On the Frontlines: The information-gathering phase of engagements | SEC rule gives HR a key role in public reporting | Workplace analytics raise privacy concerns
April 22, 2021
CONNECT WITH SMARTBRIEF
The smarter way to stay on top of the internal audit profession
More startup companies are emphasizing corporate governance earlier in their processes, writes former CEO and serial entrepreneur Betsy Atkins. In this commentary, Atkins stresses the need for outside perspectives, "often achieved by naming independent directors with no material stake or interest in the company."
Webinar: Transform Your Audits With Unified Controls When control requirements change, they often need to be updated in multiple places—leading to errors and duplicate efforts. Discover how one internal audit team has unified controls, streamlined workflows, and improved reporting with purpose-built technology—transforming their SOX and operational audits. Register for webinar >>
A preliminary survey to understand an audit client's business processes can set the tone for a good start to an audit engagement, writes Hassan Khayal, a 2020 Internal Auditor magazine Emerging Leader. Khayal discusses how interview techniques can help internal auditors establish a relationship with the client, identify areas to focus on during the audit and give clients a way to provide feedback.
Champion of Analytics
In the second video in the Audit Informer Series, former VP of Internal Audit, Nasdaq, Lenny Block, explains his approach to becoming both an analytics leader and a coach to his team and the strategies used to gain team buy-in. Examples of helping teams overcome common challenges to making analytics a part of day-to-day work are also shared. Watch it today.
Updated disclosure rules from the Securities and Exchange Commission will require public companies to report on human capital concerns. The rule is principles-based, which will leave interpretation up to each company and gives HR executives a chance to work with the C-suite and board on an important and evolving issue.
Microsoft, Google and Cisco have released analytics technology that allows managers to track employee productivity and work habits. However, some industry watchers say the tools violate privacy and the data may not give companies a comprehensive view of their workforce.
IBM's Excelsior Pass and apps like it that display COVID-19 vaccination status or test results are touted as tools for restoring normalcy to public life, but they also raise significant privacy and legal issues. The government is not creating or mandating digital passports, but agencies are discussing guidelines that developers could use to alleviate concerns, White House adviser Andy Slavitt says, and whether apps are subject to privacy and security rules under the Health Insurance Portability and Accountability Act depends on who develops them, attorney Savera Sandhu says.
The Florida House has passed a bill that would require disclosures about personal data collection and usage by companies that have $50 million or more in yearly revenue as well as those that gather, share or sell the data of at least 50,000 customers per year. Consumers would be able to sue companies individually under the legislation, whereas a Florida Senate data privacy bill would task the state attorney general with enforcement, and it would more narrowly define what is considered personal information.
Rethink IT Risk: Auditing DevSecOps Projects
The rise of "continuous everything" and DevSecOps calls for internal audit to change its approach to IT risks. With a shift in mindset, organizations can confront the risks associated with continuous and largely automated change management processes without bogging down development by introducing cumbersome new compliance processes. Learn more.
The Federal Trade Commission has charged the first person with violating the COVID-19 Consumer Protection Act, possibly resulting in civil monetary penalties. St. Louis chiropractor Eric Nepute is accused of falsely marketing products under the Wellness Warrior brand as effective for treating COVID-19 symptoms.
The cyberthreats that employees pose to the companies they work for "have been growing by leaps and bounds," resulting from either negligence or malicious intent, said Ram Kumar of Nissan. Warning signs include employees downloading sensitive data or copying such data to personal devices, working unusual hours, or acting disgruntled around co-workers, Kumar said.
More than half of fraud examiners have seen a "significant increase" in cyberfraud during the pandemic, per an Association of Certified Fraud Examiners report, and manufacturers most commonly face ransomware attacks and fraudulent electronic payments, write Brad Lutgen and Mary O'Connor of Sikich. Combating fraud requires employee education and a system for collecting anonymous tips, Lutgen and O'Connor write.
"It's Easy to Switch"
In business for more than 75 years, GEICO gives you the benefit of great rates on high-quality car insurance. Because you are an IIA member, you could be eligible for a special membership discount on GEICO auto insurance. In addition to your special membership discount, you'll also receive 24-hour service online or by phone, as well as efficient and fair claim handling. To complete your free, no-obligation rate quote, simply click here or call 1-800-368-2734 to speak with an agent. Already a GEICO customer? Make sure to let a GEICO representative know that you are a member of The IIA so they can add that information to your policy.
Urgency and patience overlap in that being patient creates the preparation and skills that are necessary when urgent action is needed, writes Scott Eblin, who relates the concepts to the yin and yang of yoga, a dance floor and a team's playbook. "You can't just keep urgently running the old pre-pandemic plays and expect them to work in a late-stage and post-pandemic world," he writes.
Be a Beta Tester for the Enhanced CRMA Program
The IIA is seeking active CIA certification holders to participate in the Certification in Risk Management Assurance (CRMA) Beta Test. All participants receive a free application and those who pass the Beta Test will earn the CRMA designation. Sign up today.
ADVERTISEMENT
IIA News
May is International Internal Audit Awareness Month
Did you know The IIA has resources for internal auditors to educate stakeholders on the value internal audit brings to the organization? It's true, and all for you to use as you choose. Access our Building Awareness toolkit and enjoy other advocacy items, such as position papers and thought leadership. Shout it out and share your success stories.
AEC Webinar: The Many Sides of Crisis: 2021 Pulse of Internal Audit
This year's study provides valuable insight into how well internal audit weathered the storm caused by COVID-19. This webinar will provide critical takeaways for chief audit executives and their audit staff by exploring the key findings of Pulse, including valuable benchmarking data on staffing, resources, hiring practices, reporting lines and more. AEC members, register now for the April 28th webinar.
Today I have grown taller from walking with the trees.
Karle Wilson Baker, poet, writer April 22 is Earth Day
About The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is the internal audit profession's most widely recognized advocate,
educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today
serves more than 200,000 members from more than 170 countries and territories. The association's global
headquarters are in Lake Mary, Fla. For more information, visit
www.theiia.org.