Your Career
ON THE ROAD TO
Advancing the Profession
8 10 40 46 1st Quarter 2014
The Unexpected Internal Audit Career Molding the Future of the Profession GAM – A Feast for the Insatiable Mind: Grab Your Seat at the Table! Arms-Length Relationships That Pack a Punch
OUR PRINCIPAL PARTNERS MAKE A DIFFERENCE The IIA acknowledges the ongoing support from our Principal Partners, who help enhance the internal audit profession by sharing their resources and knowledge with our most valuable asset – our members. These partners actively serve as members and volunteers within The IIA, participate in the introduction of new guidance, develop world-class training, and show their commitment in many other ways in an effort to advance the internal audit profession.
The IIA encourages you to tap into the expertise of our Principal Partners in 2014!
Your Career
Your Career Table of Contents IIA News .............................................. 4-7 The Unexpected Internal Audit Career............................ 8-9 Molding the Future of the Profession.............................. 10-11 On the Road to Advancing the Profession................. 12-16 Top 10 Best Seller Bookstore Products................................17 Fraud............................................... 18-21
Welcome to Career Compass! To support your internal audit career growth with the latest knowledge, tools, and resources available, The IIA is excited to be debuting Career Compass. This is your guide to everything The IIA has to offer to support you and your team’s career development needs. Whether you are a chief audit executive or director looking to improve relationships with stakeholders and enhance a high-performing audit team; the manager of an audit team looking for additional skill sets and expertise in a specific area; taking a rotational role; new to internal audit; or are fresh out of college, Career Compass provides a pathway to resources at every step of your career.
GRC.................................................. 22-25 Internal Audit Practice..................... 26-31 Information Technology.................... 32-35 2014 Seminar Course Matrix............ 36-37 Local Highlights............................... 38-39 GAM: A Feast For The Insatiable Mind......................... 40-42
With tips and guidance on training, education, and knowledge sharing to easy-access guides on resources available by topic, Career Compass is your go-to guide. You’ll also receive relevant and timely information on internal audit news and what’s going on at The IIA. To access an online copy, visit www.theiia.org/goto/careercompass.
Certification Corner.......................... 44-45 Arms-Length Relationships That Pack a Punch........................... 46-47
Learn more about Career Compass at www.theiia.org/goto/CareerCompass. We welcome comments, questions, and feedback at CareerCompass@theiia.org.
Connect with us on: Twitter FaceBook LinkedIn Group www.theiia.org/goto/connect
The Institute of Internal Auditors 247 Maitland Ave. Altamonte Springs, FL 32701-4201 USA +1-407-937-1100 www.theiia.org All contents copyright © The Institute of Internal Auditors (IIA) 2014.
1/140137/PM/JP
Dear Member, The feature story of Career Compass is a topic we believe is critical to the future of our profession: Advocacy. As you will read in “On the Road to Advancing the Profession,” The IIA has made significant progress over the past year and is already moving full-steam ahead with its advocacy plan through the next year. Evidence of The IIA’s numerous cooperative agreements, collaborative relationships, and lobbying efforts is showing up in myriad places around the world. From media outlets to board room discussions, The IIA’s advocacy efforts are influencing perspectives, impacting decisions, and raising awareness. This is why The IIA is so passionate about and committed to advocating on behalf of the profession and you as internal audit professionals. By making this investment in the future, The IIA is supporting the future of your career. We hope you will be proud to learn about The IIA’s many advocacy successes and encouraged to get involved. Advocacy is not a spectator sport. There are many ways you can join the effort on a local level within your organization, your chapter, and your community. Let’s keep the momentum going. Sincerely, Mike Head, CIA Chairman, The IIA North American, Advocacy Committee www.theiia.org
|
3
Your Career
News 2014 IIA CONFERENCES GENERAL AUDIT MANAGEMENT CONFERENCE
March 24–26, 2014 Hilton Orlando Bonnet Creek / Orlando, FL
GAMING CONFERENCE April 14–16, 2014 The Mirage / Las Vegas, NV
CENTRAL REGIONAL CONFERENCE May 18–21, 2014 Hyatt Regency / Indianapolis, IN
INTERNATIONAL CONFERENCE July 6–9, 2014 ExCeL London / London, England
GOVERNANCE, RISK, AND CONTROL CONFERENCE (IIA/ISACA) Aug. 18–20, 2014 The Breakers / Palm Beach, FL
NORTHEASTERN REGIONAL CONFERENCE
Sept. 7–10, 2014 New York Marriott at the Brooklyn Bridge / Brooklyn, NY
IT AUDIT & CONTROLS CONFERENCE (IIA/MIS)
Sept. 30–Oct. 2, 2014 Hilton San Diego Resort & Spa / San Diego, CA
ALL STAR CONFERENCE
Oct. 27–29, 2014 Caesar’s Palace / Las Vegas, NV
4
|
The Institute of Internal Auditors
Introducing IIA SmartBrief— Essential Connection to Internal Audit News The IIA is excited to be launching IIA SmartBrief in 2014 with a weekly snapshot of market news and issues affecting internal auditors and their stakeholders from leading global news sources. SmartBrief is a service that curates thousands of news sources and delivers timely articles affecting the profession straight to our members’ email inboxes. All members who opt to receive IIA email received IIA SmartBrief. Members need to opt-in to SmartBrief at www. smartbrief.com/iia. The IIA is also launching two e-publications to members of The IIA’s specialty groups: Gaming and Financial Services. Special advertising launch packages are being offered to The IIA’s key sponsors and advertisers now. Spots are filling up quickly, and are available on a first-come, first-served basis. To learn more, please contact Director of Sales Alan Dean at alan.dean@theiia.org. Learn more about IIA SmartBrief at www.theiia.org/goto/smartbrief.
Your Career
2014 Pulse of the Profession Coming in March Internal audit leaders from around the world weighed in on cybersecurity, the Three Lines of Defense Model, the career path for the CAE, and other emerging trends for the internal audit profession in this year’s Pulse of the Profession Study. North American results will be released in March at the GAM conference in Orlando and global results will be released at the International conference in July. To learn more about the Audit Executive Center’s study and access results, please visit www.theiia.org/goto/pulse. ™
Call for 2014 IIA Award Nominations The IIA is seeking nominations for its three highest and most prestigious awards that recognize outstanding achievements in the field of internal auditing: Bradford Cadmus Memorial Award For contributions to the global profession of internal auditing Victor Z. Brink Award for Distinguished Service For contributions to the profession through global service to The IIA William G. Bishop III, CIA, Lifetime Achievement Award For impact on the global profession through a lifetime of accomplishments and dedication to The IIA Nominations are due February 28, 2014. Recipients of these awards will receive complimentary registration and travel arrangements for the International Conference in London, England, in July 2014, as well as special recognition during the conference. Learn more and nominate today at www.theiia.org/goto/awards.
The IIA’s Audit Executive Center Launches Enhanced Website Redesign The IIA’s Audit Executive Center has redesigned its member portal to offer a more user-friendly experience for CAEs to locate information on everything they need from thought leadership to audit programs. The site now features enhanced search functionality, a “My Benefits” bar, and a Center invitation-only LinkedIn forum. Additional enhancements include a combined Knowledge Center and Resource Library, a webinar archive, and quick links to other CAE-relevant IIA resources on the home page. www.theiia.org/cae
www.theiia.org
|
5
Your Career
Additions to Partner Savings Program Mean Members Save More!
Did You Miss the Annual CPE Reporting Deadline? Certified individuals are required to report compliance with Continuing Professional Education (CPE) requirements each year, with an annual deadline of Dec. 31. Failure to report by the deadline results in a change of your status from “Certified” to “Inactive” (grace period). If you find yourself with an “Inactive” (grace period) status, you can reactivate your designation. For more information on CPE reporting, visit the “Already Certified” section on the website: www.theiia.org/certification.
Hot Blogs on IaOnline Check out these recent popular blog posts on IaOnline – www.theiia.org/intauditor: ■■ “Five New Year’s Resolutions Every Internal Auditor Should Make for 2014,” by Richard Chambers, Chambers on the Profession. ■■ “Genchi Genbutsu – Go There and See For Yourself,” by Carolyn Saint, Saint on Getting Stuff Done. ■■ “The Most Important Thing Internal Audit Can Do in 2014 – Part 1-3,” by Mike Jacka, From the Mind of Jacka. ■■ “Does Your Internal Audit Department Understand All the Tools It Has?” by Norman Marks, Marks on Governance.
6
|
The Institute of Internal Auditors
In its quest to continuously deliver more value to its members, The IIA has partnered with even more organizations to offer exclusive savings for IIA members. The Partner Savings Program has been expanded and now features an array of useful discounts on items such as office supplies, travel services, and insurance. Whether you’re looking to save on personal or professional products, check out all of your options at www.theiia.org/membership under Partner Savings Program.
Your Career
New Releases from The IIA Research Foundation Don’t miss these latest reports and books now available through The IIARF’s Bookstore at www.theiia.org/bookstore.
The Internal Auditor’s Guide to Risk Assessment This guide raises internal auditors’ awareness of ever-present changes happening in the marketplace and the importance of making adjustments to their risk management activities as a result of change.
Closing the Gaps in Third-Party Risk Management Published by The IIARF and Crowe Horwath LLP, the report explores types of third-party risks, misalignment of third-party use and dedicated internal audit coverage, and internal audit value-adding opportunities.
Management’s Guide to Sarbanes-Oxley Section 404
Value and Competency: The Stakeholder Perspective
This guide — consistent with the updated 2013 COSO framework — will help you assess and improve your Sarbanes-Oxley program efficiency. It explores issues for a comprehensive approach across the enterprise, while keeping in mind scope and cost.
This report explores practitioners’ and stakeholders’ perceptions of internal audit’s value and competencies to identify areas where these two perspectives align and how the existing gaps can be bridged.
www.theiia.org
|
7
Your Career
The Unexpected
INTERNAL AUDIT
Career
Angelina Vavasour
Angelina Vavasour, risk manager for Royal & Sun Alliance in Canada, wasn’t even aware internal auditing was a career option when she was in college. “I was doing an accounting designation and a teammate asked for my resume. I had no idea what I was getting myself into, but I knew Ernst & Young was a great company, so I decided to give it a try and 10 years later I’m stilled involved.” Seeing across a lot of industries and companies and learning how businesses were run intrigued Vavasour. “I don’t think there are a lot of career options that give you that depth and breadth of exposure.” That, combined with developments within the pro8
|
The Institute of Internal Auditors
Few children proclaim, “I want to be an internal auditor when I grow up!” However, internal auditors share traits with the super heroes and astronauts many children aspire to be. From saving the day to launching their services to new heights to meet stakeholder expectations, the sky is no longer the limit. Many career-long practitioners never imagined they would be internal auditors and yet today they could not imagine doing anything else. fession, has her staying the course. “There are a lot of positive changes we’re experiencing, like the ability to participate in the strategic planning process. I’ve felt a change even in the last 18 months to two years, and I think a lot of it has to do with the elevated profile of the profession.” Carmen Abela, managing director for Windreach Consulting Services in Ottawa, Canada, also never envisioned this would be her career. “My educational background is in political science and sociology,” says Abela. When asked to help start up Bank of Canada’s control self-assessment practice in 1997, she could not refuse. Reflecting on taking a
risk and pursuing an internal audit career, she lights up, “Am I ever glad I accepted the offer!” Abela has never looked back after and credits her involvement in The
Seth Peterson
Your Career
IIA for keeping her at the forefront of the profession. “The value has been extraordinary in terms of leadership development, networking benefits, and getting opportunities to work in areas that I would have never imagined I would have been involved in. You can’t buy professional development like that.” Taking career risks is something Carolyn Saint, vice president of internal audit at 7-Eleven Inc., knows something about. She recently left her job at Lowe’s in North Carolina to rebuild 7-Eleven Inc.’s internal audit team in Texas. “It’s important not to get too comfortable or be afraid to take big, bold chances,” says Saint. “Sometimes we can be risk averse as internal auditors, but sometimes risk can make your whole life.” A rising internal audit star who also found that his college plans didn’t align with his ultimate career path is Seth Peterson, a senior audit manager at Metabank in Sioux Falls, South Dakota. Chosen as one of Ia magazine’s “20 Under 30” in 2013, Peterson says a college professor suggested a bank examiner career. “It didn’t work out right out of college, so I took a job within my current organization and a year later
an internal audit position opened up.” It’s a role that continues to hold his interest because of its diversity. “You get to look at a little bit of every different kind of process instead of being focused on just one thing.” His interest in a range of subjects and people has afforded Peterson success. Not only has he received multiple promotions within his organization, but he served as president of his IIA chapter and currently serves as the district representative for IIA Midwest District No. 3. He asserts his work as an IIA volunteer leader has improved his internal audit performance and strengthened his leadership skills. Raven Catlin, of Raven Global Training, adds, “You don’t have to wait to be asked. It could be volunteering through The IIA or taking on a leadership role within an audit without a formal title. While you might not be compensated for it monetarily, the value you will get out of it will be amazing.” Danny Goldberg, founder of GOLDSRD and former partner with Sunera who ran the organization’s professional development track, stresses the importance of diver-
Carmen Abela
sification. “Differentiate yourself by getting multiple certifications, becoming a multi-faceted auditor, and taking yourself out of your box and doing something a little different, even if it’s a temporary role for six months in another area.” Whether it’s taking on a new challenge within your job or exploring IIA volunteer opportunities, getting involved and connected within the internal audit community leads to a rewarding internal audit career path. To learn more about leveraging your IIA membership for tips, resources, and quick links, please visit www.theiia.org/2014.
“The value has been extraordinary in terms of leadership development, networking benefits, and getting opportunities to work in areas that I would have never imagined I would have been involved in. You can’t buy professional development like that.” – Carmen Abela www.theiia.org
|
9
Your Career
Molding the
FUTURE of the
PROFESSION What will the future of the internal audit profession look like? Peer into the windows of colleges and universities and you will see that the profession’s future — internal audit students — is a growing population of welltrained, knowledgeable, and competent budding professionals. In a global economy still struggling to regain its footing, students in Internal Auditing Education Partnership (IAEP) programs are acquiring the skills necessary to hit the ground running on day one of the job.
University of Texas at the 2013 IAEP Event.
10
|
The Institute of Internal Auditors
To receive The IIA’s IAEP program designation, schools must undergo a rigorous application process and agree to be monitored by The IIA’s Academic Relations Committee (ARC). IAEP program schools teach an IIA-endorsed internal audit curriculum within an undergraduate or post-graduate degree. The level of a school’s commitment determines its IAEP-specific classification: ■■ Centers for Internal Auditing Excellence (Centers). ■■ Comprehensive Internal Auditing Program (Comprehensive). ■■ Internal Auditing Foundation (Foundation). Over the last decade, the IAEP program has evolved significantly due in large part to the establishment of the Internal Auditing Academic Advancement Fund (IAAAF), which collects and distributes funds to support awareness and teaching of internal auditing in post-secondary educational institutions worldwide, now totaling $1.2 million. In 2013, as a result of generous donations by individuals and organizations, the IAAAF approved $200,000 in grants to IAEP schools to enhance and develop curriculum. It’s curriculum that is yielding benefits for students and employers alike. Melissa Carley, a teaching assistant for The Center for Internal Auditing Excellence at the University of Texas (UT) at Dallas, believes being part of an IAEP program offers her a tremendous advantage
Your Career
in today’s marketplace. “It’s the most comprehensive auditing program in the world, offering a unique combination of educational, professional, and networking opportunities” says Carley. “Our students are heavily recruited, with most students having full-time positions upon graduation.” The UT at Dallas Center sent eight students to The IIA’s 7th Annual IAEP Leadership and Networking Retreat in Orlando, Fla., last September. The invitation-only event brought together 28 educators, 21 internal audit professionals from high-profile organizations, and 72 students from universities as far away as South Africa, Thailand, Lebanon, and China. It is an event supported by leading employers each year as it plants the seeds for continued growth of a program. Dawn Jones, CIA, a director at Deloitte & Touche and a retreat attendee says, “(The retreat) gives us great access to what we consider the best of the best in the internal audit profession.” The weekend included student development sessions, as well as a student case study competition. An educator’s forum allowed professors to share experiences and discuss challenges and opportunities in shaping the next generation of internal auditors. “I’m passionate about the fact that we’re creating jobs for these kids,” says attendee Michael Newman, Ph.D., CIA, director of accounting programs, University of Houston. “We’re not just giving them an education. We’re giving them the opportunity to have a career and a great life!”
His passion was echoed by Mark Salamasick, CIA, CRMA, the director of the Center at UT at Dallas. “Educators learned more about the needs of the market, while students had the opportunity to network with professionals who can recruit and groom them for leadership positions in their organization.” Salamasick, who has been actively involved in The IIA’s academic relations efforts for more than a decade, believes IAEP programs will improve and grow stronger as awareness continues to build due to the increased emphasis on regulations, compliance, and other controlfocused disciplines. It’s a prediction already supported by the success of another leading IAEP program, the Center for Internal Auditing at Louisiana State University (LSU). Dr. Glenn Sumners, CIA, CRMA, director of the Center, attributes its success to the continuity and behavioral basis of the program. “We don’t just transfer knowledge. We build professionals,” says Sumners. “The marketplace is looking for committed people with positive attitudes. We deliver by making our students think and challenging their creativity.” With placements of over 100 students a year in internships and more than 3,500 program graduates to date, his strategy appears to be working. In fact, Sumners says that 75 percent of the professionals that recruit his students are LSU program graduates. It’s an approach that makes sense for simple reasons. Practitioners want to work alongside other knowledge-
able and competent practitioners. Employers want to recruit the best and brightest, and the best and brightest want to participate in the strongest internal audit programs. The IIA’s IAEP program, with financial support from the IAAAF, answers the call on all fronts. To learn more about the IAEP program and how you can support it through the IAAAF, please visit www.theiia.org/Academic.
2013 IAAAF Grant Recipients ■ ■ Bentley University ■ ■ DePaul University ■ ■ Kennesaw State University ■ ■ Louisiana State University ■ ■ Pittsburg State University ■ ■ St. Cloud State University ■ ■ University of Houston ■ ■ University of Nevada Las Vegas ■ ■ University of New Orleans ■ ■ University of Pretoria (South Africa) ■ ■ University of South Africa ■ ■ University of Texas at Dallas
www.theiia.org
|
11
Your Career
ON THE ROAD TO
Advancing the Profession We’ve come a long way, but we’re not there yet.
12
|
The Institute of Internal Auditors
Your Career
As a result of ongoing changes in the business arena and in stakeholder expectations, advocacy for the internal audit profession is a never-ending challenge — an ever-evolving pursuit. Rather than a destination, internal audit advocacy is a journey. “Advocating for the internal audit profession is not a project with a defined start and stop date. Rather, it must be a sustained strategy for The IIA,” says Mike Cowell, chief audit executive at TIAA-CREF and member of The IIA’s North American Advocacy Committee. He goes on to point out that the responsibility for advocacy goes beyond the profession’s leaders. “We must continue to build upon the momentum underway at the local, national, and global levels. For example, my IIA chapter in Charlotte is in process of implementing local advocacy initiatives — something not even considered until recently,” he says. Current IIA– Charlotte activities includes hosting its first annual volunteer workshop and doubling its volunteer pool for the 2013–14 chapter year, appointing an Advocacy chair, creating an advocacy strategic plan, and working on outreach to local government officials and business leaders. According to Cowell, advocacy ultimately should become an expectation and practice of every internal audit professional around the globe.
Mapping the Route – Establishing a Shared Vision and Plan The first step in the journey is to know where you want to go. For years, The IIA has been very intentional and strategic in its advocacy
efforts. In fact, advocacy has been an integral part of The Institute’s strategic directives since the 1990s. It’s important that internal auditors everywhere embrace the value of advocacy in raising awareness of the full scope of internal auditing — which extends far beyond financial reporting — and understand how they can play a role in elevating the profession by taking action to further the cause. “As advocacy efforts continue to expand, the global profession will need to communicate and operate with a shared vision of what it really means to be an internal auditor,” says Mike Head, chairman of The IIA’s North American Advocacy Committee. Evidence of this shared vision and The IIA’s global advocacy has garnered the attention of standard-setting bodies all around the world. The Institute is increasingly being recognized as an influential thought leader committed to good governance, risk management, and control on behalf of the public’s best interests. “It’s important to understand,” explains IIA Vice President of Professional Practices Hal Garyn, “that these efforts and the resulting enhanced global visibility and recognition inherently further our North American advocacy initiatives.” His
Why The IIA Drives Advocacy “Our vision is that internal audit professionals will be universally recognized as indispensable to effective governance, risk management, and control. For this to happen, we believe it is essential that organizations have a strong and effective audit committee and that management holds itself responsible for risk management and control. We also believe that the internal audit activity should be properly structured, maintain independence (through appropriate reporting lines), and operate in conformance with The IIA’s Standards and Code of Ethics. Our advocacy efforts are designed to help ensure that organizations everywhere understand how these provisions, coupled with competent and professional internal auditing, feed into their effectiveness, success, and ultimate sustainability.” Richard Chambers, CIA, CGAP, CCSA, CRMA President and CEO, The Institute of Internal Auditors
www.theiia.org
|
13
Your Career
team’s work in North America also impacts The IIA’s global advocacy efforts. “Enhancing The IIA’s recognition as a trusted advisor to U.S. regulators and legislators,” says Garyn, “elevates the overall image of the profession and increases the demand for professional internal auditing throughout the world.” The Center for Audit Quality (CAQ), which serves investors and public company auditors, is an important IIA stakeholder group. As one who fully understands the value of internal auditing, CAQ Executive Director Cindy Fornelli views advocacy for the internal audit profession as a critical link in the financial reporting supply chain. “Internal auditors play an important role in fraud detection and deterrence, risk management, and establishing and monitoring internal controls,” says Fornelli, who also embraces The IIA’s view of internal auditing as the third line of defense against company risk. “They are most familiar with the company’s systems, controls, and culture, and this is extremely valuable,” she states.
Rearview Mirror – Looking at How Far We’ve Come Looking back over the past year, it’s clear that The IIA’s advocacy efforts have covered a lot of ground. Not only have we made significant progress on ongoing initiatives, but we’ve also explored numerous new avenues for advancing the profession. Here are just a few advocacy milestones achieved in 2013: ■■ Sponsored and coordinated a roundtable discussion on financial reporting fraud with members of the CAQ, National Association of Corporate Directors (NACD), and Financial Executives International (FEI). ■■ Met with the Congressional CPA Caucus, co-hosted a policy briefing for congressional staff members on the role of internal auditors in defending against the next global financial crisis. ■■ Executed a new Memorandum of Understanding (MoU) with the International Federation of Accountants (IFAC) to garner IFAC’s acknowledgement of The IIA’s Standards. ■■ Secured a seat on the International Integrated Reporting Council (IIRC) to build awareness of the critical role internal auditing can and should play in the integrated reporting (<IR>) process.
Phil Tarling, former IIA Global Chairman, and Warren Allen, IFAC President, sign MoU at The IIA’s 2013 International Conference
14
|
The Institute of Internal Auditors
■■ Hosted a two day event with the Audit Executive Center, a
dozen chief audit executives from Fortune 500 companies in Washington, D.C. with Patton Boggs, The IIA’s U.S. legislative consultant. The event covered a roundtable discussion centered around health care reform, cyber security, and corporate taxation. Participants also met with congressional staff of both Senate and House members to provide insight on the internal audit profession and how it plays a critical role in corporate governance. ■■ Issued responses to numerous endeavors, including the Consultation Draft of the International <IR> Framework, the Financial Stability Board’s (FSB) Principles for an Effective Risk Appetite Framework Consultation Draft, and IIA‒UK’s Financial Services Code. ■■ Approved concept and laid groundwork for the American Center of Government Auditing, which The IIA will launch in 2014 to support public sector auditors in the United States with tools and resources, including advocacy materials, to promote and educate government stakeholders on the value internal audit professionals add to their organizations. In addition, The IIA continues to foster its relationship with the International Organisation of Supreme Audit Institutions (INTOSAI), the Organisation for Economic Co-operation and Development (OECD), the International Corporate Governance Network (ICGN), the Global
Your Career
Reporting Initiative (GRI), and the Association of Chartered Certified Accountants (ACCA). We’re also working more collaboratively with regional IIA groups in Europe, Africa, Latin America, and the United Arab Emirates to promote the profession and advance The IIA’s key messages.
Power Steering – Building Partnerships and Building Relationships The Institute understands the importance of collaboration, especially with regard to advocacy. In the global public sector, for example, The IIA has joined forces with numerous organizations, such as INTOSAI, to promote good governance, risk management, and internal control to better protect the public interest. These efforts are designed to establish internal auditing as a fundamental component of good governance, to contribute to transparency and accountability in the use of public funds, and to advance efficient, effective, ethical, and economical public administration governance. To help ensure the buy-in of public sector stakeholders around the world, The IIA has established an MoU with key agencies, such as the Superior Audit Office of Mexico, the Contraloría General de la República de Costa Rica, the Accounts Chamber of the Russian Federation, and the Ministry of Finance: Montenegro. CAQ’s Cindy Fornelli points out that collaboration and communication are also key to promoting integrity in financial reporting and audit quality.
The IIA collaborates with the CAQ, FEI, and the NACD in the Anti-Fraud Collaboration — a partnership actively engaged in efforts to mitigate the risks of financial reporting fraud. “The goal is to promote the deterrence and detection of financial reporting fraud through the development of tools and resources,” Fornelli explains.
Roadside Assistance – Aligning the Expertise “At the national level, The IIA has had the opportunity to build sustained relationships with key stakeholders on Capitol Hill,” says Mike Head, in reference to The IIA’s lobbying efforts. Over the past year, Patton Boggs, The IIA’s federal government relations consultant, conducted outreach on Capitol Hill to engage with the Congressional CPA Caucus and build relationships with regulatory targets. The goal of these efforts is for The IIA to become a trusted source of information that feeds into the decision-making process in regard to organizational governance, risk management, and controls. Results of 2013 lobbying efforts include IIA meetings with members of the Congressional CPA Caucus the House Financial Services Committee, and the Office of the Comptroller of the Currency, to name a few. In addition to promoting a broader understanding of internal auditing’s value, The IIA’s advocacy efforts are paying off within the minds of individual practitioners and in the organizations they serve. “Over the
CAEs from Fortune 500 companies visit Capitol Hill with The IIA and Patton Boggs
past year or two, I have noticed an increased energy and passion among CAEs across North America,” says Cowell. “These leaders recognize the importance of increasing the gravitas of being an internal audit professional and the value this can provide to the profession, individual practitioners, as well as the organizations we support,” he says.
Curves in the Road – Overcoming Perceptions and Meeting Expectations These challenges all point to the ongoing need for individual advocacy and increasing internal audit understanding and awareness at the organizational level. With more than 20 years of experience on the audit committees of various large public corporations, PPG Industries’ Audit Committee Chair Michele Hooper is a vocal proponent of internal auditing. “I see first-hand the value that the internal www.theiia.org
|
15
Your Career
auditors can provide to the audit committee and the organization,” she says. “However, they are in a unique and potentially conflicting position: they must be independent of management and yet their future career steps lie within the company.” Being a professional internal auditor is many times misunderstood within the marketplace, says Cowell. “Perceptions are heavily influenced by a wide variety of misconceptions such as, ‘Internal auditors are a bunch of CPA bean counters,’ and ‘Internal auditing is a place to go at the end of your career.’ On the contrary,” he says, “internal auditing is an exceptionally challenging and rewarding profession made up of risk and control specialists with a wide variety of expertise, including operational risk, technology risk, financial risk, strategic risk, and broad business risk assessment.” Fornelli suggests that managing the rapidly changing regulatory and business landscape is one of the greatest challenges facing today’s practitioners. “As the internal audit profession responds to these changes,” she says, “internal auditors must
Richard Chambers meeting with Congressional CPA Caucus members
16
|
The Institute of Internal Auditors
understand how they can impact a company’s controls, strategies, and risk profile to ensure they are in compliance with new regulations.” Hooper agrees that the increasing focus on compliance and risk is a challenge, and indicates that compliance and internal audit functions must have clear missions and responsibilities. “They need to coordinate the scope, timing, and resources of audits and visits to avoid duplication of efforts and overloading the business units.” She points out that as the internal auditors are asked to perform increasingly more advisory work for business units, they must maintain independence and skepticism, and ensure they don’t stray too far from their mission.
The Road Ahead – Initiatives to Support Our Momentum Garyn and his team are already focusing on the journey for 2014. “We will continue to advance all the global and North American advocacy initiatives we already have in place,” he says. A few specific steps include developing an annual work plan in support of the IFAC MoU, serving as the internal audit profession’s voice in the design and implementation of the <IR> framework, and presenting to FSB’s secretary general and chairman the business case for including The IIA’s Standards in their Compendium of Standards’ Key Standards for Sound Financial Systems. In addition, Garyn says that his team will work on finalizing the NACD MoU and work plan, continue to collaborate with ISACA
on such initiatives as a cybersecurity research project currently underway, and continuing the efforts of building relationships in Washington, D.C. with legislators. Cowell also expresses sincere optimism for the future. “I believe in the profession and in the value we, as internal audit practitioners, provide to our respective organizations. This belief is based on what I have personally experienced and the feedback we continue to receive from TIAACREF’s Audit Committee chair and executive management. Internal auditing is viewed as a valuable component of the organization and has a seat at the table,” he explains. Cowell adds that as a member of The IIA’s North American Advocacy Committee, he hopes to inspire others and assist in driving the strategy of The IIA North American Board to see internal auditing fully recognized for its true value. To help ensure the involvement of individuals and the effectiveness of local advocacy efforts, The IIA has created a user-friendly Internal Audit Awareness Toolkit at www.theiia. org/goto/awareness. This resource includes tools for both individuals and chapters, and provides in-depth information about The IIA’s awareness-building initiatives. The IIA invites all members to participate in this journey. When we’re all on the road together, what an exciting ride it will be! www.theiia.org/advocacy
Your Career
CAE Strategic Relationships: Building Rapport with the Executive Suite Item No. 5024 Member Price: $45 Nonmember Price: $55
CGAP® Exam Study Guide, 4th Edition Item No. 1100 Member Price: $75 Nonmember Price: $85
Combined Assurance: Case Studies on a Holistic Approach to Organizational Governance Item No. 5023.ep Member Price: $30 Nonmember Price: $40
CRMA® Exam Study Guide Item No. 1130 Member Price: $75 Nonmember Price: $85
2013
Internal Auditing: Assurance & Advisory Services, 3rd Edition Item No. 1133 Member Price: $140 Nonmember Price: $170
International Professional Practices Framework (IPPF), 2013 Edition Item No. 1127 Member Price: $55 Nonmember Price: $75
COSO Internal Control – Integrated Framework: 2013
Quality Assessment Manual for the Internal Audit Activity
Item No. 6278 Member Price: $140 Nonmember Price: $175
Item No. 1131 Member Price: $215 Nonmember Price: $260
COSO Internal Control – Integrated Framework: Turning Principles Into Positive Action Item No. 1135.ep Member Price: $55 Nonmember Price: $70
l0 BEST SELLERS www.theiia.org/bookstore
Sawyer’s Guide for Internal Auditors, 6th Edition Item No. 1099 Member Price: $175 / Nonmember Price: $225
www.theiia.org
|
17
Your Career
FRAUD According to the ACFE’s Report to the Nations on Occupational Fraud & Abuse, the typical organization loses 5 percent of its revenues to fraud each year. Although it is management’s responsibility to design internal controls to prevent, detect, and mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness of what management has implemented. The IIA has a host of resources to ensure that you, as an internal auditor, are equipped to do just that.
TRAINING RESOURCES Learn more about these courses at www.theiia.org/training.
Data Analysis for Internal Auditors Are you seeking to improve the effectiveness of your audit planning and to ensure whether or not your results can be generalized to total populations? This course provides the opportunity to learn about the analysis of large data sets, particularly how to summarize and display data, and determine the appropriate measures for describing data. eSeminar Session Dates: June 9-10, 2014; Oct. 6-7, 2014 CPE Hours Available: 8
Internal Auditing for FCPA & Anti-corruption: Leading Practice Considerations from the SEC and DOJ Guidance Compliance with anti-corruption laws such as the U.S. Foreign Corrupt Practice Act (FCPA) has been a growing focus of many organizations due to increased business activity in emerging markets, and an uptick in FCPA enforcement and fines that often reach hundreds of millions of dollars. This interactive one-day course, a joint effort between The IIA and Deloitte & Touche, will provide an overview of the FCPA and UK Bribery Act and will discuss the various roles internal auditors can play in auditing for corruption. Upcoming Offering: May 8, 2014, Atlanta, GA Course Duration: 1 day / CPE Hours Available: 8
Internal Auditing for Fraud Appropriate for auditors at all levels, this course is a joint effort between The IIA and Deloitte & Touche. It focuses on monitoring activities, understanding the nature of fraud and how it manifests itself, internal audit’s role in detecting fraud, and audit steps to detect fraudulent activities. Upcoming Offerings: May 6–7, 2014, Atlanta, GA
Purchasing Fraud: Auditing and Detection Techniques This interactive course, a joint effort between The IIA and Deloitte, helps you to assess an organization’s risks relating to purchasing fraud, identify controls that can mitigate those risks, design audit tests to detect purchasing fraud, and investigate evidence of fraud occurring.
Sept. 23–24, 2014, Chicago, IL
Course Duration: 2 days / CPE Hours Available: 16
Upcoming Offering: Nov. 18–19, 2014, Dallas, TX Course Duration: 2 days / CPE Hours Available: 16
18
|
The Institute of Internal Auditors
Your Career
FRAUD Onsite Training Get your entire team up to speed on techniques to tackle fraud-related issues. Have our Onsite training team schedule any of the above courses or these additional courses for your team of five or more at your location. • Corruption: Mitigation Strategies for Internal Audit • Detecting, Preventing, and Reporting Internal and External Fraud • Developing a Fraud Risk Management Program for Your Organization • Evaluating Organizational Ethics • Financial Statement Fraud Detection for Internal Auditors • Fraud Auditing Using ACL • Fraud Awareness for CAEs and Management • Fraud Detection and Investigation for Government Auditors • Fraud Detection and Investigation for Internal Auditors • Fraud Investigation Tools and Techniques Explore more benefits of Onsite Training by visiting www.theiia.org/onsite or contact The IIA’s On-site Training Department by e-mail at GetTraining@theiia.org or call +1-407-937-1388.
Consult the course matrix on pages 36-37 for offering dates and locations. Learn more about any of the above courses and register today at www.theiia.org/training.
MEMBER-ONLY WEBINARS Save the dates for this line-up of Members-only Webinars addressing fraud: Feb. 25: The Insider Threat is the Most Serious Threat March 18: Fraud, Bribery and Corruption: Stop Them in Their Tracks April 16: Roles and Responsibilities With Fraud
Learn more about these free CPE opportunities at www.theiia.org/goto/MOW.
CONFERENCES Conferences offer a great way to delve into fraud issues and network with your peers who are facing the same tough challenges.
2014 General Audit Management Conference (GAM) March 24–26, 2014 / Orlando, FL USA
• Data Analytics Enhances Fraud Detection – Robert H. Brewer, senior vice president and chief compliance officer, Office Depot Inc. • Aggressively Addressing Anti-Corruption Risk – Todd Freeman, CIA, vice president, Internal Audit, Chicago Bridge & Iron • Fraud Risks for the Chief Audit Executive and the Board – John J. Hall, president, Hall Consulting Inc.
2014 Gaming Conference April 14–16, 2014 / Las Vegas, NV USA
• Developing an Anti-Corruption Program – Robert Rudloff, CIA, CRMA, senior vice president, MGM Resorts International
www.theiia.org
|
19
Your Career
FRAUD 2014 International Conference
GUIDANCE RESOURCES
July 6–9, 2014 / London, England
• Understand Risk and You Will Understand Fraud – Michael Fucilli, CIA, CGAP, CRMA, auditor general, Metropolitan Transportation Authority (USA) • A Primer on Fraud Investigations – H. David Kotz, director, Berkeley Research Group (USA) • Digital Forensics: The Five Big Questions – John Mitchell, Ph.D., managing director, LHS Business Control (UK) Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
GTAG 13: Fraud Prevention and Detection in an Automated World Through a step-by-step process for auditing a fraud prevention program, an explanation of the various types of data analysis to use in detecting fraud, and a technology fraud risk assessment template, this GTAG aims to inform and provide guidance to chief audit executives and internal auditors on how to use technology to help prevent, detect, and respond to fraud.
BOOKS AND EDUCATIONAL PRODUCTS The Intermediate Audit Library Collection BUY A BUNDLE - SAVE A BUNDLE! IIA Members save $453.00! • COSO Internal Control – Integrated Framework: 2013 Framework NEW! • Internal Auditing: Assurance & Advisory Services, 3rd Edition NEW! • International Professional Practices Framework (IPPF) 2013 NEW! • Quality Assessment Manual for the Internal Audit Activity NEW! • Sawyer’s Internal Auditing, 6th Edition NEW! • The Internal Auditor’s Guide to Risk Assessment NEW! • And more Item No.: 1042 Member Price: $1,100.00 Non-Member Price: $1,553.00
20
|
The Institute of Internal Auditors
Practice Guide: Internal Auditing and Fraud This guide discusses fraud and provides general guidance to help internal auditors comply with professional standards. Because fraud negatively impacts organizations in many ways — financially, reputational, and through psychological and social implications — it is important for organizations to have a strong fraud program that includes awareness, prevention, and detection programs, as well as a fraud risk assessment process to identify risks within the organization.
Your Career
FRAUD
SponSored by: The Institute of Internal Auditors The American Institute of Certified public Accountants Association of Certified Fraud examiners
Managing the Business Risk of Fraud: A Practical Guide
Managing the Business Risk of Fraud: A Practical Guide
This guidance outlines five key principles of a fraud risk management process and recommends ways in which boards, senior management, and internal auditors can fight corporate fraud. The report is the result of two years of work from a dedicated task force of more than 20 experts in the field of fraud risk identification, mitigation, and investigation. It was released by The IIA, along with the Association of Certified Fraud Examiners (ACFE) and the American Institute of Certified Public Accountants (AICPA). 1
Consult these guidance resources, part of International Professional Practices Framework (IPPF)® at www.theiia.org/guidance.
THOUGHT LEADERSHIP AND RESEARCH The Anti-Fraud Collaboration, comprising the CAQ, FEI, NACD, and The IIA, published this report as the result of two roundtable discussions on the subject of the “expectation gap” among key players in the financial reporting supply chain. The goal was to discuss each group’s expectations of the roles of the various players in the deterrence and detection of financial reporting fraud. www.theiia.org/goto/Anti-Fraud-Report
Ia Magazine: Fraud Findings | NEW YEAR, NEW FRAUDS The U.S. Federal Bureau of Investigation (FBI) has set up a telephone hotline for reporting incidents of public corruption, the Associated Press reports. FBI and U.S. Department of Justice officials say the hotline is meant to deter public officials from using their positions for personal gain — what FBI Special Agent Michael Caste calls “the FBI’s No. 1 criminal priority.” Read more at www.theiia.org/intAuditor.
All Hands on Deck: Partnering to Fight Fraud The December issue of Tone at the Top explores three ways that financial executives, internal auditors, board members, and external auditors can work together to improve the integrity of financial reporting. Access now at www.globaliia.org/Tone-at-the-Top.
AuditChannel.tv Catch the latest insight into fraud with leading experts on www.AuditChannel.tv - Data Analytics and Fraud, Future of Fraud, Vendor Fraud Case Study, and more.
www.theiia.org
|
21
Your Career
GOVERNANCE, RISK, AND CONTROLS As an internal auditor, you are called upon to assess and make appropriate recommendations for improving the governance process; evaluate the effectiveness and contribute to the improvement of risk management processes; and assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. As the professional association established to support you, the internal auditor, we have developed a host of resources to assist you in achieving those objectives.
TRAINING RESOURCES Learn more about these courses at www.theiia.org/training.
Assessing Risk: Ensuring Internal Audit Values This course provides practical insights relating to contemporary best practices of risk assessment activities and allows participants to apply what they have learned so that they can implement risk assessment activities at their organization. Covering fundamentals and nuances such as audit universe, risk appetite, and fraud; and the challenges of implementation. It also addresses skill gaps many internal auditors struggle with such as how to develop their own risk assessment frameworks and how to select or construct a risk ranking system.
Risk-based Auditing: A Value Add Proposition Through case studies, group discussions, round tables, and facilitator presentations, this course will help audit team leaders and other management level audit professionals align their organizationsâ&#x20AC;&#x2122; strategies, visions, and values with the internal audit process. Participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based assurance plan, understand entity-wide controls, and plan a risk-based engagement. Upcoming Offerings: This course is available in multiple formats. Please visit www.theiia.org/training for more information. Course Duration: 2 days / CPE Hours Available: 16
Upcoming Offerings: This course is available in multiple formats. Please visit www.theiia.org/training for more information. Course Duration: 2 days / CPE Hours Available: 16
Consult the course matrix on pages 36-37 for offering dates and locations. Learn more about any of the above courses and register today at www.theiia.org/training.
22
|
The Institute of Internal Auditors
Your Career
GOVERNANCE, RISK, AND CONTROLS MEMBER-ONLY WEBINARS
2014 Gaming Conference April 14–16, 2014 / Las Vegas, NV USA
Save the dates for this line-up of Members-only webinars addressing governance and risk-related issues: April 8: Keeping the Risk Universe Current April 9: Assessing Organizational Governance in the Private Sector
Learn more about these free CPE opportunities at www.theiia.org/goto/MOW.
CONFERENCES Conferences offer a great way to gain additional information to assist you in managing your role addressing governance, risk management, and controls issues. Check out these upcoming sessions at conference events:
• Automating PCI Compliance for Better Reliability – Jeffrey Sanchez, managing director, Protiviti • Auditing the Online World: Regulations, Risks, and Rewards – Cheryl Kondra, vice president, chief audit executive, and Matt Mitchell, CIA, director of internal audit, Western Division/Online Gaming, Caesars Entertainment • Using COBIT 5 to Reinforce Gaming– mandated IT Internal Controls – Ralph Villanueva, CIA, CRMA, IT security and compliance analyst, The LVH – Las Vegas Hotel and Casino
2014 International Conference July 6–9, 2014 / London, England
2014 General Audit Management Conference (GAM) March 24–26, 2014 / Orlando, FL USA
• Effective Strategies for Implementing the 2013 COSO Framework (Panel Discussion) – Moderator: Bob Hirth, chairman, COSO • Dynamic Risk Assessment – Allen J. Cooper, vice president, Internal Audit, ConAgra Foods, Inc. • Risk: It’s More Than Just Compliance – The Honorable Theresa M. Grafenstine, CIA, CGAP, inspector general, U.S. House of Representatives • Auditing Forward – Patricia L. Barbari, CIA, senior vice president and general auditor, New York Life Insurance Co.
• Risk Appetite and Tolerance – Richard Anderson, chair, Institute of Risk Management (UK) • People Risk Management – Keith Blacker, chairman, Protection & Investment Ltd. (UK) • Strong Governances Needs a Strong Internal Audit – Bente Sverdrup, state authorised auditor, Gjensidige Forsikring, ASA (Norway) Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
www.theiia.org
|
23
Your Career
GOVERNANCE, RISK, AND CONTROLS CERTIFICATIONS Find the Key to Your Success with the Certification in Risk Management Assurance™ (CRMA®) Designation. The CRMA is designed for internal auditors and risk management professionals with responsibility for and experience in providing risk assurance, governance processes, quality assurance, or control self-assessment (CSA). It demonstrates your individual ability to evaluate the dynamic components comprising an organization’s governance and enterprise risk management program and provide advice and assurance around these issues.
The Internal Auditor’s Guide to Risk Assessment – ebook Risk assessment is a core activity that impacts internal auditors on a daily basis. That is why it is so important for everyone in the internal audit function to have the skills and knowledge to assess risk. The Internal Auditor’s Guide to Risk Assessment will show you how to: • Conduct a risk assessment, step by step • Use the risk assessment to create the audit plan • Align risk assessment to business objectives Item No.: 1134.ep
Demonstrate your abilities to be a key advisor to the audit committee and executive management — Become a CRMA.
Member Price: $105.00 / Non-Member Price: $125.00
Visit www.theiia.org/certification for information and to apply to the CRMA or other certification program.
BOOKS AND EDUCATIONAL PRODUCTS Enterprise Risk Management: Achieving and Sustaining Success – ebook In today’s rapidly changing business climate, organizations are looking for proactive ways to foresee risks. To be successful, organizations must find ways to create new value and protect existing value from being prematurely destroyed. Managing the risks associated with any strategic plan is vital to ensuring the organization’s ongoing success. Item No.: 1117.ep Member Price: $80.00 / Non-Member Price: $115.00
24
|
The Institute of Internal Auditors
Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization – ebook Organizations with Sarbanes-Oxley programs are required to use a formally recognized internal controls framework. The only framework recognized by the SEC is COSO’s Internal Control – Integrated Framework, which was updated in 2013. The guidance presented in this updated book is consistent with COSO 2013 and promotes a top-down, risk-based assessment program. Item No.: 1151.ep Member Price: $30.00 / Non-Member Price: $40.00
Access hundreds of other practitioner-reviewed educational products at www.theiia.org/bookstore.
Your Career
GOVERNANCE, RISK, AND CONTROLS GUIDANCE RESOURCES
THOUGHT LEADERSHIP AND RESEARCH
IPPF Position Papers on Risk Management
Ia Magazine: Data Under Siege
The Role of Internal Auditing in Enterprise-wide Risk Management
Auditors can play consulting and assurance roles in mitigating the risk of information leakage. It’s getting harder and harder to keep information under control. Read more at www.theiia.org/internalauditor.
IPPF Practice Guides Covering GRC: • Assessing the Adequacy of Risk Management • Information Technology Controls • Change and Patch Management Controls • Auditing Privacy Risks 2nd Edition • Auditing Application Controls • Identity and Access Management • Auditing External Business Relationships
IIARF Research Report: Closing the Gaps in Third-Party Risk Management Through Internal Auditing Highlights that while third-party relationships in the business community are increasing — bringing with them associated risks — internal audit’s role is relatively limited in most organizations. Go to www. theiia.org/goto/closing
IPPF Practice Advisories covering GRC: • Internal Audit Charter • Board Interaction • Linking the Audit Plan to Risk and Exposures • Using the Risk Management Process in Planning • Communication and Approval • Assurance Maps • Reporting to Senior Management and the Board • Governance: Definition • Governance: Relationship With Risk and Control • Governance: Assessments • Assessing the Adequacy of Risk Management Processes • Managing the Risk of the Internal Audit Activity • Assessing the Adequacy of Control Processes • Information Reliability and Integrity valuating an Organization’s Privacy Framework Consult these guidance resources in the International Professional Practices Framework (IPPF)® at www.theiia.org/guidance.
Audit Executive Center: Peers’ Perspective: CAE Profile – ConAgra Foods, Inc. In this Peers’ Perspective, ConAgra CAE Allen Cooper describes the challenge and success around transforming a strictly SOX-focused internal audit department into a function that is risk-based, focused, and consistently auditing for impact. Learn more about becoming a member of the Center to access this thought leadership at www.theiia.org/cae.
AuditChannel.tv Catch the latest insight into governance, risk, and control with leading experts on www.AuditChannel.tv – COSO with Keith Kawashima, The MDM-GRC-ERM Puzzle, The Marriage of Internal Audit and Risk Management, and more.
www.theiia.org
|
25
Your Career
INTERNAL AUDIT PRACTICE Whether you are just starting your career, coming into internal audit midway through your career, or needing to enhance your skill sets with latest best practices, here are resources to support your internal audit expertise to make an impact and maintain relevancy with your colleagues, superiors, executive leadership, board, and audit committee.
TRAINING RESOURCES
Audit Report Writing
Learn more about these courses at www.theiia.org/training.
This is a hands-on course that focuses on the organization and structure of audit reports, and includes case study activities for practicing the basics of audit report writing. This course is a good prep course for more advanced audit report writing courses.
Analyzing & Improving Business Processes This course provides participants with a set of tools and techniques that can be used in any process analysis engagement. In addition, it includes numerous opportunities to apply those tools and techniques in real-world scenarios. The best way to build business process analysis skills is by doing the work, and this course is full of hands-on applications using case studies and the participantsâ&#x20AC;&#x2122; understanding of their own processes to apply these tools and techniques often. Course Duration: 2 days / CPE Hours Available: 16
Audit Manager Tools and Techniques Through practical exercises and case studies, participants will learn how to manage the roles and relationships of the diverse parties involved in the auditing process. Participants will learn how to maintain lines of communication with the CAE and executive management, and problem solve while motivating a team and delegating tasks. Course Duration: 4 days / CPE Hours Available: 32
26
|
The Institute of Internal Auditors
Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
Auditor-in-charge Tools and Techniques Whether you are a recently promoted auditor-in-charge, assuming the role, or seeking a refresher, this informative session covers the organizational, time management, and problem solving skills necessary to manage a successful team. Through the use of a case study that is woven into the course, participants will learn about the roles and responsibilities of an auditor-in-charge for the phases of an internal audit. Course Duration: 4 days / CPE Hours Available: 32
Beginning Auditor Tools and Techniques To become a successful auditor, a strong base of knowledge and an understanding of basic audit skills are essential. With this program, new auditors, as well as non-auditors with internal control responsibilities, can learn the ins-and-outs of an audit from
Your Career
INTERNAL AUDIT PRACTICE beginning to end. Through team exercises, group discussion, and facilitator presentations, attendees will gain a foundation of knowledge that will allow them to prepare properly for and conduct a successful audit. A basic understanding of how to identify risks and internal controls in auditing will also be stressed, along with interpersonal and team-building skills.
Communication Skills for Auditors Through facilitator presentations, group discussions, case studies, practical exercises, and individual coaching and feedback, participants will learn to see themselves as others see them, in terms of style and the impressions they create, and increase their ability to reach negotiated agreements in a wide range of audit situations.
Course Duration: 4 days / CPE Hours Available: 32 Course Duration: 4 days / CPE Hours Available: 32
Best Practices in Internal Auditing This course will use best practices to help attendees transform their audit departments, create a desired culture, market their valuable capabilities, and measure the results. Course Duration: 2 days / CPE Hours Available: 16 New Location: Nov. 20â&#x20AC;&#x201C;21, 2014, San Francisco, CA
Building a Sustainable Quality Program An internal audit activity demonstrates its commitment to quality by meeting the expectations of its stakeholders while continuing to improve the effectiveness and efficiency of its operations. A successful quality assurance and improvement program (QAIP) is crucial to achieving this goal.If you are preparing for an external quality assessment, this course will help you learn how to build and maintain an effective QAIP, leading to a successful external assessment. Course Duration: 2 days / CPE Hours Available: 16 New Location: Nov. 20â&#x20AC;&#x201C;21, 2014, San Francisco, CA
COSO 2013: Implementing the Framework This course examines how a principles-based approach can be used to design, implement, and evaluate a system of internal controls. You will have an opportunity to discuss the implications that the updated COSO Framework presents to the internal audit profession and to individual internal audit activities. You will also identify opportunities for utilizing the updated Framework in your internal audit process and increase the value of your assurance and consulting services. COSO has universal applicability, regardless of industry, sector, department size, etc. Course Duration: 2 days / CPE Hours Available: 16
Creative Problem-solving Techniques for Auditors Through facilitator presentations, group discussions, practical exercises, case studies, and self-assessments, this course will help participants define creativity and the dimensions of creative problem solving. Experienced facilitators will demonstrate five strategies for creativity and divergent thinking and explain the ground rules for convergent think-
www.theiia.org
|
27
Your Career
INTERNAL AUDIT PRACTICE ing. By the end of the course, participants will know how to jump-start creative approaches to problems and have new, immediately usable tools for logical problem solving. Course Duration: 2 days / CPE Hours Available: 16
Statistical Sampling for Internal Auditors The course includes different methods of random sampling (simple, stratified, dollar unit, stop/go) and non-random sampling (quota, judgmental); explains how to calculate sample size and adjust for population size and resource constraints; and examines the concept of strategic sampling to get the most information for minimum cost, including how to combine results and extrapolate, and what to report.
Financial Auditing for Internal Auditors Taking on such topics as â&#x20AC;&#x153;common recipes for cooking the books,â&#x20AC;? and covering information flow from business process to financial statement and more, this course will help participants understand how key business processes relate to financial statements, as well as the impact of information technology on financial statements.
The course, is appropriate for all levels in public and private sectors, provides time for participants to raise issues and concerns they are currently facing and to apply what they have learned to audits currently underway, particularly typical challenges in sample selection, data interpretation, generalization, and representativeness.
Course Duration: 2 days / CPE Hours Available: 16
Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
Risk-based Auditing: A Value Add Proposition Through case studies, group discussions, roundtables, and facilitator presentations, this course will help audit team leaders and other management level audit professionals align their organizationsâ&#x20AC;&#x2122; strategies, visions, and values with the internal audit process. Participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based assurance plan, understand entity-wide controls, and plan a riskbased engagement. Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
28
|
The Institute of Internal Auditors
Consult the course matrix on pages 36-37 for offering dates and locations. Learn more about any of the above courses and register today at www.theiia.org/training.
Your Career
INTERNAL AUDIT PRACTICE MEMBER-ONLY WEBINARS
2014 Gaming Conference April 14–16, 2014 / Las Vegas, NV USA
Save the dates for this line-up of Members-only webinars addressing the operations of the internal audit activity. May 13: Lessons Learned on the Audit Trail June 17: Becoming a More Strategic Internal Auditor July 15: Pulse of the Profession
• Attracting and Retaining Gen-Y/Millennial Talent – Brandon Brown, CRMA, vice president, Audit Services, Cherokee Nation Businesses • Crucial Communications: Tools When the Stakes Are High – Danny Goldberg, founder, GOLDSRD
Learn more about these free CPE opportunities at www.theiia.org/goto/MOW.
2014 International Conference
CONFERENCES Conferences offer a great way to compare notes and benchmark your internal audit function with your peers. Check out these upcoming conference opportunities:
2014 General Audit Management Conference (GAM) March 24–26, 2014 / Orlando, FL USA
• Engaging With the Audit Committee – Peter R. Gleason, managing director and chief financial officer, National Association of Corporate Directors • Women as Successful CAEs – Moderator: Karen Begelfer, CIA, CRMA, CAE, Sprint; Panelists: Mary Ludford, vice president, Audit and Controls, Exelon Corp.; Shirley H. Yoshida, senior vice president, Internal Audit and Corporate Officer, Macy’s Inc.; Barb Bergmeier, CAE, Mutual of Omaha • XIA’s Role in Introducing the Three Lines of Defense Governance Model – Glenn A. Benisek, chief audit executive, Xerox Services
July 6–9, 2014 / London, England
• Reform and Transform Your Internal Audit Function – Carolyn Saint, CIA, CRMA, vice president, Internal Audit, 7-Eleven (USA) • Importance of the Internal Audit Function Through the Stakeholders’ Eyes – David Butler, head of internal audit, Unum (UK) • Talent – The Differentiator of Great Audit Functions – Mike Taylor, head of global internal audit, Experian (UK) Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
www.theiia.org
|
29
Your Career
INTERNAL AUDIT PRACTICE CERTIFICATIONS
BOOKS AND EDUCATIONAL PRODUCTS Your Master Key to Career Success – IIA Global Certifications
Whether you are mastering the fundamentals of internal audit or moving into audit management, you owe it to yourself and your organization to pursue the Certified Internal Auditor® (CIA®), the only globally recognized internal audit credential and standard for excellence within the profession. Earning the CIA demonstrates your commitment to the profession and your career. Achieving it will increase your confidence, serve as an example for current or future staff, and build credibility with internal audit clients. Auditors specializing in financial services or government disciplines can further distinguish their expertise by earning the Certified Financial Services Auditor® (CFSA®) or Certified Government Auditing Professional® (CGAP®) designations.
Sawyer’s Guide for Internal Auditors, 6th Edition This 6th edition is a 3-volume set, making the content more navigable for the reader, and each volume includes an index and glossary for easy reference. • Volume 1: Internal Audit Essentials • Volume 2: Internal Audit Processes and Methods • Volume 3: Governance, Risk Management, and Compliance Essentials Item No.: 1099 Member Price: $175.00 / Non-Member Price: $225.00
Did you know? According to The IIA’s 2013 Compensation Study, internal auditors with one or more certifications earn up to 45 percent more than internal auditors with no certifications. Visit www.theiia.org/certification to review the exam syllabi and eligibility requirements, explore preparation resources, and to start your application or register for the CIA or one of The IIA’s specialty designations.
Value and Competency: The Stakeholder Perspective Successful professionals recognize that feedback from stakeholders is essential for personal growth and organizational success. This research report compares how stakeholders and internal auditors rate the profession on core competencies and organizational value. Internal auditors can use the findings about competency and value from this report to promote professional growth and achieve organizational objectives. Item No.: 5028 Member Price: $35.00 / Non-Member Price: $45.00
30
|
The Institute of Internal Auditors
Your Career
INTERNAL AUDIT PRACTICE The Intermediate Audit Library Collection
THOUGHT LEADERSHIP AND RESEARCH
BUY A BUNDLE - SAVE A BUNDLE! IIA Members save $453.00!
Ia Magazine: Tomorrow’s Best Practices
• COSO Internal Control – Integrated Framework: 2013 Framework NEW! • Internal Auditing: Assurance & Advisory Services, 3rd Edition NEW! • International Professional Practices Framework (IPPF) 2013 NEW! • Quality Assessment Manual for the Internal Audit Activity NEW! • Sawyer’s Internal Auditing, 6th Edition NEW! • The Internal Auditor’s Guide to Risk Assessment • And more Item No.: 1042 Member Price: $1,100.00 / Non-Member Price: $1,553.00
GUIDANCE The IIA’s International Professional Practices Framework (IPPF) is the authoritative guidance on the internal audit profession and consists of three mandatory elements: the Code of Ethics, the Definition of Internal Auditing, and the International Standards for the Professional Practice of Internal Auditing (Standards). The IPPF presents current, relevant, internationally consistent information that is required by internal audit professionals worldwide. www.theiia.org/guidance
Will today’s best practices be standard operating procedure by 2020? Will they be old-fashioned compared to what’s considered best practice in the future? Read more at www.theiia.org/intAuditor.
Audit Executive Center: Corporate Whistleblower Programs: What CAEs Must Know This Knowledge Briefing provides insight on different whistleblower channel laws and regulations as well as key elements organizations and internal audit functions should be aware of for an effective whistleblower program. Learn more about becoming a member of the Center to access this thought leadership at www.theiia.org/cae.
Richard Chambers’ Blog: Five Key Headlines From 2013 That Will Shape the Future of Internal Auditing From the release of the updated COSO Framework and heightened concerns over cyber security, find out what other headlines are shaping the future at http://www.theiia.org/blogs/chambers/
AuditChannel.tv Catch the latest insight into internal audit best practices and insight with leading experts on www.AuditChannel.tv – Adding Value, Internal Audit in 2020, Creating Value Through Integrated Reporting, and more.
www.theiia.org
|
31
Your Career
INFORMATION TECHNOLOGY Technology continues to play an ever-increasing role in internal audit as both an audit tool and audit area. Whether you’re looking for the latest guidance on the use of technology or need to sharpen your IT skills, we have a variety of solutions to fit your ever-changing needs.
Keep Your Finger on the Pulse of Technology with The IIA and Deloitte – an IT audit curriculum created specifically for IT pros, IT novices, and everyone in between. These hands-on courses are taught by skilled instructors with real world experience who make today’s technology issues clear. www.theiia.org/training Auditing Oracle Applications
Introduction to IT Auditing
Acquire a solid understanding of how the implementation and use of Oracle applications will impact your organization. This course includes facilitated discussions, and computer-simulated class exercises. It provides a thorough overview of Oracle security basics, network and operating system security, data conversion and interfaces, and much more.
Provides a great overview of topics ranging from IT risks and controls to COSO, COBIT, and ISO 17799. This course incorporates facilitated discussions, group discussions and practical exercises, and covers a wide range of subjects, including information security, information systems strategy and planning, database implementation and support, business continuity planning, business process controls testing, system software, and hardware support and more.
Upcoming Offerings: April 29–May 2, 2014, Chicago, IL
Oct. 21–24, 2014, Costa Mesa, CA
Course Duration: 3.5 days / CPE Hours Available: 32 Upcoming Offerings: June 3–6, 2014, Chicago, IL Sept. 9–12, 2014, Atlanta, GA Course Duration: 3.5 days / CPE Hours Available: 32
Auditing PeopleSoft To effectively manage risk in most organizations today, internal auditors and control specialists must have a thorough knowledge of PeopleSoft security and control features. Participants will explore all the functions of PeopleSoft, from its security and workflow functionality to its login and password management features. Participants will learn about the software’s customization, programming, and change management control considerations. Upcoming Offering: June 10–13, 2014, Boston, MA Course Duration: 3.5 days / CPE Hours Available: 32
32
|
The Institute of Internal Auditors
Your Career
INFORMATION TECHNOLOGY SAP ERP Technical Auditing
SAP Implementation and Process Auditing
Today, SAP ERP software is used by a wide range of businesses, from small private enterprises to billion-dollar corporations. The curriculum includes facilitated discussions and practical exercises allowing participants to gain a deep understanding of SAP ERP security and technical concepts. You will also be introduced to the SAP GRC suite of tools formerly known as Virsa. In addition, gain an introduction to SAP NetWeaver and SAP Solution Manager. Note: Most concepts apply to SAP R/3 environments.
Covers the structural elements and technical features of SAP ERP, SAP ERP security, the internal control features and functions of the various SAP ERP business processes, and the SAP GRC suite of tools formerly known as Virsa.
Upcoming Offering: Sept. 16–19, 2014, Dallas, TX
Upcoming Offerings: May 13–16, 2014, Dallas, TX
Nov. 4–7, 2014, Costa Mesa, CA
Course Duration: 3.5 days / CPE Hours Available: 32
Visit www.theiia.org/training for more information on these courses and to register.
Course Duration: 3.5 days / CPE Hours Available: 32
SAP GRC Access Control and Process Control
MEMBER-ONLY WEBINARS
This course provides an essential knowledgebase, as well as hands-on learning for internal audit professionals, including information technology auditors, working in a SAP GRC environment, as well as those involved in SAP GRC implementation and configuration. Hands-on learning will be conducted with Access Control and Process Control 10.0.
Save the dates for these technology-focused Member-only Webinars:
The curriculum includes lectures, group discussions, case studies, and practical exercises, allowing participants to explore the many ways that an SAP GRC implementation impacts internal auditing.
Learn more about this free CPE opportunity at www.theiia.org/goto/MOW.
Feb. 25: The Insider Threat is the Most Serious Threat Aug. 19: Risks Around Social Media Nov. 18: Master Data: Best Practices and New Challenges for Internal Auditors
Upcoming Offering: Oct. 6–9, 2014, Chicago, IL Course Duration: 3.5 days / CPE Hours Available: 32
www.theiia.org
|
33
Your Career
INFORMATION TECHNOLOGY CONFERENCES Conferences hosted by The IIA and local IIA chapters offer a great way to compare notes and benchmark your internal audit function with your peers. Check out these upcoming conference opportunities:
2014 General Audit Management Conference (GAM) March 24–26, 2014 / Orlando, FL USA
• Auditing IT Governance: A Case Study – Thierry Dessange, CRMA, director – IT Audit, Safeway Inc. • Success in the IT Internal Audit Function – Hans Geiger, senior director, IT Internal Audit, ADP, Inc. • Risk and Opportunity: What Chief Audit Executives Should Know About CyberSecurity – Jeff M. Spivey, president, Security Risk Management, Inc.
2014 Gaming Conference April 14–16, 2014 / Las Vegas, NV USA
• Bring Your Own Devices (BYOD) – Gina St. George, senior manager; Troy Hawes, manager, Kevin Villanueva, senior manager, Moss Adams LLP • Internet Security Network Risk Assessment Programs – Gregory Doucette, director, professional services, Gaming Laboratories International
2014 Central Regional Conference May 18–21, 2014 / Indianapolis, IN
• Effective IT Governance: Business Criticality Driven Controls – James Yang, director – Business Resiliency, Cummins, Inc.
34
|
The Institute of Internal Auditors
• Auditing Cloud Computing and Identifying Bring Your Own Cloud (BYOD) Risks – Jared Hamilton, senior manager, Technology Risk, Crowe Horwath LLP Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
GUIDANCE GTAG 3: Continuous Auditing: Implications for Assurance Monitoring and Risk Assessment The information in the second edition of GTAG 3 provides practitioners the most up-to-date guidance and best practices to enable them to successfully implement a continuous auditing approach. It focuses on the technology-enabled aspects of continuous auditing.
GTAG 4: Management of IT Auditing, 2nd Edition This guide takes into account the latest developments in the IT landscape and empowers CAEs to more efficiently and effectively manage their IT audit work by focusing on three core areas: determining where IT audit resources are needed; accurately evaluating IT-related risks; and effectively executing IT audit work.
GTAG 7: Information Technology Outsourcing, 2nd Edition The purpose of this guide is to help CAEs and their audit teams determine the extent of internal auditor involvement when IT is partially or fully outsourced
Your Career
INFORMATION TECHNOLOGY in their entities by providing information on the types of IT outsourcing (ITO), the life cycle of ITO, and how internal auditors can approach risk in connection with ITO delivery. Consult these guidance resources, including GTAGs that address IT, part of International Professional Practices Framework (IPPF)®, by visiting www.theiia.org/guidance.
BOOKS AND EDUCATIONAL PRODUCTS A New Auditor’s Guide to Planning, Performing, and Presenting IT Audits Information technology is a highly dynamic, rapidly changing environment. IT auditors are expected to stay current with the latest tools, technologies, and trends, and may need to do additional research to prepare for specific audits. This book is designed to help aspiring and active internal auditors take a step back and understand the general process and activities involved in conducting an audit around technology.
Item No.: 1081 Member Price: $39.95 / Non-Member Price: $49.95
Access hundreds of other practitioner-reviewed educational products at www.theiia.org/bookstore.
THOUGHT LEADERSHIP AND RESEARCH Ia Magazine: Time to Turn Around Privacy Programs For most organizations, privacy activities are getting worse, not better, a new Gartner study reports. Forty-three percent of the 221 organizations surveyed in Canada, Germany, the United Kingdom, and the United States have implemented a comprehensive privacy management program, while 7 percent are “doing the bare minimum” to comply with privacy laws. Read more at www.theiia.org/intAuditor.
Tone at the Top: Big Data: Collect It, Respect It Explores the increasingly popular — and risky — practice of collecting, storing, and using large amounts of data. Access now at www.globaliia. org/Tone-at-the-Top.
Item No.: 1070 Member Price: $60.00 / Non-Member Price: $70.00
Auditing Social Media: A Governance and Risk Guide If you want your business to stay ahead in the game, then this one-stop guide will help you navigate through the maze of risks and governances surrounding social media. Auditing Social Media explains how your organization can thoroughly ensure it has the adequate measures in place to capitalize on social media while protecting itself from excessive risk.
AuditChannel.tv Catch the latest insight into internal audit best practices and insight with leading experts on www. AuditChannel.tv – Technology Expertise, 5 Risks of Cloud Computing, Updates to FTC Disclosure Guidelines, and more.
www.theiia.org
|
35
2014 SEMINAR COURSE MATRIX Course San Diego, CA Course Level Duration Code Feb. 18 - Feb. 21
Atlanta, GA Mar. 4 - Mar. 7
Phoenix, AZ Apr.8 - Apr.11
Four Day Courses Audit Manager Tools and Techniques
TTM
Intermediate
4
Feb. 18 - 21
Mar. 4 - 7
Auditor-in-charge Tools and Techniques
AIC
Intermediate
4
Beginning Auditor Tools and Techniques
TT
Basic
4
Beginning Auditor Tools and Techniques (2nd Offering)
TT2
Basic
4
Communication Skills for Auditors
ECA
Basic
4
Leadership Skills for Auditors
LSA
Intermediate
4
Analyzing & Improving Business Processes
ABP
Basic
2
Assessing Risk: Ensuring Internal Auditâ&#x20AC;&#x2122;s Value
ARV
Advanced
2
Feb. 18 - 19
Audit Report Writing
ARW
Basic
2
Feb. 20 - 21
Auditing Contracts: From Planning to Reporting
AC
Intermediate
2
Auditing Derivative Strategies
ADS
Intermediate
2
Auditing Investment Activities
AIA
Intermediate
2
Building a Sustainable Quality Program
IQA
Intermediate
2
Construction Activity: Audit Strategies
EAC
Intermediate
2
Consulting Activities, Skills, Attitudes
CON
Intermediate
2
Continuous Auditing
CA
Intermediate
2
Control Self-assessment: Facilitation Skills
CFT
Intermediate
2
COSO 2013: Implementing the Framework
COSO
Intermediate
2
Feb. 18 - 19
Creative Problem-solving Techniques for Auditors
CPS
Basic
2
Feb. 20 - 21
Effective Writing for Auditors
EWA
Intermediate
2
Enterprise Risk Management: An Introduction
ERM
Intermediate
2
Financial Auditing for Internal Auditors
AFA
Intermediate
2
Lean Six Sigma Tools for Internal Audit Fieldwork
SSF
Intermediate
2
Lean Six Sigma Tools for Internal Audit Planning
SSP
Intermediate
2
Operational Auditing: Influencing Positive Change
POA
Intermediate
2
Feb. 20 - 21
Mar. 6 - 7
Performing an Effective Quality Assessment
QAE
Intermediate
2
Feb. 20 - 21
Mar. 6 - 7
Project Management Techniques
PMT
Intermediate
2
Risk Based Auditing: A Value Add Proposition
RBP
Intermediate
2
Apr. 8 - 9
Risk Management Assurance: Developing Your Internal Audit Strategy
ARM
Intermediate
2
Apr. 10 -11
Statistical Sampling for Internal Auditors
SSI
Intermediate
2
Value-Added Business Controls: The Right Way to Manage Risk
VAB
Basic
2
CTA
Basic
2
Apr. 8 -11 Feb. 18 - 21
Mar. 4 - 7
Apr. 8 -11
Mar. 4 - 7
Courses Under Four Days
Deloitte Public Offerings - Courses Under Four Days Critical Thinking for Internal Auditors
36
|
The Institute of Internal Auditors
Apr. 8 - 9
Feb. 18 - 19
Mar. 4 - 5
Mar. 4 - 5 Apr. 8 - 9
Apr. 10 - 11
Mar. 4 - 5
Apr. 10 - 11
Apr. 8 - 9
Mar. 6 - 7
New York, NY Apr. 22 - Apr. 25
Tampa, FL May 6 - May 9
Dallas, TX May 20 - May 23
Chicago, IL Jun. 10 - Jun. 13
May 6 - 9 Apr. 22 - 25 Apr. 22 - 25
May 6 - 9
Las Vegas, NV Jun. 16 - Jun. 19
Washington, DC Jul. 15 - Jul. 18
Denver, CO Jul. 29 - Aug. 1
Jun. 16 - 19 May 20 - 23
Jun. 10 - 13
Jul. 15 - 18
Jul. 29 - Aug 1
May 20 - 23
Jun. 10 - 13
Jul. 15 - 18
Jul. 29 - Aug. 1
Apr. 22 - 25
Jun. 16 - 19 Jun. 16 - 19
Apr. 22 - 23
May 20 - 21 May 6 - 7
Jun. 16 - 17 Jun. 10 - 11
May 8 - 9
Jul. 31 - Aug. 1 Jun. 16 - 17
Jun. 10 - 11 Jun. 12 - 13 May 20 - 21
Jul. 15 - 16
Apr. 24 - 25
Jul. 15 - 16 Jun. 18 - 19 Jun. 10 - 11 Jun. 18 - 19
Apr. 22 - 23
May 6 - 7
May 20 - 21
Jun. 10 - 11
Apr. 22 - 23
Jul. 17 - 18 Jul. 15 - 16
Jul. 29 - 30
Jun. 18 - 19 Jul. 29 - 30
Apr. 24 - 25
Jun. 12 - 13
Jul. 17 - 18
May 20 - 21 May 22 - 23 Apr. 24 - 25
Jul. 17 - 18
May 20 - 21 May 8 - 9
Jul. 31 - Aug. 1 Jul. 29 - 30
Jun. 12 - 13
Jul. 31 - Aug. 1
May 22 - 23
Jul. 17 - 18
May 8 - 9
Jun. 16 - 17 May 20 - 21 May 22 - 23 May 22 - 23 May 22 - 23
Apr. 24 - 25
Jun. 12 - 13
Jun. 16 - 17
www.theiia.org
|
37
Your Career
Local Highlights Professionals on the Rise Christopher Pietsch Appointed as Fairfax County (Va.) Director of the Department of Finance Christopher Pietsch (pictured left) is named director of the Department of Finance for Fairfax County in Virginia. Pietsch served as director of the internal audit office for the county since 2003. An IIA member and a Certified Internal Auditor, he has more than 25 years of experience in finance, accounting, and internal audit areas.
Amerisure Names Vice President of Internal Audit Amerisure Mutual Insurance Co., in Farmington Hills, Mich., appoints Gerardo Espinoza, CPA, as vice president of internal audit. His responsibilities include auditing all financial, operational, regulatory, fraud, and IT controls. Espinoza brings more than 20 years of experience in public accounting, internal auditing, financial compliance, and various operational assignments to the position.
Troy Damboise Appointed First Vice President, General Auditor, Liberty Bank Troy Damboise (pictured left) comes to Liberty Bank from ING where over a 14year career he honed his audit expertise, most recently serving as vice president and 38
|
The Institute of Internal Auditors
division audit director. He was responsible for directing the audit of the insurer’s U.S. retirement plans, ING National Trust, broker-dealers, the annuity business, and for leading the compliance risk specialty team. He previously worked for Citigroup and General Electric.
Chapter News
IIA-Phoenix Hosts Sold Out CAE Panel Featuring Top Leaders The IIA-Phoenix Chapter’s first chief audit executive (CAE) panel, “Moving Internal Audit Forward” held in November, was a sold-out event that even boasted a wait list. As IIA-Phoenix President Raoul Ménès, the event moderator, explains, “We limited the number of attendees so our membership could engage in a meaningful dialogue with these leaders.” That is exactly what happened. The 45 participants had the opportunity to ask the panel candid questions in what Ménès describes as a “risk-free environment” about everything from what they are looking for in future internal audit leaders to the anticipated impact of implementing the 2013 COSO Framework. Participating CAEs included Derek Bruns from Meritage Homes Corporation; Randa Saleh from Starwood Hotels and Resorts Worldwide, Inc.; Dominique Vincenti from Nordstrom, Inc.; and Andrey Xavier from First Solar, Inc. “Each CAE faces completely different challenges, so they brought unique perspectives to the discussion,” says Ménès. “There was such a dynamic exchange between attendees and the panel as the conversation focused on things that really matter, like how do you know you’re really adding value and how do you remain relevant?” Ménès says the event’s success has resulted in several requests to organize another event as soon as possible.
Your Career
2013 Conferences Delivered! Record-Breaking Attendance at the Central Regional Conference “Where Audit Ideas and Innovation Take Flight” held in Columbus, Ohio welcomed an unprecedented 419 attendees. Conference goers participated in tracks focused on Audit Skills and Professional Development; Risk, Control, Fraud, and Governance; IT and Information Management; Specialty Industries; and CIA Review.
All Star Conference Hits All the Right Notes 490 attendees jazzed things up in New Orleans. The 32 concurrent sessions covering corporate governance, risk management, emerging technology, and fraud got attendees thinking and tweeting. “Aha” moments included Richard Lee’s tweet, “You can’t audit what you don’t understand!” and Rachel Freeman’s tweet, “If you think management is holding up your report, you’re lying to yourself.”
Midwestern Regional Conference Delivered Real-World Solutions The “Know No Boundaries” conference welcomed 360 attendees to Minneapolis. Pre-conference workshops were followed by 32 concurrent sessions presented by internal audit experts, as well as a range of industry roundtable discussions. Conference delegates in the six industries shared ideas and best practices, providing excellent peer interaction and insights into real-world solutions which could be immediately applied upon returning to their organizations.
Canada Conference Transforms IIA–Canada’s 6th National Conference in Winnipeg, Manitoba, was exceptional, with an outstanding lineup of speakers including Rick
Hillier, Carman Lapointe, and Richard Chambers with more than 415 attendees. Two awards were presented at the conference: The Arthur Child Distinguished Service in Canada Award was given to Todd Horbasenko and the Lifetime Achievement Award to Cam Hartling (right).
New Additions to IIA Staff Cara Rumplik joins The IIA as Director, Event Services. She will be responsible for all meeting logistics and activities for seminars, conferences, as well as executive programs and VIP clients. She previously worked for the Rosen Centre Hotel, Kimpton Hotel Group, and the Boca Raton Resort & Club. Most recently Cara served as an independent event planner for several local companies and events.
Francis Nicholson joins The IIA as Managing Director of Certifications and Global Strategic Initiatives. Francis will manage the scope of work and technical activities for certification projects supporting professional development and continuing education. His experience as the former Director of Education at the Chartered Institute of Internal Auditors in the UK positions him to address global certification administration and strategic initiatives. He is currently a staff member of the Professional Certifications Board and a member of the Certifications Suite and Competency task force.
John Babinchak II has joined The IIA as Director of Strategic Communications, working in the Public Relations & Communications department. John brings more than 30 years of communications, public relations, and deep relationship building experience across a strong mix of agency, private sector, and print/TV news backgrounds. Most recently, he was President and Partner of Brad Kuhn & Associates, where he directed day-to-day operations of strategic public relations initiatives and staff development, content development, and communications. www.theiia.org
|
39
Your Career
GAM A FEAST FOR THE
Insatiable
Mind:
Grab Your Seat at the Table! In the 36 years since the first General Audit Management (GAM) Conference, a lot has changed. However, the need for audit executives to gain new insights to better serve stakeholders remains unchanged. This yearâ&#x20AC;&#x2122;s GAM conference, scheduled for March 24-26, 2014 in Orlando, Fla., features a smorgasbord of topics that deliver a feast of thought leadership for the most insatiable appetite. We spoke with three speakers for a preview of what the 2014 Conference will deliver for those who reserve their seat at the table.
40
|
The Institute of Internal Auditors
Your Career
The diversity of the conference’s five tracks will be underscored by the panel discussion “Women as Successful CAEs” moderated by Karen Begelfer, CIA, CRMA. Begelfer, who leads the internal audit function at Sprint, believes many companies are now seeing it as a competitive disadvantage to lack diversity. “I am pleased to see more companies actively seeking women for leadership positions because they realize their organizations are underserved in that capacity.” While she acknowledges this varies by industry, she is confident these opportunities will continue to expand, “especially as younger generations enter the workforce with more modern gender perceptions of equality.” “Evidence suggests that women can be and are successful CAEs,” says Begelfer. “However, it’s also important to note that many characteristics of successful CAEs are gender-neutral, meaning that leadership success in any role by any person has certain common denominators.” One such common denominator is the ability to build confidence with stakeholders. When asked what common mistakes women make in this area, Begelfer reflects, “I don’t want to generalize all women, but I can speak from my experience. I am a pleaser. I want everyone to leave happy and content at the end of each meeting. I also value relationships so much that I put
too much effort into ensuring my words and actions do not offend. In some cases, this makes me a great leader and business partner. In others, I need to act against my instincts to maximize the situation for me, my department, and my company.” A speaker who intends to maximize every minute of his session, “Fraud Risks for the Chief Audit Executive and The Board,” is John Hall, CPA, president of Hall Consulting, Inc. Attendees will benefit from his approach that minimizes theory and stresses proven action steps. A key element will be The Anti-Fraud Toolkit, a project he completed in 2013 and describes as “a massive, comprehensive case study on what to do about fraud.” The timing couldn’t be better as emerging fraud risks are greater than ever. As Hall explains, “There’s already a lot of attention on the usual suspects — disbursements, expense reimbursement, procurement cards, time reporting, and similar recurring issues. But we need to step up our attention to some interesting new risks as well as pre-existing issues that don’t get the attention they deserve.” Hall sites examples such as threats to sensitive data initiated by competitors, organized crime, and even governments, as well as creative new disbursement
GAM 2014 General Session Speakers Virginia Gambale Director, JetBlue Airways Managing Partner, Azimuth Partners
Lisa M. Lee Director, Internal Audit Google
Tom Austin, CIA Vice President, Governance, Risk & Control Cisco Systems, Inc.
Inder Gulati Head of Internal Audit LinkedIn
Richard Chambers, CIA, CGAP, CCSA, CRMA President and Chief Executive Officer The Institute of Internal Auditors
Olivia F. Kirtley Board Member and Audit Committee Chairman U.S. Bancorp, Papa Johns International and ResCare, Inc.
Jeanette Franzel Board Member Public Company Accounting Oversight Board (PCAOB)
John Baldoni Internationally recognized leadership educator, executive coach, and acclaimed author
www.theiia.org
|
41
Your Career
schemes using electronic payments. He also highlights overcharges by suppliers and contractors on time-and-materials and cost-plus contracts — especially construction. “With the economy improving and large capital projects being started in 2014 after years of inactivity, audit groups would be well-advised to review their third-party audit skills.” Third-party audit skills are critical in a global economy that increasingly relies on these relationships that often come with both benefits and risks. Truly understanding risk will be the focus of the honorable Theresa M. Grafenstine, CIA, CGAP, inspector general for the U.S. House of Representatives in her presentation “Risk: It’s More Than Just Compliance.” The challenge she says is that risk is a much broader concept than internal auditors often understand. “They allow risk to be defined within the box — by the structure which the existing internal controls have defined. But internal auditors need to broaden their aperture.”
42
|
The Institute of Internal Auditors
To demonstrate the pitfalls of focusing purely on compliance, Grafenstine offers this, “While compliance is an important objective, the auditor should also ask why there is a compliance problem. The root cause may be lack of communication or enforcement. A renewal of emphasis on procedures and controls will then reduce risk. Or it may be that procedures are misaligned to the system — perhaps the environment or technology has changed, but the controls have not kept pace. In this instance, a blind insistence on compliance might actually increase risk, where the correct approach would be to revise the procedure. “Finally, and this is important, maybe the controls are disregarded because there is greater risk or issue outside the box that management or operations is seeking to avoid. In this case, blind insistence on compliance could even be catastrophic,” Grafenstine cautions. Key to identifying root causes of any issue is strong relationships. “Don’t simply assume that the established and codified procedures and controls tell the whole story. The insights of operations can be invaluable in developing a thorough analysis,” says Grafenstine. “And auditors can’t simply assume that operations will share their insight with strangers.
Established relationships are vital to trust.” The importance of cultivating strong relationships with stakeholders is a theme that will be carried through many of this year’s sessions. However, perhaps as important will be the attendees’ opportunity to build relationships with one another. First on Karen Begelfer’s list when asked what she was most excited about this year, “The opportunity to network with my peers, meet new audit professionals, and develop a network of fellow audit leaders that I can reach out to throughout the year for ideas and information.” For more information on GAM 2014 or to register, please visit www.GAM2014.org.
I Am Global, Connected, Influential…
I Am More.
My membership allows me to discuss and share best practices with internal audit colleagues across the globe. Through The IIA’s chapters, educational events and online communities I’m able to connect with peers when I want to and on the topics that matter most to me. I can get real-life answers fast on issues that I’m dealing with daily. This helps me to be a stronger professional and more valuable to my organization. Membership in The IIA means more connections, more influence, and more career support.
Leon Sheffield
Member Since 2008
Join The IIA today at TheIIA.org.
140311
I Am More with The IIA.
Your Career
CERTIFICATION Corner CERTIFICATION SPOTLIGHT Gordon Perry, CIA, Supervisor, Internal Audit, Vale Gordon Perry joined Vale Canada internal audit in 2009 and has more than 17 years of experience in the areas of internal auditing, risk management, fraud and allegation investigations. Throughout his career, Perry has held various positions in internal and external auditing and has had the opportunity to live in and travel to places such as South Africa, Botswana, Namibia, Brazil, Indonesia, and now Canada. He holds a Bachelors of Accounting Science degree specializing in auditing and accounting from the University of South Africa. In addition to his CIA, Perry is also a Certified Information Systems Auditor (CISA).
1.
What prompted you to become a CIA?
After becoming a member of IIAâ&#x20AC;&#x201C;South Africa, I learned that the CIA designation was the global standard for internal auditors and decided to take the next step in my career and become certified.
2.
Did your organization fund your exam fees or preparation materials? If yes, was it the corporate culture or did you have to sell the value of certification?
Fortunately, my organization funded my membership in The IIA and covered all costs related to the CIA exam. Senior internal audit management at my organization actively promoted the CIA designation and encouraged all auditors to become certified. To make things a little more interesting, they created some healthy competition among auditors; we were all challenged to see who could pass their exams the first time.
3.
How many of your colleagues are certified?
Our internal audit department consists of eight employees, of which six are CIA certified and another has one exam part remaining.
44
|
The Institute of Internal Auditors
Your Career
4.
How does having the CIA set you apart from your non-certified peers?
Having the CIA designation is an automatic recognition of competency and professionalism in the internal auditing field. It has helped me earn increased creditability among the profession and my organization.
5.
How did you prepare for the exam?
I used resources like the Gleim Exam Review, study guide, and test prep to prepare for the exams. In addition, I believe my work experience as an internal auditor in a department that promoted adherence to the International Professional Practices Framework (IPPF) helped me build the foundation to enable me to pass the exams.
6.
How has being a CIA helped your career?
Having the CIA designation has given me a distinct advantage in my career and provided me with numerous job opportunities. As a globally recognized certification that validates your qualifications and experience, the CIA opens the door, allowing you to move anywhere in the world. This gives immigration authorities and employers confidence in accepting your application. I received my CIA while living in South Africa and it has helped me in securing jobs in Botswana, Namibia, and finally with my immigration to Canada. It has also assisted me in securing work permits for short-term assignments in the UAE, Indonesia, and Europe.
7.
What advice do you have for others who are seeking certification?
I would begin by purchasing the CIA Learning System supported by The IIA and take as many practice exams as you can. In addition, a great advantage is to work for an internal audit department that complies with the International Standards for the Professional Practice of Internal Auditing and IPPF.
Visit the “Certification News” section at www.theiia.org/certification for up-to-date information on The IIA’s Global Certification programs, including: • Newly Released Updates to the Certification Candidate Handbook • Grace Period for 2013 CPE Reporting • Changes to Education, Eligibility Requirements • Now Available – Certifications eStore Gift Certificates
www.theiia.org
|
45
Your Career
ARMS-LENGTH Relationships
PUNCH T H AT PA C K A
Whether your company is about to enter the new market of Troublestan and you need to rely on locals to open doors, or you are engaging a cloud service provider that can put sensitive organizational information out of your direct control, third-party relationships that can appear benign because of their arms-length nature can actually pack quite a punch in terms of risk to your organization if not appropriately managed. In an increasingly global environment, companies are depending on more third-party relationships than ever before to get business done, and anti-corruption laws care little 46
|
The Institute of Internal Auditors
about whether your company pays a bribe or a third party you hired does. Either way, the financial, legal, and reputational consequences still land squarely in your lap.
Your Career
So where does internal audit sit in this risk landscape that appears to be expanding by the minute? It is a question that The IIA Research Foundation (IIARF) and Crowe Horwath LLP partnered on and set out to answer in their research report, Closing the Gaps in Third-Party Risk Management. Reputation damage is one of the four key exposures related to third-party relationships, they found. The report cites two eye-opening points related to reputational damage: ■■ There is an 80 percent chance of a company sustaining a loss of at least 20 percent of its shareholder value (over and above the market) in any month over a five-year period. ■■ Reputation equity can sometimes even exceed the book value of a company and has become an important driver of shareholder value. The report, which is largely based on a survey of 164 chief audit executives, found that there are opportunities for organizations to improve their management of third-party risks. While third-party risks can appear anywhere, from a break in the supply chain to a data-breach exposure by a third-party vendor, the research highlights a gap between the level of reliance organizations place on third-parties and the amount of resources they dedicate toward managing the risks. While more than 65 percent described their organizations’ reliance on third parties as either “significant” or “extensive,” an
“With the prevalence of outsourcing in today’s business arena, the involvement of the internal auditors in assessing third-party risk is not only legitimate, but essential.” overwhelming 82 percent of them said they devote less than 20 percent of their internal audit resources to assessing third-party risks. This disconnect between the level of reliance on third-parties and the level of internal audit coverage was not the only discrepancy the report revealed. As Rick Warren, the study’s author who is a principal in Crowe Risk Consulting and leads third-party risk services for Crowe, points out, “It is important to note that there is a lack of consensus on ownership of third-party risk.” Having spent most of his career advising corporate clients on risk management, governance, and internal control matters, Warren views risk ownership as inherent in good risk management. In light of these revelations and to create some structure around the subject, the report outlines a business case for investing in third-party risk management, highlights trends in the use of third parties, and provides an overview of third-party risk management concerns. Perhaps most importantly, the report takes a look at what’s ahead for this emerging area of risk and what steps internal auditors can take to play a proactive role in providing value to the process.
IIA President and CEO Richard Chambers, CIA, CGAP, CCSA, CRMA, views third-party risk and control assessment as a logical function of modern-day internal audit activities. “With the prevalence of outsourcing in today’s business arena, the involvement of the internal auditors in assessing third-party risk is not only legitimate, but essential,” he says. “The challenge, though, is ensuring they have the requisite resources and executive-level support to fill this need.” The first step to impacting resource allocations and executive-level support is to clearly recognize the gaps. “The revelations research reports like this bring to light empower our profession and our organizations with the information they need to serve a catalysts for change,” says IIARF Vice President Margie Bastolla, CIA. “As one of the Foundation’s Principal Partners, Crowe Horwath helps us to take the proactive approach today’s critical issues require for our profession to remain nimble and relevant. This is key to maximizing our value to stakeholders.” Download the report at www.theiia.org/research.
www.theiia.org
|
47
The Essential Experience for CAEs 2014 General Audit Management Conference
March 24–26, 2014 Hilton Orlando Bonnet Creek / Orlando, FL Tap into the real-world perspectives of and network with 1,000+ audit leaders from globally recognized and Fortune 500 organizations including Google, LinkedIn, Cisco, Sprint, Macy’s, Office Depot, New York Life, Safeway, Fiserv, and others.
Keynote Highlights Leading Internal Audit in an Organization That Thrives on Change Panelists:
Lisa Lee, Director, Internal Audit, Google Inder Gulati, Head of Internal Audit, LinkedIn Tom Austin, Vice President, Governance, Risk, & Control, Cisco Systems Inc. Moderator:
Richard Chambers, President and CEO, The IIA
The Board’s View of Governance and the Important Role of Internal Audit Virginia Gambale, Director, JetBlue Airways, Managing Partner, Azimuth Partners
Audit Committees’ Need for Insight Olivia F. Kirtley, Board Member and Audit Committee Chairman, U. S. Bancorp, Papa John’s International and ResCare, Inc.
Plus enjoy 35 concurrent sessions strategically planned for CAEs and other audit executives focused on Transitioning to Insight: Positioning Internal Audit for the Future.
Register today! www.GAM2014.org 140435