The self-study IT General Controls Certificate Program has debuted from The IIA to help internal auditors address 12 topics. "Technology plays such an important role in business operations, from the challenges it presents each day to the opportunities it offers for future success," says IIA President and CEO Anthony Pugliese, who notes "it's crucial that internal auditors increase their skills to better engage and understand the impacts of technology."

Colorado's prescription drug monitoring program, which tracks and monitors prescriptions of controlled substances, is doing little to prevent doctor shopping, according to the Office of the State Auditor. The audit found most pharmacies don't submit data within one business day as required, the PDMP database isn't being used to identify overprescribing or to refer suspicious prescribers and pharmacies to law enforcement officials, and the system doesn't track queries for second prescriptions.

Mentors have played a big part in Bonnie Tse's internal audit career, and she is paying it forward. Tse's mentors helped "focus my ambitions," she writes in this month's #IAm blog post. Now the T-Mobile internal audit manager and 2020 Internal Auditor Emerging Leader helps coordinate The IIA's Emerging Leaders Mentoring Program, which matches internal auditors with experienced mentors from the profession.

Almost two-thirds of businesses surveyed report they are not "completely compliant" with all regulations, such as the California Consumer Privacy Act and Europe's extensive laws, Pathwire reports. It costs money to comply, but "[n]on-compliant organizations face high penalties from data privacy regulators, regardless of where they're based," says Maylis de Bazelaire of Pathwire.

Releasing more data does not necessarily clarify a company's environmental, social and governance performance, research suggests. Instead, the release of more data is correlated with increased variation in ESG scores across ratings providers, a paper found.

Many companies have compartmentalized risk into silos, which can lead to vulnerability. This article describes three steps companies can take to integrate compliance and risk management.

A federal jury has found former Georgia Insurance Commissioner Jim Beck guilty of 37 counts of fraud and money laundering. Beck was indicted in 2019 on charges that he embezzled more than $2 million from the Georgia Underwriting Association when he was employed there, and John King became interim insurance commissioner after the charges led to Beck's suspension.

Big data collected from cell phones to track local resident traffic patterns can support real-time evaluation of how well a community recovers from disasters. Researchers at Texas A&M University who compiled such data after Hurricane Harvey have produced a framework that can be applied in the aftermath of any other natural disaster.

Remote and hybrid work arrangements have highlighted cybersecurity vulnerabilities related to videoconferencing and virtual private networks, writes Yakir Golan, CEO of Kovrr. Use of multifactor authentication has increased, but in certain cases this security technique might be vulnerable to brute-force attacks or social engineering, Golan writes.

Studies of professional athletes and how rest -- or lack thereof -- affects their performance and likelihood of injury could suggest a different way to think about well-being, writes Dr. Amitha Kalaichandran. Beyond the idea of self-care, "true well-being and healing may rely more often on 'not' doing something -- over-exerting, overperforming, and overworking -- as opposed to 'adding' another trendy 'wellness' element to our routines," Kalaichandran writes.

The Internal Audit Foundation is conducting a crucial global research project. You can help build a global view of the practice of the profession and ensure the continued applicability and effectiveness of the IPPF and Standards by completing the Assessing Internal Audit Practices survey. Take the survey.

This year's Exchange will cover a variety of topics and risks affecting financial services, from ESG reporting to exploring next-generation strategies, to being more agile with ever-evolving risk, and more. Secure your in-person or virtual spot.