Most auditors learn about IT but don’t come from IT backgrounds. Whereas auditing financial accounting is pretty straightforward, both IT and finance auditors tend to struggle in this brave new world of auditing cybersecurity.
Latest Content From MISTI
Picking up where we left off in part one of this two-part series, here we discuss strategies to determine if findings really need RCA and tips for discussing RCA with the audit client.
If done well and communicated properly, reporting the root cause can be the glue your report needs to tie findings to the overall health of the company and create significant change for the business. This article provides some strategies to use in writing and communicating root cause in audit findings.
We hear copious amounts said that “Data is an asset”, “It's got to be managed”, “Few people in the business understand us”, and so on. This article is not trying to cast any doubt on the importance of data as an asset, but rather raise the level of debate from a subliminal nod to a conscious examination of the characteristics of different "assets" and to compare them with the “Data asset".
Drawing flowcharts can be time-consuming, but internal auditors can gain a wealth of information during and after preparing them. By following these suggestions the benefits will far exceed the costs.
In this interview featuring Bob Hirth, Chairman at COSO, he sheds light on the recent updates made to the COSO ERM framework, discusses what those changes mean for internal auditors, and advises on how to best leverage the framework.
Given the talents and skills that auditors possess (analyzing data, spotting trends, forming conclusions), auditors are in a perfect position in a company to be part of data analytic innovation. This article proposes a plan to fill in the gaps and implement data analytics in the business.
Within a communications group, chances are that someone is performing a level of auditing of weekly or monthly online analytics already. But it doesn’t hurt to talk to these people and fill in any gaps you discover. How effective is your social media presence and how do you audit it? This article should get you started on auditing social media within a larger audit.
Historically, the Internal Audit profession has not been a leader on the topics of diversity and inclusion. Internal Audit Insights recently caught up with Adam Rutan of Cardinal Health who shared his audit team's experience of how they redefined diversity and improved their audit function along the way.
Technology continues to flood organizations and IT auditors are facing increasing challenges. The Center for Internet Security's Critical Security Controls are intended to help the cause. In this exclusive video interview with Internal Audit Insights, subject matter experts define the controls and discuss their benefits for IT auditors.
Data reveals that compliance modernization seems to be eluding most companies due to a host of reasons, and internal audit can play an important role in identifying areas of improvement. Here are five signs the compliance function needs fixing.
Change is hard no matter what. We’re more apt to change when we’ve made the rules. When we’re forced to change – like being subjected to an audit – that’s a large horse pill to swallow. But there are things that auditors can do to make that horse pill go down smoother.