Compliance

A survey of financial executives includes complaints of excessive documentation required by external auditors.Finance executives at large US companies are finding it increasingly difficult to document internal controls over financial reporting (ICFR) to the satisfaction of their internal and external auditors, according to a study recently published by the Financial Executives International’s research arm. Several of the most difficult controls to design, implement and operate are common in corporate treasury. Pain points. Controls around non-routine transactions—bond issuances, significant one-off payments…

Like other functions, internal audit needs to publicize its value to senior executives and the broader corporation.After the completion of a lengthy process audit at a multinational company, the chief audit executive (CAE) reported results to the owner of that process. After a cursory review, the process owner, also a senior executive, asked, “What else have you done?” The CAE was somewhat taken aback. The audit took several months and ate up lots of FTE hours. But since it only…

One member’s “risk radar” facilitates explaining evolving risks to audit committees. Corporate risk is no easy concept to convey, especially when risks are numerous and shifting in intensity over time. Equally challenging is explaining a risk’s evolving urgency to board members, who must concurrently digest reams of information. Responding to a query about how peers justify urgent audit-plan changes to audit committees, a member of NeuGroup’s Internal Auditors’ Peer Group described the “risk radar” he presents quarterly to illustrate dynamically the…

How much and when should internal auditors report about projects outside of their audit plan? Internal audit is increasingly being called upon to get more involved in nontraditional types of engagements—projects that don’t fall within the scope of the audit plan. These might include counsel, advice, facilitation, data analytics and automation. From company to company, managing these projects varies, according to members of NeuGroup’s Internal Auditors’ Peer Group. In a recent virtual discussion with IAPG members, the question was whether they…

Corporate boards are taking their oversight mandate more seriously; that’s why they need ERM. Today’s corporate boards need to fully understand the risks a company faces as well as their relevance to its strategy and risk appetite. That’s been the case since 2009 when the SEC started requiring disclosure of a board’s role in risk oversight, including the qualifications of its members and a description of how the board administers its oversight function. The risks revealed by COVID-19 make this…