feb 15, 2014

PwC has published the results of their Annual Corporate Directors Survey (PDF). I recommend a read of the report and have selected a few important points for comment.

continue reading...

Congratulations to PCAOB for New SOX Guidance

Posted on Feb 10, 2014

In my SOX Master Classes and elsewhere I hear that the external audit firms are saying the PCAOB has issued new and more demanding Sarbanes-Oxley guidance. They are telling companies that both management and auditors have to do more work and fees have to rise accordingly.

continue reading...

Misunderstanding Risk and Controls

Posted on Feb 1, 2014

Time and again I hear that risk management is seen as something that is required by the regulators, perhaps by the board or top management, but is not seen as something that helps individual managers succeed. 

continue reading...

The Academy for Creative Auditing

Posted on Jan 25, 2014

Some years ago, while I was CAE at Tosco, I started an "Academy for Creative Auditing." It never got off the ground because the company was acquired and I left for new pastures. But the idea still holds true: that if we, as leaders or users of internal audit services, are to get the best out of internal audit managers and staff we need them to use their imagination and creativity, not just their technical skills.

 
continue reading...

A Danger to Every SOX Program

Posted on Jan 18, 2014

I am starting to hear that people are adding a fair number of key controls to the existing scope of their Sarbanes-Oxley program. This should sound the alarm, as most of us had spent a fair amount of time over the last few years streamlining the program.

continue reading...

Verizon Report Shares Insights After Analyzing 47,000 Data Breaches

Posted on Dec 14, 2013

Verizon’s 2013 Data Breach Investigations Report analyzes thousands of 2012 incidents, using data supplied from a variety of partners (including police and other agencies in Holland, Malaysia, Australia, Denmark, Spain, Ireland, and the United States). They were limited to data breaches reported to third parties. The 47,000 incidents led to 621 actual data breaches. 

continue reading...

How to Build an IT Audit Plan

Posted on Dec 7, 2013

This post is primarily for IT auditors, but its philosophy applies equally to those charged with assessing so-called IT risk.

continue reading...

Does Your Internal Audit Department Understand All the Tools It Has?

Posted on Dec 2, 2013

Earlier this year, I appeared on an IIA AuditChannel.tv video “Rethink Your Approach to Technology.” I spoke to the need to look first at what your organization already owns and is using before acquiring solutions specifically for internal audit. Too few internal audit departments understand how they can use technology for analytics and business intelligence for their own data mining, continuous auditing, and monitoring. I am interested in your views on the advice I provided in the video. 

continue reading...

Reflections on IT Risk and Audit

Posted on Nov 22, 2013

All the studies show an increasing pace of change in and around technology. It’s not only that we run the back office with enterprise software, but it is invading both the front office and the products and services offered by organizations around the world.

continue reading...

UK Issues Proposed Guidance on Risk Management, Internal Control, and Going Concern

Posted on Nov 16, 2013

The U.K.’s Financial Reporting Council (FRC) is responsible for the nation’s corporate governance code as well as its standards for accounting and auditing. When they speak, we should all listen.

continue reading...