Commentary: Sarbanes-Oxley provides ongoing value to companies | Commentary: Companies need to reduce risk from vendor data breaches | Experts: Hurricanes boost risk of toxic tort suits, Superfund actions
September 21, 2017
The smarter way to stay on top of the internal audit profession
An internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission can enable investors to make sound decisions when applied to a company's sustainability data or environmental information, a group of accounting experts reports.
Becoming a relevant partner through combined assurance Many departments have taken on an advisory role to help deepen trust in auditors as risk and control experts. Within internal audit, we have an opportunity to assume the role of relevant partner through the process of combined assurance.
The Sarbanes-Oxley Act has expanded beyond its original goal of assuring financial statements, write Craig Clay of Donnelley Financial Solutions and Daniel Kim of SOXHUB. The law allows for a more focused approach to risk management and instills discipline to prevent mistakes that could result in costly fines and lawsuits, Clay and Kim write.
How to increase audit's relevance to the business Internal audit leaders know they need to be more relevant, valuable, and have a better seat at the table… but how?
In this eBook, we offer a guide on how Audit teams can align siloed processes, apply factual data to big picture risks and ultimately, enhance their value to their C-suite and the rest of the organization. Download eBook now >>
Companies can face liability if a vendor suffers a data breach, and lawyers urge them to take steps to curtail such risk. Companies should thoroughly vet vendors and ensure that contracts spell out certain obligations and rights in such a situation, the lawyers write.
Hurricane Harvey and other severe storms that have hit the Houston area are creating risks for Superfund sites and making toxic tort litigation likely to emerge, said Vermont Law School professor Patrick Parenteau. The Environmental Protection Agency said that 13 Superfund sites in the Houston area have "damage or excessive flooding associated with Harvey."
A federal appeals court recently held that the Chicago Police Department did not owe overtime compensation for employees' use of mobile devices for work outside regularly scheduled shifts, with the decision hinging on whether the department knew employees were not getting overtime pay. "In the modern workplace, an increasing number of non-exempt employees conduct work remotely on cell phones, so you can expect to see an increase in the number of these types of claims," lawyer Natasha Sarah-Lorraine Banks writes.
Questions remain when it comes to complying with the EU's upcoming General Data Privacy Regulation. Some firms are scrambling, while others are relying on their current data-protection practices to meet the provisions.
Hackers breached the Securities and Exchange Commission's corporate-disclosure database last year, accessing documents filed by publicly traded companies. The agency determined last month the information could have been used for illicit trades.
World-class Executive Development Join a limited number of your executive-level colleagues at Vision University, an educational program for both established and new senior audit managers. It provides you with strategies, best practices, and tools to help you strengthen your audit team and inspire peak performance. Two fall sessions available in Vancouver and Chicago. Learn more.
Atlanta-based credit-reporting agency Equifax's response to a recently disclosed data breach "has been less than stellar," writes IIA President and CEO Richard Chambers. The company "has struggled to manage the fallout, with seemingly new revelations compounding its woes on a daily basis."
Artificial intelligence has shown a tendency to evolve beyond its original intended scope, which could have ramifications for auditors, Megan Lewczyk writes. A number of IT general controls likely will be necessary to guard against unexpected consequences from the use of AI, Lewczyk writes.
Good facilitators don't have to be formal leaders -- they just need to be able to bring people together to work toward solutions. There are many ways to facilitate effectively, including forgoing an agenda, using small groups to collaborate and providing more information in a written format than through speaking, Brandon Klein writes.
IIA-certified individuals must report credits earned in 2017 by Dec. 31. There's still time to earn credits, from one-hour webinars to 32-credit in-person seminars. Or certified individuals can opt for on-demand courses. Learn more.
Certification Spotlight: How to avoid becoming obsolete
During his 23-plus-year career, Chief Audit Executive Raoul Ménès, CIA, CRMA, CSSA, has identified the one thing that will render any internal audit professional obsolete. It has been the driving factor behind his certification journey. Read more.
In life, there is always a hurdle.
Gail Devers, track and field athlete
About The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate,
educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today
serves more than 190,000 members from more than 170 countries and territories. The association’s global
headquarters are in Lake Mary, Fla. For more information, visit