Investigations of nine public companies reveal many fail to adequately review and update accounting controls to protect against cyberfraud, the Securities and Exchange Commission said in a report. Manipulated or spoofed electronic communication is a growing problem, especially for firms that do business with foreign entities, the report said.

"At the core of internal auditing is our ability to communicate our work in a way that excites people to initiate positive change," writes Jim Pelletier, IIA vice president of standards and professional knowledge. "Unfortunately, that's more difficult than one would think."

Trade tensions and subsequent tariffs between the US and China have resulted in some goods from China being transshipped to countries such as Malaysia, Vietnam, the Philippines and Sri Lanka, where they are relabeled with a new country of origin before they reach the US, and vice versa. This illegal activity is a crucial reason for importers to maintain strong controls to ensure compliance with customs laws, writes Brian Peccarelli of Thomson Reuters.

A survey found that younger generations prefer texting to talking on the phone or in person, and financial firms must guard against the risks that emerge as they seek to accommodate such preferences in their communications, writes Mike Pagani of Smarsh. They need to have a formal policy that forbids communication via certain electronic channels, conduct appropriate oversight of the electronic channels that employees use for their work, and use an archiving platform for record retention.

High-profile examples involving Martin Shkreli, who was convicted of fraud, and Tesla's Elon Musk, who reached a settlement with the Securities and Exchange Commission, illustrate the risks associated with social media communication, Roomy Khan writes. The SEC has offered guidance about the disclosure of Regulation FD material information via social media, and the accuracy of information in company managers' posts is a big concern, Khan writes.

The Securities and Exchange Commission says in a no-action letter boards of mutual funds can rely on reports from chief compliance officers to approve cross trades and deals with affiliates. The letter effectively reverses an earlier position.

As technology advances, so does the opportunity for fraud, although artificial intelligence and other emerging technologies can help fight the problem, experts say. AI, however, is "is only a part of the solution," and employees need thorough training and education to keep fraud in check, lawyer Hannah Laming says.

The US Chamber of Commerce and FICO have developed a system to provide scores on the extent to which businesses and sectors have secured their networks. The Assessment of Business Cybersecurity score is based on a range of factors, such as the degree to which networks are exposed to the internet.

Many surveillance tools are available for companies that want to monitor their workers. An argument in favor of such technology is that it can make workers more productive, but critics say it can heighten stress and imply that the quality of work is less vital than the quantity that gets done.

Good leaders are ambitious enough to drive companies to meet goals but are humble at the same time. Effective leaders recognize that their job is to uncover the best ideas, no matter who has them.

It's the last opportunity to provide input on topics important to the internal audit profession, including cybersecurity and data privacy, board and management relationships, emerging and atypical risks, and use of third parties, for the 2019 North American Pulse of Internal Audit Survey. The survey closes Oct. 19.

When it comes to improving internal audit performance, the things audit committee chairs hesitate to say are often the things that audit executives most need to hear. Read the latest Tone at the Top. Download a free copy.