Controlling access to data within the audit team – open or closed? (DGIA #2)

This article is about control over access to data within the audit function, to help guide the decision regarding which of these two options would be appropriate: Open access: The entire audit team is granted access to data collected by the team, across audits (with specific exceptions as necessary). Or Closed access: Specific audit team members are allowed access

Do you focus on your customer when thinking about risks?

As a business leader, you are risk-aware. You want to innovate to add value, while maintaining compliance. You do this because you want your organisation to succeed, and delight customers. As a risk leader, you have developed business acumen. You want to add value and enhance compliance. You do this to help your organisation succeed, and delight

Why auditors need a specific data governance approach (DGIA #1)

Why you, as an auditor, need to think a bit differently to the rest of the organization, and specifically govern the data that you use for audits.   In your audits, you will regularly combine data from different domains to test your hypotheses.   Most data analysis focuses on a single subject matter or a single

Why are auditors increasingly using complaints & customer feedback data?

It’s not often that internal auditors get the opportunity to help in identifying revenue leakage. Most audits focus on compliance matters or loss prevention. So, when the opportunity arises, we need to act quickly. Partnerships are a growing area for large service-based organisations, especially those with strong brands and established customer bases.   Working with

Data in audit – reducing noise, false positives

When using data, one of the main challenges faced by auditors is the volume of exceptions generated. How can we overcome this? Traditional audit sampling typically involves evaluation of between 5 and 50 items; consequently, the number of exceptions doesn’t fall out of that range. However, when we use larger sets of data – across full

Performance Audits – creating and sustaining Public Value

This article is for: Performance Auditors, to help explore their critical role in sustaining Public Value.[1] Internal Auditors, in conducting performance audits i.e., assessing economy and efficiency within their organisations.   Remind me: what is ‘Public Value’?   Progressive organisations recognise the important role of audit and assurance activities in helping create and sustain value.   Public Value is achieved

SAS70 Certification and other common SOC report myths

If you use or plan to use a cloud/SaaS/hosted solution, how do you ensure that the service provider is protecting your systems and data? Rely on their SAS70 reports, right? Not quite. In this article, we explain why this is not the right answer and explore a few other common myths.   Background System and

Supply chain risks – brand damage & financial loss

This post originally detailed how contingent resourcing and SEO could damage brands. It has since been expanded, with the update first, followed by the original post.   Update: 24 Sep 2019 If you are listed as a client on a supplier’s website, does it create risk? What about listing your suppliers on your website? Let’s