Your Career
COSO FRAMEWORK UPDATE ONE YEAR LATER:
Rising to the Challenge 4 36 38 40 1st Quarter 2014
The Convenience of eLearning ACGA: Realizing the Vision Train Your Way Lessons on the Audit Trail
OUR PRINCIPAL PARTNERS MAKE A DIFFERENCE The IIA acknowledges the ongoing support from our Principal Partners, who help enhance the internal audit profession by sharing their resources and knowledge with our most valuable asset – our members. These partners actively serve as members and volunteers within The IIA, participate in the introduction of new guidance, develop world-class training, and show their commitment in many other ways in an effort to advance the internal audit profession.
The IIA encourages you to tap into the expertise of our Principal Partners in 2014!
Your Career
Your Career Table of Contents The Convenience of eLearning............................................. 4-5 IIA News............................................... 6-7 Make the Connection in London This Summer ............................. 9 2014 Seminar Course Matrix............ 10-11 COSO One Year Later: Rising to the Challenge.................... 12-15 Fraud............................................... 16-19 GRC.................................................. 20-23 Internal Audit Practice..................... 24-29 Information Technology.................... 30-33 Local Highlights............................... 34-35 ACGA: Realizing the Vision............... 36-37 Train Your Way........................................38 Lessons on the Audit Trail................ 40-41
Dear Members, We are close to a year since the updated COSO Internal Control–Integrated Framework release and eight months from the implementation deadline. The main feature of Your Career Compass, “COSO Updated Framework One Year Later: Rising to the Challenge” sheds light on perspectives since the release of COSO 2013 and identifies priorities to support implementation efforts for organizations to be Framework-ready by December 2014. As a member of the COSO board, we knew it was time for an updated framework. Based on remarkable changes in technology and advancement of fraud that exposed new risks, this updated Framework addresses issues that did not exist in 1992 when the first one was released. Internal audit teams have far more responsibility around internal controls than just assessing. Internal controls are more than a means to an end as they are really a means to mitigating risk. Internal audit teams need to have internal controls around all of an organization’s risk and that goes beyond the financial.
Certification Corner................................42 Top 10 Best Seller Bookstore Products................................43
Learn more about Career Compass at www.theiia.org/goto/CareerCompass. We welcome comments, questions, and feedback at CareerCompass@theiia.org.
Connect with us on: Twitter Facebook LinkedIn Group www.theiia.org/goto/connect
The Institute of Internal Auditors 247 Maitland Ave. Altamonte Springs, FL 32701-4201 USA +1-407-937-1100 www.theiia.org
The Audit Executive Center’s Pulse of the Profession North American Report from the fall of 2013 indicated that more CAE respondents are looking to adopt or transition to COSO 2013 than previously used the 1992 COSO framework. In particular, 45 percent of respondents who plan to adopt the framework indicate that their internal audit department has overall responsibility for their organization’s assessment and reporting on internal control and 42 percent have overall responsibility for COSO implementation. With internal audit taking overall responsibility in these areas, CAEs need to ensure that management designs and implements the control processes and that their own objectivity is properly maintained. The new Framework is an opportunity for CAEs and their teams to build further credibility with stakeholders by addressing and mitigating risks across the enterprise. I hope you find this feature helpful and continue to reference The IIA COSO Resource Center for your implementation needs. It provides the most comprehensive and up-to-date list of resources, tools, and training to get you Framework-ready. Sincerely,
All contents copyright ©The Institute of Internal Auditors (IIA) 2014.
3/140476/PM/JP
Richard F. Chambers, CIA, CGAP, CCSA, CRMA President and Chief Executive Officer, The IIA www.theiia.org
|
3
Your Career
Choose the Convenience of
eLEARNING Designed to fit your busy day, travel schedule, and learning style.
2014 eLEARNING COURSE MATRIX Updated 3/5/14
Course Code
Course Level
CPEs
Assessing Risk: Ensuring Internal Audits Value
ARV
Advanced
16
Audit Report Writing
ARW
Intermediate
16
CIA Learning System Comprehensive Instructor-Led Course Part 1
CL1
Intermediate
19.5
CIA Learning System Comprehensive Instructor-Led Course Part 2
CL2
Intermediate
19.5
CIA Learning System Comprehensive Instructor-Led Course Part 3
CL3
Intermediate
32
Control Self-Assessment: An Introduction
CSA
Basic
16
Data Analysis for Internal Auditors
ARV
Intermediate
8
Enterprise Risk Management: An Introduction
ERM
Intermediate
16
Lean Six Sigma Tools for Internal Audit Fieldwork
SSF
Intermediate
16
Lean Six Sigma Tools for Internal Audit Planning
SSP
Intermediate
16
Operational Auditing: Evaluating Procurement and Sourcing
OAP
Intermediate
8
Operational Auditing: Evaluating the Supply Chain
OSC
Intermediate
8
Operational Auditing: Influencing Positive Change
POA
Intermediate
16
Performing An Effective Quality Assessment
QAE
Intermediate
16
Risk Based Auditing: A Value Add Proposition
RBP
Intermediate
16
Statistical Sampling for Internal Auditors
SSI
Intermediate
16
Value-Added Business Controls: The Right Way to Manage Risk
VAB
Basic
16
4
|
The Institute of Internal Auditors
Your Career
We’ve expanded our online learning offerings making it more convenient and affordable to invest in your professional development. Pick from eWorkshops, eSeminars, on-demand self-study courses, and Members-only Webinars featuring a variety of topics developed by and for internal audit practitioners. Expand your knowledge and skills with relevant, frequently updated content that’s accessible from practically anywhere. eWorkshops are multi-day interactive training sessions on focused topics. Choose one or more of the stand-alone sessions to stay in the know of the latest information and trends. Sessions are recorded and accessible for 30 days by attendees.
at your disposal. New content is added each month. Purchase an annual subscription or a single course. Access content for 12 months from purchase. Members-only Webinars are scheduled each month. These one-hour sessions cover high-level content and are free to IIA members.
eSeminars are real time, facilitator-led courses that cover the same curriculum and exercises as their traditional counterparts. Gain greater proficiency and understanding using online collaboration tools such as breakout sessions, whiteboard exercises, and interactive polling. Courses are offered in shorter sessions over multiple days.
Early registration discounts and group rates are available for online training, so register early or contact the eLearning team for more information on group rates at elearning@theiia.org. www.theiia.org/E-learning elearning@theiia.org / +1-407-937-1111
On-demand self-study courses can be delivered any time of day to your computer. Learn at your own pace and get the knowledge you need with hundreds of online topics
April
May
June
July
13-22
Aug.
Sept.
Oct.
5-14
6-15
15-24
9-18 4-22
1-24 28-30
7-30 1-23
8-30
1-3
4-13
1-10
9-10
6-7
9-12
14-17
10-19
15-24 5-14
22-24
29-31
1-2
9-11 19-21
16-25
14-23
28-31
19-22
22-25 8-17 11-14 23-30
1-2
23-30
1-2
www.theiia.org
|
5
Your Career
News 2014 North American Pulse of the Profession Report Goes Beyond the Numbers and Provides Personal Insights Annually, The IIA’s Audit Executive Center conducts a global Pulse of the Profession study to assess the state ™ of the internal audit profession. The study includes a survey looking at current trends and emerging issues in the internal audit profession around the world. The North American results represent 367 North American CAEs who participated in the survey. New this year, the Audit Executive Center spoke with 24 CAEs from the United States and Canada to gain insight from the CAE perspective on the study’s key findings. In addition to focusing on emerging issues that affect the practice of internal auditing, the study introduced three focus areas: the Three Lines of Defense Model, the CAE Career Path, and Information Security and the Board. Members can download a free copy of the North American results at www.theiia.org/goto/pulse. Global results with input from a total of 1,935 audit professionals around the world will be released this summer.
2014 Compensation Survey Opens – Will Auditors Continue to Be Looked Upon Favorably? The IIA’s 2013 Compensation Study resulted in some notable shifts in compensation and recruitment/retention strategies, indicating that organizations are being more conservative than in other recent recovery years. What will 2014 results reveal? CAEs and audit directors are invited to participate in The IIA’s 2014 Compensation Study survey that opens in April. Learn more and download the 2013 executive summary at www.theiia.org/goto/compstudy. 6
|
The Institute of Internal Auditors
IIA Provides Feedback on FSB’s Proposed Guidance The IIA recently provided feedback on the Financial Stability Board’s (FSB’s) Guidance on Supervisory Interaction with Financial Institutions on Risk Culture Consultative Document. The IIA agrees with the concept of increasing the intensity and effectiveness of supervision for the promotion of a sound risk culture within financial institutions. Although the Consultative Document offers high-level, principle-based guidance with enough detail to provide management direction, there are opportunities for further advancement, such as: ■■ Emphasizing an environment of risk culture, where undertaking risk on behalf of the institution is done within tolerance levels approved by the board and senior management, as opposed to an environment of risk avoidance. ■■ Providing or referencing additional direction useful to both the institution and the supervisor when assessing the effectiveness of an institution’s risk culture.
Your Career
Anti-Fraud Collaboration Releases New Case Study – Teaching Resource Aims at Combating Financial Reporting Fraud, Builds on Prior Case Study Success The Anti-Fraud Collaboration continues to build awareness of financial fraud detection and deterrence with the recent release of a second innovative case study for members of the financial reporting supply chain. The Carolina Wilderness Outfitters Case Study explores potential material fraud at a fictitious public company. The hypothetical exam-
ination is designed to facilitate a discussion of how and when to conduct an internal investigation when fraud is suspected in an organization. The case study also aims to raise awareness of the environments in which financial reporting fraud might flourish and engage audit committees, financial executives, and internal and external auditors in a discussion concerning mitigating risks.
The Anti-Fraud Collaboration comprises The IIA, Center for Audit Quality (CAQ), Financial Executives International (FEI), and the National Association of Corporate Directors (NACD). Members can download the case study at https://na.theiia.org/news/Pages/ Anti-Fraud-Collaboration-Releases-New-Case-Study.aspx.
CERTIFICATION NEWS CPE Reporting and Inactive Grace Period Individuals possessing an IIA designation who failed to report sufficient CPE by Dec. 31, 2013, now have a status of Inactive−Grace Period for each designation for which they failed to report. Individuals who earned the appropriate number of credits for their respective credential(s) by Dec. 31, 2013, but missed the reporting deadline may now report their CPE and reinstate their Certified status. Individuals who DID NOT earn the appropriate number of credits by Dec. 31, 2013, can reinstate their Certified status provided they earn and report sufficient CPE by June 30, 2014. For more information, please visit https://na.theiia.org/certification/ Pages/Certification-News.aspx.
More Choices for Exam Registration Extensions The IIA has expanded the registration extension options for certification candidates and now offers three options for candidates to consider when extending exam registrations. Those candidates who
wish to extend their exam registration period may now choose a time frame ranging from 30 to 90 days with varying fees. Pricing adjustments have also been implemented to align the registration fees for all four IIA specialty certification exams (CCSA®, CFSA®, CGAP®, and CRMA®). Member candidates seeking a specialty certification will now pay a registration fee of US $350 regardless of the specialty.
CFSA App Fee Waiver for Financial Services Auditors – Save up to US $200 Apply to the Certified Financial Services Auditor® (CFSA) program between April 1–30, 2014, and pay no application fee. Learn more and apply at www.theiia.org/goto/CFSA.
Learn more at www.theiia.org/certification.
www.theiia.org
|
7
Let Us Come To You.
IIA On-Site Training Is‌ n Customized to meet your needs. n Designed for convenience and flexibility. n A building block for teams.
n Developed with your budget in mind. n Relevant. n Facilitated by experts in their field.
With hundreds of courses available, including the vital new course, COSO 2013: Implementing the Framework, IIA On-site Training is uniquely positioned to deliver exactly what your team needs. Prepare your team with world-class training. Contact On-site Training today for a no-obligation consultation. +1-407-937-1388
n
GetTraining@theiia.org
n
www.theiia.org/onsite
130660
Your Career
Make the Connection In This Summer
LONDON
Q&A with Nicola Rimmer, 2014 International Conference Chairman and Vice President, Internal Audit, Barclays
1. What are the top career development benefits of attending the 2014 International Conference? The most important is that you will be hearing some great speakers in the general sessions who will provide you with a different perspective — this includes Michael Woodford speaking about whistleblowing, and Judge Professor Mervyn King speaking about the impact of integrated reporting on our work. This is really helpful in giving you a well-rounded and business focused view. The second is the opportunity to gain invaluable insight from experienced practitioner/speakers in the concurrent sessions. They bring a wealth of knowledge on a variety of topics and give you the opportunity to ask questions and share experiences. The third is how you can share knowledge and experiences with other delegates from around the world — this is where you can share ideas, and learn about better practices and how others have developed their careers!
2. What are the biggest emerging challenges facing internal auditing, and how will attending this conference help internal audit professionals prepare? Our organizations are subject to intense scrutiny, with a demand for high standards and ethical behavior, and there is a real focus on culture and tone at the top. Boards and management, more than ever before, need the support of an objective voice to challenge them, to tell them what they need to know, and to support them in improving how they operate.
Good internal audit, with a deep knowledge of the operating environment — a helicopter view of the organization’s risks, controls and culture, and the courage to tell it like it is— is well placed to be that voice. The conference will provide you with the knowledge to improve your audit departments, and then draw on the experiences and challenges of the delegates you meet.
3. If you had to convince your boss to allow you to attend the conference, what would you tell them? I would highlight the huge amount of learning opportunities there are in such a short space of time, and how this learning can be then shared with the team. I would also highlight the connections that you can make at the conference, which can last a lifetime, and the unique opportunity of sharing experiences and good practices with around 2,000 other internal auditors.
4. Are there any conference speakers and/or topics you feel will be particularly impactful and why? I am looking forward to hearing Keith Heywood speak about how internal auditing can remain impactful and relevant in a changing world. It is good for us to look forward and see how we should develop ourselves and our profession. In addition, the panel sessions during the concurrent sessions have some very high-profile panels that will be sharing their auditing experiences in financial turmoil, discussing whether internal audit is actually looking at risk, and also discussing different governance models. These promise to be very stimulating debates!
Learn more and register at www.ic.globaliia.org. www.theiia.org
|
9
2014 SEMINAR COURSE MATRIX Course Course Level Duration Code
New York, NY April 22 - 25
Tampa, FL May 6 - 9
Dallas, TX May 20 - 23
Four Day Courses Audit Manager Tools and Techniques
TTM
Intermediate
4
May 6 - 9
Auditor-in-charge Tools and Techniques
AIC
Intermediate
4
Apr. 22 - 25
Beginning Auditor Tools and Techniques
TT
Basic
4
Apr. 22 - 25
Communication Skills for Auditors
ECA
Basic
4
Apr. 22 - 25
Leadership Skills for Auditors
LSA
Intermediate
4
Analyzing and Improving Business Processes
ABP
Basic
2
Assessing Risk: Ensuring Internal Audit's Value
ARV
Advanced
2
Audit Report Writing
ARW
Intermediate
2
Auditing Contracts: From Planning to Reporting
AC
Intermediate
2
Auditing Derivative Strategies
ADS
Intermediate
2
Auditing Investment Activities
AIA
Intermediate
2
Building a Sustainable Quality Program
IQA
Intermediate
2
Construction Activity: Audit Strategies
EAC
Intermediate
2
Consulting Activities, Skills, Attitudes
CON
Intermediate
2
Continuous Auditing
CA
Advanced
2
Control Self-assessment: An Introduction
CSA
Basic
2
Control Self-assessment: Facilitation Skills
CFT
Intermediate
2
COSO 2013: Implementing the Framework
COSO
Intermediate
2
Apr. 22 - 23
Creative Problem-solving Techniques for Auditors
CPS
Basic
2
Apr. 22 - 23
Effective Writing for Auditors
EWA
Intermediate
2
Enterprise Risk Management: An Introduction
ERM
Intermediate
2
Financial Auditing for Internal Auditors
AFA
Intermediate
2
May 20 - 21
Lean Six Sigma Tools for Internal Audit Fieldwork
SSF
Intermediate
2
May 22 - 23
Lean Six Sigma Tools for Internal Audit Planning
SSP
Intermediate
2
Operational Auditing: Influencing Positive Change
POA
Intermediate
2
Performing an Effective Quality Assessment
QAE
Intermediate
2
Project Management Techniques
PMT
Intermediate
2
Risk Based Auditing: A Value Add Proposition
RBP
Intermediate
2
May 20 - 21
Risk Management Assurance: Developing Your Internal Audit Strategy
ARM
Intermediate
2
May 22 - 23
Small Audit Shop: Doing More with Less
SAS
Intermediate
2
Statistical Sampling for Internal Auditors
SSI
Intermediate
2
Value-Added Business Controls: The Right Way to Manage Risk
VAB
Basic
2
CTA
Basic
2
May 20 - 23 May 6 - 9
May 20 - 23
Core Curriculum - Courses Under Four Days Apr. 22 - 23 May 6 - 7
May 20 - 21 Apr. 24 - 25
10
|
The Institute of Internal Auditors
May 6 - 7
May 20 - 21
Apr. 24 - 25
Apr. 24 - 25
May 20 - 21 May 8 - 9 May 22 - 23 May 8 - 9
May 22 - 23
Deloitte Public Offerings - Courses Under Four Days Critical Thinking for Internal Auditors
May 20 - 21
Apr. 24 - 25
Chicago, IL June 10 - 13
Las Vegas, NV June 16 - 19
Washington DC July 8 - 11
Denver - CO July 29 - Aug. 1
June 16 - 19
Palm Beach, FL Sep. 15 - 18
San Francisco, CA Sep. 23 - 26
Chicago, IL Oct. 7 - 10
Sep. 15 - 18
June 10 - 13
July 08 - 11
July 29 - Aug. 1
Sep. 23 - 26
June 10 - 13
July 08 - 11
July 29 - Aug. 1
Sep. 23 - 26
Oct. 7 - 10
June 16 - 19
Sep. 15 - 18
Oct. 7 - 10
June 16 - 19
Sep. 15 - 18
Oct. 7 - 10
June 16 - 17
Sep. 15 - 16
June 10 - 11
Sep. 23 - 24
July 31 - Aug. 1 June 16 - 17
Oct. 7 - 8 Sep. 15 - 16
July 10 - 11 June 10 - 11 June 12 - 13 July 08 - 09
Sep. 23 - 24
June 18 - 19
Oct. 7 - 8
Sep. 17 - 18
June 10 - 11
Sep. 25 - 26 Sep. 25 - 26 June 18 - 19
June 10 - 11
Sep. 17 - 18 July 08 - 09
July 29 - 30
June 18 - 19
Sep. 23 - 24
Oct. 7 - 8
Sep. 25 - 26
Oct. 7 - 8
Sep. 17 - 18 July 29 - 30
June 12 - 13
July 10 - 11
July 10 - 11
July 31 - Aug. 1
Oct. 9 - 10
July 29 - 30 June 12 - 13
Sep. 23 - 24
July 31 - Aug. 1
Oct. 9 - 10
July 10 - 11
June 12 - 13
Oct. 7 - 8
Sep. 25 - 26
June 16 - 17
Sep. 15 - 16
June 16 - 17
Sep. 15 - 16
Oct. 9 - 10
Access all 2014 dates and locations at www.theiia.org/training.
www.theiia.org
|
11
Your Career
COSO FRAMEWORK UPDATE ONE YEAR LATER:
Rising to the Challenge In May 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued an update to its 1992 Internal Control–Integrated Framework (ICF). The original framework had become foundational for much of the work being done regarding internal controls, particularly in areas related to the U.S. Sarbanes-Oxley Act of 2002. Because of this, some internal auditors viewed the changes with trepidation. However, many internal audit professionals recognized the updated Framework provided internal auditing the opportunity to be a leader, helping organizations gain a better understanding of the link between controls, risks, and objectives. The reactions and opportunities that come from the updated Framework have not risen in a vacuum. To understand these mixed reactions, where the profession now stands, and what the future may hold, it is necessary to go back to where it all started.
A QUICK HISTORY In 1985, the Treadway Commission, a private sector initiative, was formed to inspect, analyze, and make recommendations on fraudulent corporate accounting. In 1992, the sponsoring organizations developed the Internal Control–Integrated Framework. For the first time, there was broad-based consensus regarding the concepts of internal control, including a framework that placed internal controls in the broader environment of objectives and risk assessment. In 2002, when corporations were required to comply with Sarbanes-Oxley, they turned to the framework as a solution to the SEC’s requirement for “a suitable, recognized control framework established by a body of experts....” 12
|
The Institute of Internal Auditors
Your Career
THE NEED FOR A CHANGE Twenty years is a long time and there were significant changes in the way organizations operated. As Larry Rittenberg. Ph.D., Chair Emeritus, COSO, and Emeritus Professor of Accounting, University of Wisconsin, notes in his book, COSO Internal Control–Integrated Framework: Turning Principles into Positive Action, the COSO Board of Directors recognized that changes in such areas as technology, governance, and reporting requirements had occurred. And they recognized the need for an updated framework addressing such changes. In response, the committee developed an update that addressed the many changes while providing additional direction and clarification to the original framework. This included such changes as developing 17 principles supporting the five components, enhancing consideration of anti-fraud expectations by adding it as a principle of internal control, and expanding the reporting category of objectives to consider more than just external financial reporting. As more than one person has said, the updated Framework was evolutionary, not revolutionary. The 1992 COSO Framework represented a new way of understanding the role of control in an organization; the 2013 update represented modifications to what already existed.
STARTING THE TRANSITION
Bob Hirth, current COSO Chair, says that only a few internal audit professionals began immediately working with the updated version. He feels that many organizations were focused on job one — getting through 2013 using the old framework. But after the first couple of months, the same organizations began to realize they needed to understand what was coming. That is when what he refers to as “the first cycle” of training began. Professionals wanted explanations about the COSO update — what it was, how it started, why it was revised, and other basic information. He now sees organizations wanting more — a “second cycle” of training
where they can learn what they need to do. Part of the reason for this attention is that, as of December 15, 2014, the update will officially supersede the original framework. In fact, the SEC has indicated that the longer practitioners continue to use the 1992 Framework, the more likely practitioners are to receive questions from stakeholders about whether the 1992 framework satisfies the SEC’s requirement for a “suitable, recognized framework.” In spite of this delay by many organizations to begin implementation of the updated Framework, there is also evidence of early adopters — audit professionals, boards, and executive management who immediately saw
What You Need to Do While the update to 2013 Framework has broader applications than just Sarbanes-Oxley, that remains an important component with which many organizations will still need to comply by the December 2014 deadline. Bob Hirth provides the following steps that such organizations should take. • Read the updated framework, understand it, and train others. • Meet with your audit firm to determine their understanding of the updated framework. • Take an inventory of where your organization stands regarding the 17 Principles. • Map your controls to the principles taking into consideration the supporting points of reference. • Evaluate the results and plan for the necessary changes. • Meet with your audit firm again. • Execute the transition plan and monitor change.
Although the updated Framework came out in May 2013, there was not an immediate rush to transition. www.theiia.org
|
13
Your Career
“As you change systems, you probably find that you have to add controls. Controls have accumulated. The updated Framework provides an opportunity to go back and get rid of any duplication.” the benefits and took on the challenge of fully applying the Framework. Anyone who has led seminars on the updated Framework has stories to tell of individuals attending a session, then taking action to ensure the organization moved forward as fast as possible.
ACCEPTING THE CHALLENGE However, in a discussion held with a roundtable of facilitators — those who lead training on the updated COSO framework with The IIA’s seminar course — the story they tell contains a hint of disappointment. As one facilitator noted, “I am constantly amazed by the number of people who come expecting detailed answers regarding Sarbanes-Oxley implementation.” Another facilitator commented, “Many participants are too focused on building their Sarbanes-Oxley programs. It is the only thing they seem to care about, and they do not always understand the broader ramifications of COSO.” Many express concern that attendees do not understand that COSO is a control framework, not just a financial framework. Rittenberg speaks for many when he says, “People are going slower than I would have expected.” And leaders within internal audit express similar concerns that the profession may miss an important opportunity if it does not recognize and accept the 14
|
The Institute of Internal Auditors
challenge of the new Framework. All involved with the COSO update — developers, trainers, and early adopters — agree that it is an invaluable source for internal auditors to provide additional value. Rittenberg adds, “I’m trying to encourage auditors to make this an opportunity.” He provides one example of the value that can be added. “As you change systems, you probably find that you have to add controls. Controls have accumulated. The updated Framework provides an opportunity to go back and get rid of any duplication.” The Framework also provides a better understanding of how objectives and controls are linked through risk assessment. Rittenberg talks about how most auditors start with the principles and then focus on controls. “Instead, they should start with risks and build to controls in relationship to the risks. That is when they will find opportunities to eliminate duplication.” Norman Marks, author of Management’s Guide to Sarbanes-Oxley Section 404, also discusses the importance of using a top-down, risk-based approach to limit the number of key controls. In the AuditChannel.tv video titled “Considering COSO 2013 from a Risk Perspective,” he discusses how auditors should look at each
component as it relates to individual objectives, then use the associated risk to determine where efforts can be most effectively focused. The roundtable of The IIA’s COSO course seminar facilitators talked about how they use the training to help auditors understand the new opportunities for the profession. The seminar contains a thorough discussion of what the updated Framework contains. But the COSO seminar also provides opportunities, through discussion and an extended case study, for auditors to better understand how management can use the Framework to drive achievement of organizational objectives. Seminar leaders take advantage of that approach to provide participants with the broad spectrum of solutions that can come from the updated Framework. And seminar attendees are responding to these approaches. Facilitators note how many seminar attendees wind up learning about the new Framework for the right reasons. As one noted, “There are always individuals in the seminars who understand it is more than Sarbanes-Oxley; they recognize that it is an opportunity to look at bigger issues.” For every story a facilitator tells about individuals who do not understand the broader implications of the new Framework, there is a story of those who do.
THE CALL TO INTERNAL AUDITORS This all means that while there is still an important Sarbanes-Ox-
Your Career
ley focus related to the updated Framework and organizations must convert to the new version by the end of 2014 (see “What You Need to Do”), there are also three important recommendations for internal audit. First is to recognize that COSO is not just about Sarbanes-Oxley. The COSO Framework is about controls and their impact on the organization’s achievement of objectives. Second is to realize the updated Framework can relate to audit work and that using its principles and looking at the full range of all components will strengthen all aspects of your audit work. Third is to be willing to take the full Framework to the board and executive management. If the organization has already embraced COSO’s original framework and ERM models, then help lead them through the changes. If the organization thinks COSO is only about Sarbanes-Oxley, help them understand the broader implications outside of external reporting. And if the organization thinks COSO is another acronym to be ignored, explain how the updated Framework will provide better assurance that the organization’s objectives will be achieved. At the core of that last recommendation is the most important challenge for audit professionals: to be a leader. The Framework provides the opportunity for every internal audit professional to be a leader within the department, within the organization, and within the profession.
A 2013 Framework Primer COSO’s updated ICF comprises five components – Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. The five components are supported by 17 principles: Control Environment • Demonstrates commitment to integrity and ethical values • Exercises oversight responsibility • Establishes structure, authority, and responsibility • Demonstrates commitment to competence • Enforces accountability Risk Assessment • Specifies suitable objectives • Identifies and analyzes risk • Assesses fraud risk • Identifies and analyzes significant change
Control Activities • Selects and develops control activities • Selects and develops general controls over technology • Deploys through policies and procedures Information & Communication • Uses relevant information • Communicates internally • Communicates externally Monitoring Activities • Conducts ongoing and/or separate evaluations • Evaluates and communicates deficiencies
Within each principle are points of focus to be used to determine the effectiveness of the specific principle. For the Framework to provide reasonable assurance that an organization will achieve its objectives, all five components must be present and functioning. For there to be evidence that a component is present and functioning, all related principles must be present and functioning. The points of focus are used to support the existence of the principles. To get the latest on COSO and supporting content, resources, tools, and training, visit The IIA COSO Resource Center at www.theiia.org.
www.theiia.org
|
15
Your Career
FRAUD According to the ACFE’s Report to the Nations on Occupational Fraud & Abuse, the typical organization loses 5 percent of its revenues to fraud each year. Although it is management’s responsibility to design internal controls to prevent, detect, and mitigate fraud, internal auditors are the appropriate resource for assessing the effectiveness of what management has implemented. The IIA has a host of resources to ensure that you, as an internal auditor, are equipped to do just that.
TRAINING RESOURCES Learn more about these courses at www.theiia.org/training.
Data Analysis for Internal Auditors Are you seeking to improve the effectiveness of your audit planning and to ensure whether or not your results can be generalized to total populations? This course provides the opportunity to learn about the analysis of large data sets, particularly how to summarize and display data, and determine the appropriate measures for describing data. eSeminar Session Dates: June 9-10; Oct. 6-7 CPE Hours Available: 8
Internal Auditing for FCPA & Anti-corruption: Leading Practice Considerations from the SEC and DOJ Guidance Compliance with anti-corruption laws such as the U.S. Foreign Corrupt Practice Act (FCPA) has been a growing focus of many organizations due to increased business activity in emerging markets, and an uptick in FCPA enforcement and fines that often reach hundreds of millions of dollars. This interactive one-day course, a joint effort between The IIA and Deloitte & Touche, will provide an overview of the FCPA and UK Bribery Act and will discuss the various roles internal auditors can play in auditing for corruption. Upcoming Offering: May 8, Atlanta, GA Course Duration: 1 day / CPE Hours Available: 8
Internal Auditing for Fraud Appropriate for auditors at all levels, this course is a joint effort between The IIA and Deloitte & Touche. It focuses on monitoring activities, understanding the nature of fraud and how it manifests itself, internal audit’s role in detecting fraud, and audit steps to detect fraudulent activities. Upcoming Offerings: May 6–7, Atlanta, GA
Sept. 23–24, Chicago, IL
Purchasing Fraud: Auditing and Detection Techniques This interactive course, a joint effort between The IIA and Deloitte, helps you to assess an organization’s risks relating to purchasing fraud, identify controls that can mitigate those risks, design audit tests to detect purchasing fraud, and investigate evidence of fraud occurring.
Course Duration: 2 days / CPE Hours Available: 16 Upcoming Offering: Nov. 18–19, Dallas, TX Course Duration: 2 days / CPE Hours Available: 16
16
|
The Institute of Internal Auditors
Your Career
FRAUD Onsite Training Get your entire team up to speed on techniques to tackle fraud-related issues. Have our Onsite training team schedule any of these courses on the previous pages or additional courses for your team of five or more at your location. • Corruption: Mitigation Strategies for Internal Audit • Detecting, Preventing, and Reporting Internal and External Fraud • Developing a Fraud Risk Management Program for Your Organization • Evaluating Organizational Ethics • Financial Statement Fraud Detection for Internal Auditors • Fraud Auditing Using ACL • Fraud Awareness for CAEs and Management • Fraud Detection and Investigation for Government Auditors • Fraud Detection and Investigation for Internal Auditors • Fraud Investigation Tools and Techniques Explore more benefits of Onsite Training by visiting www.theiia.org/onsite or contact The IIA’s On-site Training Department by e-mail at GetTraining@theiia.org or call +1-407-937-1388.
eLEARNING The IIA’s wide variety of webinars, eSeminars, on-demand self-study courses, and eWorkshops mean you can spend less time traveling to training and more time learning www.theiia.org/elearning.
eWorkshops May 12, 14, 19: For Fraud’s Sake, Create A Plan Before It’s Too Late 2:00 - 4:00 PM ET 6 CPE hours available
Members-Only Webinars Save the dates for this line-up of Members-only Webinars addressing fraud that offer free CPE opportunities at www.theiia.org/goto/MOW: April 16: Roles and Responsibilities With Fraud Sept. 16: Fraud and Embezzlement
Learn more about these training opportunities at www.theiia.org/elearning.
CONFERENCES Conferences offer a great way to delve into fraud issues and network with your peers who are facing the same tough challenges.
2014 Gaming Conference April 14–16, 2014 / Las Vegas, NV USA
Consult the course matrix on pages 10-11 for offering dates and locations.
• Developing an Anti-Corruption Program – Robert Rudloff, CIA, CRMA, senior vice president, MGM Resorts International
Learn more about any of the above courses and register today at www.theiia.org/training.
www.theiia.org
|
17
Your Career
FRAUD 2014 International Conference
GUIDANCE RESOURCES
July 6–9, 2014 / London, England
• Understand Risk and You Will Understand Fraud – Michael Fucilli, CIA, CGAP, CRMA, auditor general, Metropolitan Transportation Authority (USA) • A Primer on Fraud Investigations – H. David Kotz, director, Berkeley Research Group (USA) • Digital Forensics: The Five Big Questions – John Mitchell, Ph.D., managing director, LHS Business Control (UK) Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
GTAG 13: Fraud Prevention and Detection in an Automated World Through a step-by-step process for auditing a fraud prevention program, an explanation of the various types of data analysis to use in detecting fraud, and a technology fraud risk assessment template, this GTAG aims to inform and provide guidance to chief audit executives and internal auditors on how to use technology to help prevent, detect, and respond to fraud.
BOOKS AND EDUCATIONAL PRODUCTS The Intermediate Audit Library Collection BUY A BUNDLE - SAVE A BUNDLE! IIA Members save $453.00! • COSO Internal Control – Integrated Framework: 2013 Framework NEW! • Internal Auditing: Assurance & Advisory Services, 3rd Edition NEW! • International Professional Practices Framework (IPPF) 2013 NEW! • Quality Assessment Manual for the Internal Audit Activity NEW! • Sawyer’s Internal Auditing, 6th Edition NEW! • The Internal Auditor’s Guide to Risk Assessment NEW! • And more Item No.: 1042 Member Price: $1,100.00 Non-Member Price: $1,553.00
18
|
The Institute of Internal Auditors
Practice Guide: Internal Auditing and Fraud This guide discusses fraud and provides general guidance to help internal auditors comply with professional standards. Because fraud negatively impacts organizations in many ways — financial, reputational, and through psychological and social implications — it is important for organizations to have a strong fraud program that includes awareness, prevention, and detection programs, as well as a fraud risk assessment process to identify risks within the organization.
Your Career
FRAUD
SponSored by: The Institute of Internal Auditors The American Institute of Certified public Accountants Association of Certified Fraud examiners
Managing the Business Risk of Fraud: A Practical Guide
Managing the Business Risk of Fraud: A Practical Guide
This guidance outlines five key principles of a fraud risk management process and recommends ways in which boards, senior management, and internal auditors can fight corporate fraud. The report is the result of two years of work from a dedicated task force of more than 20 experts in the field of fraud risk identification, mitigation, and investigation. It was released by The IIA, along with the Association of Certified Fraud Examiners (ACFE) and the American Institute of Certified Public Accountants (AICPA). 1
Consult these guidance resources, part of International Professional Practices Framework (IPPF)® at www.theiia.org/guidance.
investigation when fraud is suspected in an organization. Download at www.theiia.org/goto/anti-fraudcollaboration.
Ia Magazine: The Fight Against Fraud Practitioners at Hewlett-Packard’s Internal Audit Forensics group recently helped establish a Fraud Mitigation Program (FMP) — an extensive, cross-functional initiative designed to help the company prevent and detect fraudulent activity and protect its stakeholders. The development team based its FMP on the five elements of The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control–Integrated Framework. Internal audit drove program development, with guidance and oversight from a steering committee comprising the corporate controller, chief ethics and compliance officer, and chief audit executive. Read more at www.InternalAuditorOnline.org.
THOUGHT LEADERSHIP AND RESEARCH
Carolina Wilderness Outfitters Case Study (A)
Anti-Fraud Collaboration Releases New Case Study: Combating Financial Reporting Fraud, Builds on Prior Case Study Success
AuditChannel.tv Catch the latest insight into fraud with leading experts on www.AuditChannel.tv – Data Analytics and Fraud, Future of Fraud, Vendor Fraud Case Study, and more.
The Anti-Fraud Collaboration, comprising the CAQ, FEI, NACD, and The IIA, published a second innovative case study for members of the financial reporting supply chain. The Carolina Wilderness Outfitters Case Study explores potential material fraud at a fictitious public company. The hypothetical examination is designed to facilitate a discussion of how and when to conduct an internal
www.theiia.org
|
19
Your Career
GOVERNANCE, RISK, AND CONTROLS As an internal auditor, you are called upon to assess and make appropriate recommendations for improving the governance process; evaluate the effectiveness and contribute to the improvement of risk management processes; and assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. As the professional association established to support you, the internal auditor, we have developed a host of resources to assist you in achieving those objectives.
TRAINING RESOURCES Learn more about these courses at www.theiia.org/training.
Assessing Risk: Ensuring Internal Audit Values This course provides practical insights relating to contemporary best practices of risk assessment activities and allows participants to apply what they have learned so they can implement risk assessment activities at their organization. Covering fundamentals and nuances such as audit universe, risk appetite, and fraud; and the challenges of implementation. It also addresses skill gaps many internal auditors struggle with such as how to develop their own risk assessment frameworks and how to select or construct a risk ranking system.
Risk-based Auditing: A Value Add Proposition Through case studies, group discussions, roundtables, and facilitator presentations, this course will help audit team leaders and other management level audit professionals align their organizations’ strategies, visions, and values with the internal audit process. Participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based assurance plan, understand entity-wide controls, and plan a risk-based engagement. Upcoming Offerings: This course is available in multiple formats. Please visit www.theiia.org/training for more information. Course Duration: 2 days / CPE Hours Available: 16
Upcoming Offerings: This course is available in multiple formats. Please visit www.theiia.org/training for more information. Course Duration: 2 days / CPE Hours Available: 16
Consult the course matrix on pages 10-11 for offering dates and locations. Learn more about any of the above courses and register today at www.theiia.org/training.
20
|
The Institute of Internal Auditors
Your Career
GOVERNANCE, RISK, AND CONTROLS eLEARNING
CONFERENCES
The IIA’s wide variety of webinars, eSeminars, on-demand self-study courses, and eWorkshops are available conveniently whenever and wherever you are. www.theiia.org/elearning
Conferences offer a great way to gain additional information to assist you in managing your role addressing governance, risk management, and controls issues. Check out these upcoming sessions at conference events:
eSeminars May 13–22, Aug. 5–14: Assessing Risk: Ensuring IA’s Value
2014 International Conference
May 19–22, Sept. 22–25: Performing An Effective Quality Assessment
July 6–9, 2014 / London, England
June 9–12, Oct. 6–7: Data Analysis for Internal Auditors June 9–12, Oct. 14–17: Enterprise Risk Management: An Introduction June 10–19, Aug. 5–14: Lean Six Sigma Tools For IA Fieldwork June 16–25, July 14–23: Operational Auditing: Influencing Positive Change June 23–July 2, Sept. 23–Oct. 2: Value-Added Business Controls: The Right Way to Manage Risk
• Risk Appetite and Tolerance – Richard Anderson, chair, Institute of Risk Management (UK) • People Risk Management – Keith Blacker, chairman, Protection & Investment Ltd. (UK) • Strong Governances Needs a Strong Internal Audit – Bente Sverdrup, state authorised auditor, Gjensidige Forsikring, ASA (Norway)
July 29–31, Sept. 9–11: Operational Auditing: Evaluating Procurement and Sourcing Aug. 5–14: Lean Six Sigma Tools for Internal Audit Planning Aug. 19–21: Operational Auditing: Evaluating the Supply Chain
2014 Governance, Risk, and Control Conference
Sept. 8–17: Risk Based Auditing: A Value Add Proposition
August 18–20, 2014 / Palm Beach, FL
Aug. 11–14: Statistical Sampling for Internal Auditors
Members-Only Webinars Save the dates for this line-up of Members-only webinars addressing governance and risk-related issues. Learn more about these free CPE opportunities at www.theiia.org/goto/MOW: May 14: Guidance Webinar: Internal Audit Role in Ethics, Governance, and Culture Aug. 19: Risks Around Social Media
Financial Services Auditor Group Webinars
The IIA and ISACA are collaborating again — leveraging the strength of both organizations to bring renowned speakers and relevant topics in governance, risk, and controls. Save US $200 when you register by June 6. Educational Tracks: • IT GRC – Current Trends and Approaches • Enterprise Solutions for GRC • ERM: Bridge to Excellence in Auditing • Leading Practices for Regulatory and Compliance Issues
June 5: Model Risk Management Sept. 4: Hot Topics in Compliance
Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
www.theiia.org
|
21
Your Career
GOVERNANCE, RISK, AND CONTROLS CERTIFICATIONS Find the Key to Your Success with the Certification in Risk Management Assurance™ (CRMA®) Designation. The CRMA is designed for internal auditors and risk management professionals with responsibility for and experience in providing risk assurance, governance processes, quality assurance, or control self-assessment (CSA). It demonstrates your individual ability to evaluate the dynamic components comprising an organization’s governance and enterprise risk management program and provide advice and assurance around these issues.
The Internal Auditor’s Guide to Risk Assessment – ebook Risk assessment is a core activity that impacts internal auditors on a daily basis. That is why it is so important for everyone in the internal audit function to have the skills and knowledge to assess risk. The Internal Auditor’s Guide to Risk Assessment will show you how to: • Conduct a risk assessment, step by step • Use the risk assessment to create the audit plan • Align risk assessment to business objectives Item No.: 1134.ep
Individuals with knowledge of the fundamentals of control self-assessment and facilitator experience can showcase their expertise by earning the Certification in Control Self Assessment® (CCSA®).
Member Price: $105.00 / Non-Member Price: $125.00
Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization – ebook
Visit www.theiia.org/certification for information and to apply to the CRMA, CCSA, or other certification program.
BOOKS AND EDUCATIONAL PRODUCTS Enterprise Risk Management: Achieving and Sustaining Success – ebook In today’s rapidly changing business climate, organizations are looking for proactive ways to foresee risks. To be successful, organizations must find ways to create new value and protect existing value from being prematurely destroyed. Managing the risks associated with any strategic plan is vital to ensuring the organization’s ongoing success. Item No.: 1117.ep Member Price: $80.00 / Non-Member Price: $115.00
22
|
The Institute of Internal Auditors
Organizations with Sarbanes-Oxley programs are required to use a formally recognized internal controls framework. The only framework recognized by the SEC is COSO’s Internal Control – Integrated Framework, which was updated in 2013. The guidance presented in this updated book is consistent with COSO 2013 and promotes a top-down, risk-based assessment program. Item No.: 1151.ep Member Price: $30.00 / Non-Member Price: $40.00
Access hundreds of other practitioner-reviewed educational products at www.theiia.org/bookstore.
Your Career
GOVERNANCE, RISK, AND CONTROLS GUIDANCE RESOURCES
THOUGHT LEADERSHIP AND RESEARCH
IPPF Practice Guides Covering GRC:
Ia Magazine: Gauging the Affordable Care Act
• Assessing the Adequacy of Risk Management • Information Technology Controls • Change and Patch Management Controls • Auditing Privacy Risks 2nd Edition • Auditing Application Controls • Identity and Access Management • Auditing External Business Relationships
IPPF Practice Advisories covering GRC:
In the coming years, internal auditors will play an important role in ensuring compliance and identifying risks related to the U.S. Affordable Care Act. Many will need to become intimately familiar with the law to help ensure their organization is traveling the right path. Experts say the main challenge auditors will face is the need to stay abreast of the changing laws to help identify risk and guide their organization. Read more at www.InternalAuditorOnline.org.
• Internal Audit Charter • Board Interaction • Linking the Audit Plan to Risk and Exposures • Using the Risk Management Process in Planning • Communication and Approval • Assurance Maps • Reporting to Senior Management and the Board • Governance: Definition • Governance: Relationship With Risk and Control • Governance: Assessments • Assessing the Adequacy of Risk Management Processes
IIARF Research Report: Closing the Gaps in Third-Party Risk Management Through Internal Auditing Highlights that while third-party relationships in the business community are increasing — bringing with them associated risks — internal audit’s role is relatively limited in most organizations. Go to www. theiia.org/goto/closing.
• Managing the Risk of the Internal Audit Activity • Assessing the Adequacy of Control Processes • Information Reliability and Integrity valuating an Organization’s Privacy Framework
Consult these guidance resources in the International Professional Practices Framework (IPPF)® at www.theiia.org/guidance.
AuditChannel.tv Catch the latest insight into governance, risk, and control with leading experts on www.AuditChannel.tv – COSO with Keith Kawashima, The MDM-GRC-ERM Puzzle, The Marriage of Internal Audit and Risk Management, and more.
www.theiia.org
|
23
Your Career
INTERNAL AUDIT PRACTICE Whether you are just starting your career, coming into internal audit midway through your career, or needing to enhance your skill sets with latest best practices, here are resources to support your internal audit expertise to make an impact and maintain relevancy with your colleagues, superiors, executive leadership, board, and audit committee.
TRAINING RESOURCES
Audit Report Writing
Learn more about these courses at www.theiia.org/training.
This is a hands-on course that focuses on the organization and structure of audit reports, and includes case study activities for practicing the basics of audit report writing. This course is a good prep course for more advanced audit report writing courses.
Analyzing & Improving Business Processes This course provides participants with a set of tools and techniques that can be used in any process analysis engagement. In addition, it includes numerous opportunities to apply those tools and techniques in real-world scenarios. The best way to build business process analysis skills is by doing the work, and this course is full of hands-on applications using case studies and the participants’ understanding of their own processes to apply these tools and techniques often. Upcoming Offerings: April 22 - 23, New York, NY
May 20 - 21, Dallas, TX
Course Duration: 2 days / CPE Hours Available: 16
Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
Auditor-in-charge Tools and Techniques Whether you are a recently promoted auditor-in-charge, assuming the role, or seeking a refresher, this informative session covers the organizational, time management, and problem solving skills necessary to manage a successful team. Through the use of a case study that is woven into the course, participants will learn about the roles and responsibilities of an auditor-in-charge for the phases of an internal audit.
Audit Manager Tools and Techniques Through practical exercises and case studies, participants will learn how to manage the roles and relationships of the diverse parties involved in the auditing process. Participants will learn how to maintain lines of communication with the CAE and executive management, and problem solve while motivating a team and delegating tasks. Upcoming Offering: May 6 - 9, Tampa, FL Course Duration: 4 days / CPE Hours Available: 32
24
|
The Institute of Internal Auditors
Upcoming Offerings: April 22 - 25, New York, NY
May 20 - 23, Dallas, TX
Course Duration: 4 days / CPE Hours Available: 32
Beginning Auditor Tools and Techniques To become a successful auditor, a strong base of knowledge and an understanding of basic audit skills are essential. With this program, new auditors, as
Your Career
INTERNAL AUDIT PRACTICE well as non-auditors with internal control responsibilities, can learn the ins-and-outs of an audit from beginning to end. Through team exercises, group discussion, and facilitator presentations, attendees will gain a foundation of knowledge that will allow them to prepare properly for and conduct a successful audit. A basic understanding of how to identify risks and internal controls in auditing will also be stressed, along with interpersonal and team-building skills.
Communication Skills for Auditors Through facilitator presentations, group discussions, case studies, practical exercises, and individual coaching and feedback, participants will learn to see themselves as others see them, in terms of style and the impressions they create, and increase their ability to reach negotiated agreements in a wide range of audit situations. Upcoming Offering: April 22 - 25, New York, NY
Upcoming Offerings: April 22 - 25, New York, NY
Course Duration: 4 days / CPE Hours Available: 32
May 6 - 9, Tampa, FL May 20 - 21, Dallas, TX
Course Duration: 4 days / CPE Hours Available: 32
COSO 2013: Implementing the Framework Best Practices in Internal Auditing This course will use best practices to help attendees transform their audit departments, create a desired culture, market their valuable capabilities, and measure the results. Course Duration: 2 days / CPE Hours Available: 16 New Location: Nov. 20–21, San Francisco, CA
This course examines how a principles-based approach can be used to design, implement, and evaluate a system of internal controls. You will have an opportunity to discuss the implications that the updated COSO Framework presents to the internal audit profession and to individual internal audit activities. You will also identify opportunities for utilizing the updated Framework in your internal audit process and increase the value of your assurance and consulting services.
Building a Sustainable Quality Program
Upcoming Offerings: April 22 - 23, New York, NY
An internal audit activity demonstrates its commitment to quality by meeting the expectations of its stakeholders while continuing to improve the effectiveness and efficiency of its operations. A successful quality assurance and improvement program (QAIP) is crucial to achieving this goal.
Upcoming Offering: May 20 - 21, Dallas, TX
July 8 - 9, Washington, DC
Sep. 23 - 24, San Francisco, CA
Oct. 7 - 8, Chicago, IL
Course Duration: 2 days / CPE Hours Available: 16
May 6 - 7, Tampa, FL May 20 - 21, Dallas, TX
Course Duration: 2 days / CPE Hours Available: 16
Creative Problem-solving Techniques for Auditors Through facilitator presentations, group discussions, practical exercises, case studies, and self-assessments, this course will help participants define creativity and the dimensions of creative problem
www.theiia.org
|
25
Your Career
INTERNAL AUDIT PRACTICE solving. Experienced facilitators will demonstrate five strategies for creativity and divergent thinking and explain the ground rules for convergent thinking. By the end of the course, participants will know how to jump-start creative approaches to problems and have new, immediately usable tools for logical problem solving.
assurance plan, understand entity-wide controls, and plan a risk-based engagement.
Upcoming Offering: April 22 - 23, New York, NY
Statistical Sampling for Internal Auditors
Course Duration: 2 days / CPE Hours Available: 16
The course includes different methods of random sampling (simple, stratified, dollar unit, stop/go) and non-random sampling (quota, judgmental); explains how to calculate sample size and adjust for population size and resource constraints; and examines the concept of strategic sampling to get the most information for minimum cost, including how to combine results and extrapolate, and what to report.
Financial Auditing for Internal Auditors Taking on such topics as “common recipes for cooking the books,� and covering information flow from business process to financial statement and more, this course will help participants understand how key business processes relate to financial statements, as well as the impact of information technology on financial statements. Upcoming Offering: May 20 - 21, Dallas, TX Course Duration: 2 days / CPE Hours Available: 16
Risk-based Auditing: A Value Add Proposition
Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
The course, is appropriate for all levels in public and private sectors, provides time for participants to raise issues and concerns they are currently facing and to apply what they have learned to audits currently underway, particularly typical challenges in sample selection, data interpretation, generalization, and representativeness. Available in multiple formats. Course Duration: 2 days / CPE Hours Available: 16
Through case studies, group discussions, roundtables, and facilitator presentations, this course will help audit team leaders and other management level audit professionals align their organizations’ strategies, visions, and values with the internal audit process. Participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based
26
|
The Institute of Internal Auditors
Consult the course matrix on pages 10-11 for offering dates and locations. Learn more about any of the above courses and register today at www.theiia.org/training.
Your Career
INTERNAL AUDIT PRACTICE eLEARNING
Specialty Group Webinars American Center For Government Auditing
The IIA’s wide variety of webinars, eSeminars, on-demand self-study courses, and eWorkshops mean you can spend less time traveling to training and more time learning. www.theiia.org/elearning.
March 27: When Audits Become Investigations
eWorkshops
Gaming Group
April 1, 3, 8, 10: CGAP 4- Part Review
Sept. 9: Changes to Internal Audit in Tribal Gaming Operations
April 14, 16: Intentional Audit Ledership
Learn more about these free CPE opportunities at www.theiia.org/goto/MOW.
May 29–30: Building the Communication Cornerstone June 2–3; Sept. 29–30; Dec. 1–2: Powerful Tips to Pass the 3-Part
Financial Services Auditor Group Oct. 2: Internal Audit – the World’s Greatest Profession
CIA Exam
CONFERENCES eSeminars April 28-May 23; Sept 8-Oct 3; Oct 20-Nov 14.: CIA Learning System Comprehensive Instructor-led Course - Part 3 May 6–15, July 15–24, Sept. 9–18, Nov. 3-12: Audit Report Writing
Conferences offer a great way to compare notes and benchmark your internal audit function with your peers. Check out these upcoming conference opportunities:
June 4–13, Dec. 8-11: Control Self-assessment: An Introduction Aug. 4–22: CIA Learning System Comprehensive Instructor-led
Course - Part 1
Oct. 7–30: CIA Learning System Comprehensive Instructor-led
Course - Part 2
Members-only Webinars Save the dates for this line-up of Members-only webinars addressing the operations of the internal audit activity. May 13: Lessons Learned on the Audit Trail June 17: Becoming a More Strategic Internal Auditor July 15: Pulse of the Profession
2014 International Conference July 6–9, 2014 / London, England
• Reform and Transform Your Internal Audit Function – Carolyn Saint, CIA, CRMA, vice president, Internal Audit, 7-Eleven (USA) • Importance of the Internal Audit Function Through the Stakeholders’ Eyes – David Butler, head of internal audit, Unum (UK) • Talent – The Differentiator of Great Audit Functions – Mike Taylor, head of global internal audit, Experian (UK) Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
www.theiia.org
|
27
Your Career
INTERNAL AUDIT PRACTICE CERTIFICATIONS
BOOKS AND EDUCATIONAL PRODUCTS Your Master Key to Career Success – IIA Global Certifications
Whether you are mastering the fundamentals of internal audit or moving into audit management, you owe it to yourself and your organization to pursue the Certified Internal Auditor® (CIA®), the only globally recognized internal audit credential and standard for excellence within the profession. Earning the CIA demonstrates your commitment to the profession and your career. Achieving it will increase your confidence, serve as an example for current or future staff, and build credibility with internal audit clients. Auditors specializing in financial services or government disciplines can further distinguish their expertise by earning the Certified Financial Services Auditor® (CFSA®) or Certified Government Auditing Professional® (CGAP®) designations.
The IIA’s CIA Learning System This comprehensive and interactive CIA review program teaches and reinforces the entire global CIA exam syllabus in a flexible, on-demand format. It combines reading materials, in printed and e-reader formats, with online tests and study tools to ensure you’re prepared to pass the CIA exam and armed with critical tools and knowledge to excel in your internal audit career. Item No. : 1150 Member Price: $795.00 / Non-Member Price: $895.00
Did you know? According to The IIA’s 2013 Compensation Study, internal auditors with one or more certifications earn up to 45 percent more than internal auditors with no certifications. Visit www.theiia.org/certification to review the exam syllabi and eligibility requirements, explore preparation resources, and to start your application or register for the CIA or one of The IIA’s specialty designations.
Value and Competency: The Stakeholder Perspective Successful professionals recognize that feedback from stakeholders is essential for personal growth and organizational success. This research report compares how stakeholders and internal auditors rate the profession on core competencies and organizational value. Internal auditors can use the findings about competency and value from this report to promote professional growth and achieve organizational objectives. Item No.: 5028 Member Price: $35.00 / Non-Member Price: $45.00
28
|
The Institute of Internal Auditors
Your Career
INTERNAL AUDIT PRACTICE THOUGHT LEADERSHIP AND RESEARCH Ia Magazine: The CAE’s Journey
Sawyer’s Guide for Internal Auditors, 6th Edition
Each path to the chief audit executive’s office is unique. The journey starts at a precise point on the experience spectrum, with each practitioner holding a specific career endpoint in mind — although those are subject to change beyond any individual CAE’s control. And while every path can be quite different, they all exhibit elements of commonality. Read more at www.InternalAuditorOnline.org.
This 6th edition is a 3-volume set, making the content more navigable for the reader, and each volume includes an index and glossary for easy reference. • Volume 1: Internal Audit Essentials • Volume 2: Internal Audit Processes and Methods • Volume 3: Governance, Risk Management, and Compliance Essentials Item No.: 1099 Member Price: $175.00 / Non-Member Price: $225.00
GUIDANCE The IIA’s International Professional Practices Framework (IPPF) is the authoritative guidance on the internal audit profession and consists of three mandatory elements: the Code of Ethics, the Definition of Internal Auditing, and the International Standards for the Professional Practice of Internal Auditing (Standards). The IPPF presents current, relevant, internationally consistent information that is required by internal audit professionals worldwide. Visit www.theiia.org/ guidance
Richard Chambers’ Blog: Internal Audit Licensing: Be Careful What You Wish For Numerous vocal internal audit leaders from around the world are promoting the idea of licensing practitioners as a way to enhance the profession’s stature and proficiency. They profess a licensing requirement would give internal auditors greater credibility and even influence. Read the entire blog at www. theiia.org/blogs/chambers/.
AuditChannel.tv Catch the latest insight into internal audit best practices and insight with leading experts on www.AuditChannel.tv – Adding Value, Internal Audit in 2020, Creating Value Through Integrated Reporting, and more.
www.theiia.org
|
29
Your Career
INFORMATION TECHNOLOGY Technology continues to play an ever-increasing role in internal audit as both an audit tool and audit area. Whether you’re looking for the latest guidance on the use of technology or need to sharpen your IT skills, we have a variety of solutions to fit your ever-changing needs.
Keep Your Finger on the Pulse of Technology with The IIA and Deloitte – an IT audit curriculum created specifically for IT pros, IT novices, and everyone in between. These hands-on courses are taught by skilled instructors with real world experience who make today’s technology issues clear. www.theiia.org/training. Auditing Oracle Applications
Introduction to IT Auditing
Acquire a solid understanding of how the implementation and use of Oracle applications will impact your organization. This course includes facilitated discussions, and computer-simulated class exercises. It provides a thorough overview of Oracle security basics, network and operating system security, data conversion and interfaces, and much more.
Provides a great overview of topics ranging from IT risks and controls to COSO, COBIT, and ISO 17799. This course incorporates facilitated discussions, group discussions and practical exercises, and covers a wide range of subjects, including information security, information systems strategy and planning, database implementation and support, business continuity planning, business process controls testing, system software, and hardware support and more.
Upcoming Offerings: April 29–May 2, Chicago, IL
Oct. 21–24, Costa Mesa, CA
Course Duration: 3.5 days / CPE Hours Available: 32 Upcoming Offerings: June 3–6, Chicago, IL Sept. 9–12, Atlanta, GA Course Duration: 3.5 days / CPE Hours Available: 32
Auditing PeopleSoft To effectively manage risk in most organizations today, internal auditors and control specialists must have a thorough knowledge of PeopleSoft security and control features. Participants will explore all the functions of PeopleSoft, from its security and workflow functionality to its login and password management features. Participants will learn about the software’s customization, programming, and change management control considerations. Upcoming Offering: June 10–13, Boston, MA Course Duration: 3.5 days / CPE Hours Available: 32
30
|
The Institute of Internal Auditors
Your Career
INFORMATION TECHNOLOGY SAP ERP Technical Auditing
SAP Implementation and Process Auditing
Today, SAP ERP software is used by a wide range of businesses, from small private enterprises to billion-dollar corporations. The curriculum includes facilitated discussions and practical exercises allowing participants to gain a deep understanding of SAP ERP security and technical concepts. You will also be introduced to the SAP GRC suite of tools formerly known as Virsa. In addition, gain an introduction to SAP NetWeaver and SAP Solution Manager. Note: Most concepts apply to SAP R/3 environments.
Covers the structural elements and technical features of SAP ERP, SAP ERP security, the internal control features and functions of the various SAP ERP business processes, and the SAP GRC suite of tools formerly known as Virsa.
Upcoming Offering: Sept. 16–19, Dallas, TX
Upcoming Offerings: May 13–16, Dallas, TX
Nov. 4–7, Costa Mesa, CA
Course Duration: 3.5 days / CPE Hours Available: 32
Visit www.theiia.org/training for more information on these courses and to register.
Course Duration: 3.5 days / CPE Hours Available: 32
eLEARNING SAP GRC Access Control and Process Control This course provides an essential knowledgebase, as well as hands-on learning for internal audit professionals, including information technology auditors, working in a SAP GRC environment, as well as those involved in SAP GRC implementation and configuration. Hands-on learning will be conducted with Access Control and Process Control 10.0.
The IIA’s wide variety of webinars, eSeminars, on-demand self-study courses, and eWorkshops mean you can spend less time traveling to training and more time learning. www.theiia.org/elearning.
Members-Only Webinars Save the dates for these technology-focused Members-only Webinars:
The curriculum includes lectures, group discussions, case studies, and practical exercises, allowing participants to explore the many ways that a SAP GRC implementation impacts internal auditing.
Aug. 19: Risks Around Social Media
Upcoming Offering: Oct. 6–9, Chicago, IL
Learn more about these free CPE opportunities at www.theiia.org/goto/MOW.
Course Duration: 3.5 days / CPE Hours Available: 32
Nov. 18: Master Data: Best Practices and New Challenges for Internal Auditors Dec. 16: Creativity and Innovation in Internal Audit
www.theiia.org
|
31
Your Career
INFORMATION TECHNOLOGY CONFERENCES
GUIDANCE
Conferences hosted by The IIA and local IIA chapters offer a great way to compare notes and benchmark your internal audit function with your peers. Check out these upcoming conference opportunities:
GTAG 3: Continuous Auditing: Implications for Assurance Monitoring and Risk Assessment, 2nd Edition
2014 Central Regional Conference May 18–21, 2014 / Indianapolis, IN
• Effective IT Governance: Business Criticality Driven Controls – James Yang, director – Business Resiliency, Cummins, Inc. • Auditing Cloud Computing and Identifying Bring Your Own Cloud (BYOD) Risks – Jared Hamilton, senior manager, Technology Risk, Crowe Horwath LLP
2014 Governance, Risk, and Control Conference
The second edition of GTAG 3 provides the most up-to-date guidance and best practices to successfully implement a continuous auditing approach. It focuses on the technology-enabled aspects of continuous auditing.
GTAG 4: Management of IT Auditing, 2nd Edition This guide takes into account the latest developments in the IT landscape and empowers CAEs to more efficiently and effectively manage their IT audit work by focusing on three core areas: determining where IT audit resources are needed; accurately evaluating IT-related risks; and executing IT audit work.
August 18–20, 2014 / Palm Beach, FL
The IIA and ISACA are collaborating again — leveraging the strength of both organizations to bring renowned speakers and relevant topics to members and other professionals in the governance, risk, and control disciplines. Save US $200 when you register by June 6. Educational Tracks: • IT GRC – Current Trends and Approaches • Enterprise Solutions for GRC • ERM: Bridge to Excellence in Auditing • Leading Practices for Regulatory and Compliance Issues Visit www.theiia.org/conferences for more information on these and other upcoming IIA events.
32
|
The Institute of Internal Auditors
GTAG 7: Information Technology Outsourcing, 2nd Edition This guide is to help CAEs and their audit teams determine the extent of internal auditor involvement when IT is partially or fully outsourced in their entities by providing information on the types of IT outsourcing (ITO), the life cycle of ITO, and how internal auditors can approach risk in connection with ITO delivery. Consult these guidance resources, including GTAGs that address IT, part of International Professional Practices Framework (IPPF), by visiting www.theiia.org/guidance.
Your Career
INFORMATION TECHNOLOGY BOOKS AND EDUCATIONAL PRODUCTS
THOUGHT LEADERSHIP AND RESEARCH
A New Auditor’s Guide to Planning, Performing, and Presenting IT Audits
Ia Magazine: What Can Auditors Do About Data Breaches?
Information technology is a highly dynamic, rapidly changing environment. IT auditors are expected to stay current with the latest tools, technologies, and trends, and may need to do additional research to prepare for specific audits. This book is designed to help aspiring and active internal auditors take a step back and understand the general process and activities involved in conducting an audit around technology.
Most people have heard of, or may have been directly affected by, the recent Target data breach, which exposed 40 million customers’ credit card information during the busy year-end holiday shopping period. Given the sophistication of the Target breach, most organizations would tend to respond by increasing their own security infrastructure. However, sometimes the root causes of a breach are weaknesses in basic security procedures. Read more at www.InternalAuditorOnline.org.
Item No.: 1070 Member Price: $60.00 / Non-Member Price: $70.00
Tone at the Top: Big Data: Collect It, Respect It Auditing Social Media: A Governance and Risk Guide If you want your business to stay ahead in the game, then this one-stop guide will help you navigate through the maze of risks and governances surrounding social media. Auditing Social Media explains how your organization can thoroughly ensure it has the adequate measures in place to capitalize on social media while protecting itself from excessive risk.
Explores the increasingly popular — and risky — practice of collecting, storing, and using large amounts of data. Access now at www.globaliia. org/Tone-at-the-Top.
AuditChannel.tv Catch the latest insight into internal audit best practices and insight with leading experts on www. AuditChannel.tv – Technology Expertise, 5 Risks of Cloud Computing, Updates to FTC Disclosure Guidelines, and more.
Item No.: 1081 Member Price: $39.95 / Non-Member Price: $49.95
Access hundreds of other practitioner-reviewed educational products at www.theiia.org/bookstore.
www.theiia.org
|
33
Your Career
Local Highlights Professionals on the Rise 2014 IIA CONFERENCES CENTRAL REGIONAL CONFERENCE May 18–21, 2014 Hyatt Regency / Indianapolis, IN
INTERNATIONAL CONFERENCE July 6–9, 2014 ExCeL London / London, England
GOVERNANCE, RISK, AND CONTROL CONFERENCE (IIA/ISACA) Aug. 18–20, 2014 The Breakers / Palm Beach, FL
NORTHEASTERN REGIONAL CONFERENCE
Sept. 7–10, 2014 New York Marriott at the Brooklyn Bridge / Brooklyn, NY
IT AUDIT & CONTROLS CONFERENCE (IIA/MIS)
Sept. 30–Oct. 2, 2014 Hilton San Diego Resort & Spa / San Diego, CA
ALL STAR CONFERENCE
Oct. 28–30, 2014 Caesar’s Palace / Las Vegas, NV
34
|
The Institute of Internal Auditors
Bank of Washington Promotes Carol Dunigan and Angie Lane The Bank of Washington announced the promotions of Carol Dunigan and Angie Lane. Dunigan has been promoted to vice president of finance and risk management. With more than 25 years of financial experience, Dunigan has worked for the Bank of Washington for over 12 years in her previous position as vice president of internal audit. Prior to joining the Bank of Washington, she worked as an internal auditor at United Bank of Union, as well as the assistant vice president of internal audit/compliance officer at Capital Bancorporation, Inc., Cape Girardeau, MO. She is a member of the Rotary Club of Washington and has volunteered with a variety of committees within the bank and the community. Lane has been promoted to internal auditor. She has more than 13 years of Bank of Washington experience and over 17 years of financial experience. Lane started her career with the bank as a teller, moving to loan operations, then credit, and most recently audit assistant. Lane graduated from New Haven High School, received her associate’s degree from Illinois Central College, and received her bachelor’s degree in accounting from Maryville University. She is also a member of the Missouri Bankers Association and volunteers with the United Way.
Chapter News IIA–Los Angeles Chapter Celebrates 70 Years The IIA–Los Angeles Chapter held its 70th Anniversary celebration. It was an evening of fun, networking, and celebration of a historical milestone in Awards to chapter members with the chapter’s history. Festivities included 20+ years of IIA membership. raffles, giveaways, a DJ spinning tunes from 1943 to 2013, headshot photos, complimentary cocktails and heavy hors d’oeuvres, and a special video of congratulations from Richard Chambers, IIA President and CEO. The highlight of the evening was several lucky members going home with prizes that included an iPad mini, Samsung Galaxy, and Los Angeles Lakers tickets.
Your Career
Gear Up for May, International Internal Audit Awareness Month Advocating internal auditing is critical to The IIA’s mission and to advancing the profession. Although The IIA fervently promotes advocacy throughout the year, May is International Internal Audit Awareness Month — the perfect time to ramp up advocacy efforts and celebrate the profession at the chapter level and within your own organization. We encourage you to begin preparing for this international celebration so we can unite across the globe to showcase the value of internal auditing to boards, executive management, coworkers, and the greater business community. Last year’s Awareness Month was a great success by all accounts. Institutes and chapters around the world held informational seminars, luncheons, black-tie galas, and charity events. Numerous groups reached out to local government officials, prompting them to issue proclamations recognizing May as International Internal Audit Awareness Month. Individual members also celebrated within their organizations by hanging posters, using the Awareness
Month digital icon in their email signatures, hosting “lunch-andlearns,” and distributing goodie bags and other tokens to their coworkers while educating them about the profession. Throughout the month, IIA members shared their ideas, photos, and stories via social media. We want May 2014 to be an even greater success. Download the free Building Awareness Toolkit — updated for 2014 — for inspiration and the tools you need to help you celebrate and promote the internal audit profession in your workplace and local community. The toolkit contains the updated “All in a Day’s Work” brochure to help you explain internal auditing’s important role to senior management, coworkers, and other internal audit stakeholders. Join us this May in the global effort to advocate for internal auditing!
Have news to share? As an organization comprising more than 180,000 members globally, The IIA wants to share the achievements, accolades, and initiatives of our members and chapters. From a member’s promotion to great chapter program, we want to hear about it and share through it Your Career Compass, IIA Connection, and social media. What can you submit? Anything you think is newsworthy. ■■ Award Announcements ■■ Member Promotion, Retirement, or Move ■■ Innovative/Successful Chapter Events/Programs ■■ Community Outreach ■■ Member/Chapter Achievements or Milestones ■■ Advocacy Efforts
Audit Career Center If you are looking to launch your internal audit career or are seeking qualified employees, The IIA’s Audit Career Center is a proven source for resume posting and focused candidate searches. www. theiia.org/goto/careercenter.
We encourage photo submissions, if applicable. Submit at www.theiia.org/ newsletter-submission-form. www.theiia.org
|
35
Your Career
Realizing the
VISION
They serve us all. Regardless of where you live in the United States, there is a public sector auditor who is working to ensure that the services your community, your state, and this country depend on to operate are working as they should. Being successful in this role requires that practitioners navigate unique challenges. The IIA has always recognized the unique needs of public sector auditors and established specialty certifications and programs to support those needs. However, there was always a vision that the organization could do more. With the launch of The IIA’s American Center for Government Auditing (ACGA) in 2014, that vision is becoming a reality. “Government auditors are often whom I refer to as the guardians of public trust,” says IIA President and CEO Richard Chambers, CIA, CGAP, CCSA, CRMA. “They have so much responsibility. The citizens, the taxpayers, and the public look to government auditors to provide assurance around how effective and efficient government operations are. We take very seriously this opportunity to serve them in ways we’ve 36
|
The Institute of Internal Auditors
never been able to before.” To do so, The IIA brought together some of the most influential government audit executives from across the country to participate in focus groups that helped identify the needs and expectations of government auditors. Input from these professionals ultimately led to the design of the solutions that the ACGA will start delivering in 2014.
So what can public sector auditors expect from the ACGA? The robust benefits include: ■■ Industry News. ■■ Guidance and Resources. ■■ Networking Opportunities. ■■ Thought Leadership and Research. ■■ Training and Career Development. ■■ Plus all the benefits currently available from The IIA.
Your Career
“The ACGA’s singular, unified voice will be there to positively influence government auditors by providing unique solutions to unique situations.” With more than 9,500 members, the ACGA is already off to a strong start, and it’s a momentum that its director, Jim Pelletier, CIA, plans to fuel by continuing to expand the center’s benefits. “Auditing in the public sector has its own set of unique challenges,” says Pelletier. “From shrinking budgets to sometimes brutal politics…and public oversight to constant media coverage, the environment in which we operate is always changing and always high pressure. My goal is for the ACGA to become the premier resource for auditors in the public sector.” Key to accomplishing his goal is keeping the unique needs of the members at the forefront of all offerings. “The ACGA understands the budget and travel restrictions government auditors often face, especially when it comes to training. Our initial focus will be on providing high-quality online training, eliminating the need for travel and keeping costs low.” As evidence of its commitment to cost-effective training, he encourages ACGA members to take advantage of the free halfday virtual event on Cyber Defense in the Public Sector coming in May. He also encourages public sector auditors to keep their eyes peeled for the ACGA’s first two Knowledge Briefs, “Coach, Not Critic: 10 Win-
ning Plays for Government Auditors” and “Managing Up: Communicating Effectively with the Audit Committee,” both of which he promises will offer valuable insights from leading government auditing executives. Pelletier’s vested interest in seeing the ACGA succeed is rooted in his own public sector experience, having served as city auditor for the city of Palo Alto, Calif., and the chief of audits for the County of San Diego. Through his leadership, the county was awarded the National Association of Counties 2011 Achievement Award for Accountability & Transparency of ARRA Funds, and the 2010 Achievement Award for the Management Control Initiative which also received Honorable Mention from the Government Finance Officers’ Association’s Award for Excellence in Government Finance. With Pelletier at the helm and with a large pool of members eagerly anticipating the benefits this new level of support can offer, the ACGA is positioned for success. “As a public sector internal audit director, meeting multiple stakeholders’ expectations is a unique challenge for me. The ACGA’s singular, unified voice will be there to positively influence government auditors by providing unique solutions to unique
situations,” says IIA member Steve Goodson. It’s a vision that Chambers hopes to make a reality for every public sector auditor who joins the ACGA. “It’s our intention with the American Center for Government Auditing to provide government auditors with the resources and the insights to allow them to be successful. We want to make them influential, impactful, and indispensable.” For more information about ACGA membership benefits and pricing, please visit acga.theiia.org.
Free ACGA Member eLearning Opportunities Webinar: When Audits Become Investigations March 27, 2014 2:00 p.m.–3:00 p.m. ET 1 CPE Symposium: Cyber Defense in the Public Sector May 15, 2014 12:00 p.m.–4:00 p.m. ET 4 CPEs
www.theiia.org
|
37
Your Career
TRAIN
When you begin with training from your global association solely dedicated to the practice of internal auditing, add peer-reviewed content developed by subject matter experts, and offer multiple delivery options that are flexible and convenient for your members, the result is an opportunity to train your way. Get familiar with the training options available to you with this at-a-glance view.
YourWAY
COMPARISON OF THE IIA’S LEARNING SOLUTIONS TRAINING METHODS e-Seminars
Onsite Seminars
Online
X
You choose location
X
Seminars
Conferences
Vision University
X
X
e-Workshops
Self Study
Webinars
X
X
X
X
X
X
X
X
X
X
ACCESSIBILITY On location
X
X
Course variety
X
X
X
Face-to-face instruction
X
X
X
X X
X
ENGAGEMENT Best practice exchange
X
X
X
Network with other participants
X
X
X
Q & A interaction
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SCHEDULING FLEXIBILITY Time bound
X
X
Choose time convenient for you
X
Available around the clock
X
X X
X X X
CONTENT NASBA Compliant
X
X
X
X
X
X
X
X
NASBA and IIA CPE Compliant
X
X
X
X
X
X
X
X
Developed by subject matter experts
X
X
X
X
X
X
X
X
Peer reviewed
X
X
X
X
X
X
X
X
X
X
X
X
X
X
N/A
Customizable Based on internal audit member input
X X
X
X
VALUE Economically priced
X
X
X
X
X
X
Group or other discounts available
X
X
X
X
X
X
Several hour sessions over multiple days
X
X
X
X
Several hour sessions over multiple weeks
X
X
Apple- Mac
X
X
X
Microsoft Windows
X
X
X
TIME COMMITMENT/ COURSE DURATION 1-4 Consecutive day training
X
X
X
X
LEARNING DEVICE X X
Tablet
LIMITED
LIMITED
Smartphone
LIMITED
LIMITED
38
|
The Institute of Internal Auditors
PREPARE TO PASS THE CIA EXAM. ®
#1 GLOBAL
PROVIDER OF
CIA EXAM PREPARATION
At work, at home, or in between. With a busy and unpredictable schedule, finding the time to study can be difficult. Take advantage of your downtime with The IIA’s CIA Learning System®. Log on to your online materials from work, home, or wherever you have an Internet connection.
Choose The IIA’s CIA Learning System and: • Learn the entire global CIA exam syllabus in a concise and easy-to-understand format. • Travel light and access your reading materials via your e-reader device. • Create a customized SmartStudy™ plan based on your areas of strength and weakness. • Study on-the-go with interactive online study tools that are optimized for your mobile device.
Success starts with a solid plan. Create your free study plan at www.LearnCIA.com/plan
“ After researching other materials and classes, I chose The IIA’s CIA Learning System because I wanted both online tools and printed manuals. I knew I could trust The IIA. The materials certainly prepared me well for the tests as I passed all three parts on my first attempt.” Peggy Willens, CIA Audit Manager, Brooklyn, NY
Your Career
LESSONS
Audit Trail on the
What if you could see into the future? Would it change the course of your career? In Lessons Learned on the Audit Trail, Richard F. Chambers offers a unique and compelling perspective on the internal audit profession based on nearly 40 years of serving as an internal auditor, including directing the internal audit functions at major private and public organizations and leading The IIA, a global organization, as its president and chief executive officer. “I have learned many important lessons over the course of my career, including how to overcome difficult obstacles and stay true to your beliefs,” says Chambers, CIA, CGAP, CCSA, CRMA. “If I can help other internal auditors become better prepared for the challenges and opportunities that lie ahead in their careers, then writing this book will have been well worth it.” Lessons Learned on the Audit Trail, set for release in March 2014 by The IIA Research Foundation, is filled with 40
|
The Institute of Internal Auditors
intrigue and insight into an internal audit profession that’s far from black and white. Chambers invites readers to delve into his thought process behind a number of strategic career moves, from telling one boss that he wanted his job to turning down a presidential appointment as inspector general of a major utility. What do trash cans, extraterrestrials and the Grand Canyon have in common? In a revealing look at how small stones can create big waves, Chambers uses colorful anecdotes
and pivotal life experiences that communicate some tough big-picture lessons and how seemingly minor findings in an audit report can result in intense public scrutiny and a media firestorm. Chambers’ experiences span time zones, industries, and top levels of government through a remarkable career that includes national internal audit advisory leader at PwC, inspector general of the Tennessee Valley Authority, deputy inspector general of the U.S. Postal Service,
director of the U.S. Army Internal Review and, ultimately, president and CEO of The IIA. His stories offer important life lessons for internal auditors, including:
“His passion for the internal audit profession comes through on every page.”
■■ Identifying the attributes shared by successful internal auditors. ■■ Strategies for successfully demonstrating the value of internal audit. ■■ Understanding how relationship acumen is critical to long-term success. ■■ Anticipating how small stones can create big waves. ■■ Addressing the ultimate enduring challenge of timeliness. “Throughout the book, Richard champions high professional standards and ethical conduct, and his passion for the internal audit profession comes through on every page,” says Cynthia Cooper, author of Extraordinary Circumstances: The Journey of a Corporate Whistleblower about the WorldCom fraud, and CEO of The CooperGroup LLC. “He shares often hard-won lessons learned while on the audit trail, as well as principles that can help you transform your career, take advantage of opportunities, and be well prepared for the challenges ahead.” Whether working in government, the private sector, or for a not-forprofit organization, internal auditors in any phase of their career will benefit from the wisdom Chambers shares. The thought, detail, and perspective he pours into the book follows his career-long commitment as an advocate for the profession.
“Richard Chambers has been there and done that,” says Joseph T. Wells, founder and chairman of the Association of Certified Fraud Examiners. “Using real-life examples, he underscores themes of diligence, ethics, professionalism, and integrity.” Harold Silverman, vice president of internal audit at The Wendy’s Co., calls Lessons Learned on the Audit Trail “a comprehensive playbook for anyone committed to becoming a successful leader in the internal audit profession.” Indeed, Chambers sees his book as paying it forward to the internal audit community. “We’ve come a long way in our profession, evolving from being able to look only backward to anticipating and challenging expectations through crucial insight and foresight,” Chambers says. “We’re
able to help our companies and organizations understand the risks that lie ahead. We’re not just looking in the rear-view mirror, but as internal auditors, we have our hands firmly on the wheel. “Writing this book has been one of the most rewarding experiences of my life,” Chambers adds. “I want to invite others into my life so they can see how circumstances and opportunities prepared me for my personal success on the audit trail.” To order Lessons Learned on the Audit Trail, visit www.theiia.org/ bookstore. www.theiia.org
|
41
Your Career
CERTIFICATION Corner CERTIFICATION SPOTLIGHT JENNIFER K. BOOTH, CIA, CRMA IT Auditor, Data Center, Inc., Hutchinson, KS USA Member, IIA–Wichita Chapter
1. What prompted you to become certified? Since I didn’t come from a traditional audit background, after only a few months of starting my auditor position, I knew I needed to start my certification journey. I did it more to gain the audit knowledge I knew I would need to be a value to my company than I did for the letters after my name.
2. How does having an IIA certification set you apart from your non-certified peers? You become a go-to person for your management team. When you have a certification that can further support your work experience, you have the winning combination. You have to work hard to become certified. It does pay off.
3. How did you prepare for the exam? I studied…lots and lots of studying! I used The IIA’s CIA Learning System (both the books and online). I actually still use the guides in some of my day-today work — they are excellent reference material. If I got stumped in an area, I’d go to my company “experts.” If I had trouble with a financial statement question, I went to our CFO and controller. Network question, I went to our chief systems and chief
42
|
The Institute of Internal Auditors
technical officers. Human Resources, I went to our VP of human resources. I was able to build relationships and knowledge at the same time.
4. How has your certification helped your career? I have been beyond blessed by the opportunities I have received since earning my CIA. First, just seeing my company becoming stronger through my ability to provide better value through my audits, is a huge reward. Being able to have a seat and participating at Audit Committee meetings — seeing my Audit Committee happy is also tremendously rewarding. I’ve also been able to be our company lead on external audits. I’ve met new people and had the ability to help advance the profession in ways I could never imagine
5. What advice do you have for others who are seeking certification? Just do it! Don’t let anything hold you back. The process of studying is educational and informative. Being certified will boost your confidence and let people know you’re not just an internal auditor, you’re a Certified Internal Auditor.
Your Career
Certified Government Auditing Professional® (CGAP®) Study Guide Book and Model Exam Study Questions on CD-ROM Bundle Item No: 1083 Member Price: $85 Non-Member Price: $105
COSO Internal Control – Integrated Framework: 2013 (Framework) – eBook Item No: 6278.ep Member Price: $126 Non-Member Price: $157.50
COSO Internal Control – Integrated Framework: Turning Principles Into Positive Action Item No: 1135 Member Price: $60 Non-Member Price: $75
CRMA® Exam Study Guide, 1st Edition Item No: 1130 Member Price: $75 Non-Member Price: $85 Now available as an eBook
International Professional Practices Framework (IPPF) 2013 Edition Item No: 1127 Member Price: $55 Non-Member Price: $75
Management’s Guide to Sarbanes-Oxley Section 404: Maximize Value Within Your Organization – eBook Item No: 1151.ep Member Price: $25.50 Non-Member Price: $40
Quality Assessment Manual for the Internal Audit Activity Item No: 1131 Member Price: $215 Non-Member Price: $260
The Internal Auditor’s Guide to Risk Assessment Item No: 1134 Member Price: $110 Non-Member Price: $130
Internal Auditing: Assurance & Advisory Services, 3rd Edition
Value and Competency— The Stakeholder Perspective
Item No: 1133 Member Price: $140 Non-Member Price: $170
Item No: 5028 Member Price: $35. Non-Member Price: $45
2014
l0 BEST SELLERS www.theiia.org/bookstore All Books 10% Off Use Promo Code: CC613 Offer Expires: July 15, 2014
www.theiia.org
|
43
I Am Connected, Knowledgeable, Confident…
I Am More.
Angelina Vavasour, CIA, CRMA Member Since 2006
“I have experienced tremendous value in being an active member of The IIA and of my local IIA chapter. Through my membership and chapter involvement, I have built a wealth of resources, best practices, and guidance to help me deal with real issues. I have also developed peer connections that I never would have otherwise. There is no other way to gain that professional exposure or experience that I am aware of.” Membership in The IIA means stronger connections, greater influence, and more opportunities for career development.
140506
I Am More with The IIA.
Join The IIA today at TheIIA.org.