Free Essay

Emerging Issues in Internal Auditing

In:

Submitted By gtkids9
Words 859
Pages 4
Internal auditing covers a broad range of areas that includes a lot of regulation. Even more focus is on information technology. “As the demands of traditional audits responsibilities and the growing burden of information security evolve, the industry is beginning to see emerging trends in internal auditing departments across many organizations” (Hirth, 2012). Information technology controls continue to increase in importance to today’s organizations as reliance on technology and compliance requirements increase. Deficiencies in information technology controls can have a significant impact on the organization. According to a 2011 presentation by public accounting firm Deloitte & Touche, the following are some of the top emerging information technology emerging issues. Social networking and social media technologies is expanding into new areas, including user communities, business collaboration, and commerce. The risks in this area include brand protection, unauthorized access to confidential data, and regulatory or legal violations. Historical audits are not sufficient to determine risks in this area as the medium is constantly changing. The audit plans should be updated every year based on a review of social media usage within the company with an eye on emerging risks. Mobile devices, including cell phones and tablets have become common workplace tools. These devices do not maintain the same level of data security as the organizations stationary network. There is a risk of loss of business data through the loss or theft of the phone or tablet or a breach of security with a virus. The mobile devices are also not as secure to the user access as the network. Again, historical audits are not sufficient to determine risks in this area. The organization would need to determine what devices are currently being used, the company’s current policies and procedures, the ability of the information technology department to “push down” controls to the selected devices, etc. For example, the ability to wipe sensitive information from a device remotely should the device be lost, stolen, or otherwise compromised. Malware, or malicious software, increases in sophistication daily. It also has more ways to access the organizations data, such as mobile devices and tablets. Along with this, most computers are setup with local admin access so that employees can work from home. The risks include the loss or theft of critical information, hardware impacts, and cash impacts. The internal audit department should understand the organizations approach to malware identification, isolation, and remediation. They should also consider the impacts to mobile devices and update schedules and monitoring.
The economic downturn has forced some organizations to cut back on critical information technology investments. As these organizations resume these projects, even with reduced staffing levels, there is the risk of project delays or even failures, completed projects that do not have the necessary security and controls, insufficient vendor management, and a failure to meet business objectives. These projects should be included in the organization’s annual audit plan so that a proper risk assessment can be completed along with providing the needed guidance on necessary security and controls. If it is not done until after the project is complete it creates additional risks. External computing solutions, also known as The Cloud, have grown in popularity. These solutions are provided by another organization to yours as a service over a network, such as the internet. With these services, provided by a third party, the internal audit department would not necessarily have administrative access. There are also risks regarding data management, such as the location of the network, compliance with regulations, recovery of data, and data security. The internal audit department would need to identify the cloud strategies in use or planned and determine what data is impacted. They would then need to perform a risk assessment of that data. They would then have to identify controls that could be put into place to mitigate those risks. It would be best if these things could be done prior to the implementation of the solution so that the mitigation controls could be included within the agreement with the service provider. Electronic Records Management, or paperless records, is an increasing area of information technology. This provides for risk with loss of data in the conversion process, regulatory violations if there are inadequate controls, and storage, retention, and forensic issues. The internal audit department will need to determine the extent of the electronic records management deployment; identify the impacted data and processes; and ensure that the data is mapped against existing data management policies, procedures, and legal requirements. Finally, they will need to evaluate the storage controls and monitoring and test these controls as they deem necessary. Information technology is constantly evolving and internal audit must evolve with it. If the auditors are not current with these and other emerging issues they will not be prepared to determine a risk involved when auditing an area of the organization that employs them and it will leave that organization open to possibly significant risk. References
Hirth, R. (2012). Emerging issues in internal auditing. RB Publishing Inc. Retrieved from http://documentmedia.com/ME2/dirmod.asp?sid=&nm=&type=Publishing&mod=PublicPublic
Deloitte (2011). Top 10 emerging it audit issues. Deloitte. Retrieved from http://www.nyiia.org/events/Top_10_2011_Emerging_IT_Audit_Issues.pdf

Similar Documents

Premium Essay

Corporate Governance

...my Abstract: This study aims to provide a concise view of the background of Saudi Arabia‟s legal system, important regulations and monitoring policies related to the corporate governance followed by the Saudi government to enhance the attractiveness of the business environment. In so doing, this study attempted to provide an overview on corporate governance in the emerging markets and more specifically in Saudi Arabia. Additionally, this study has shed lights on the main monitoring devices which play a significant role in regulating and developing the Saudi business environment. The focus was on some corporate governance mechanisms that might affect firm performance including board composition (BODCOM), CEO duality (DUAL), board size (BSIZE), audit committee independence (ACIND), audit committee activities (ACMEET) and audit committee size (ACSIZE). Keywords: Corporate governance, firm performance, emerging countries, Saudi Arabia. 1 British Journal of Arts and Social Sciences ISSN: 2046-9578, 1. Introduction The topic of corporate governance is assuming growing importance in emerging economies at the same time that financial scandals in the U.S. and other countries (Enron, Arthur Anderson, WorldCom, and Adelphia) have resulted in demands for improved corporate governance practices in developed economies...

Words: 15071 - Pages: 61

Premium Essay

Role and Function of Pcaob

...function of the PCAOB and AS 5 and AS 11 Ramecha Davis This paper is submitted in partial fulfillment of the requirements for Auditing BUS5423 Section 70 Texas Woman’s University Dr. John Nugent April 20, 2015 Abstract The purpose of this research paper is to provide an in depth review of the Public Company Accounting Oversight Board (PCAOB) and how it contributes to the interest of the Sarbanes Oxley Act of 2002. The research highlights the importance of the PCAOB’s role in the accounting profession as well as prospective changes that may evolve in the future related to PCAOB. Upon reading this research the reader will be familiar with PCAOB’s roles and functions, as well as auditing standards (AS) released such as AS5 and AS11. The PCAOB’s significance in the protection of investors is revealed as well. Keywords: SEC, PCAOB, SOX, AS 5, AS 11, Internal Control, Materiality Table of Contents Introduction……………………………………………………………………………………………….5 PCAOB…………….……………………………………..……………………………….……….……5-6 a) The PCAOB Mission, Vision, & Core Values………………………………….………........6-7 b) Current Standards…………………………………………………………….…..............…7-8 c) Future Standard Plans…………………………………………………………………….…8-9 Sarbanes Oxley Act of 2002 Section 404……………………………………………………………...….9 a) Auditing Standard 5…………………………………………………………………….….9-10 b) Auditing Standard 11……………………………………………………………………..10-12 c) Communication Requirements..............................................

Words: 4910 - Pages: 20

Premium Essay

Au2 Blueprint

...Advanced External Auditing [AU2] Examination Blueprint 2013/2014 Purpose The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association’s...

Words: 7165 - Pages: 29

Premium Essay

Ethics, Compliance Auditing, and Emerging Issues

...Ethics, Compliance Auditing, and Emerging Issues INTERNAL MEMO TO: John Doe CEO FROM: Glen Leonard RE: Ethics Program / Training /Compliance Auditing ------------------------------------------------- DATE: February 22, 2016 This memo serves as notice that we will soon initiate efforts to develop and implement an ethics program as well as the appropriate training and an effective way to monitor those plans. As you are aware, consumers and partners want to work with companies they can trust, and having a program that will build management skills and effectively structure business controls is a great way to become transparent and build that trust. Overall, an effective ethics and compliance program will protect the organization by identifying and preventing inappropriate conduct while promoting adherence to the legal and ethical responsibilities of the organization. The core components of the proposed ethics program will include: * Establishing Standards and Procedures – this will include code of conduct, policies and procedures * Training and Education, to ensure employees are trained on the code of conduct, policies and procedures and other programs and objectives that are relevant to the program * Monitoring, Auditing and Evaluation establishing a system to detect and prevent unethical conduct and to ensure the system is effective and being adhered to. To close, with the establishment of an effective ethics programs...

Words: 1669 - Pages: 7

Premium Essay

Dvanced External Auditing [Au2] Examination Blueprint 2013/2014

...Advanced External Auditing [AU2] Examination Blueprint 2013/2014 Purpose The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association’s...

Words: 7165 - Pages: 29

Premium Essay

Internal Audit

...employees. Internal audit is no different. The numerous career options available to new entrants and the seasoned audit practitioner make it imperative for audit managers to continually re-evaluate their approaches to ensure that the internal audit department is adequately staffed both in terms of numbers as well as skill sets to discharge its functions effectively. The IIA Attribute Standards / and Performance Standards are very clear and definitive on this: i) Attribute Standard 1210 - Proficiency Internal auditors should possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills and other competencies needed to perform its responsibilities. ii) Performance Standard 2030 - Resource Management The Chief Audit Executive should ensure that internal audit resources are appropriate, sufficient and effectively deployed to achieve the approved plan. Professionalism Internal auditing is grounded in professionalism and efficiency. Today's internal auditors are a far cry from the 'fault finders' or 'policeman' role that the profession has long been associated with. Modern day internal auditors are routinely consulted on all aspects of the organisation's activities from strategic planning issues to the standard day-to-day operational issues relating to the risk environment and internal control framework. They are continually on the lookout for emerging risks...

Words: 2392 - Pages: 10

Premium Essay

Accounting and Financial Reporting for Business

...the top ten largest companies in America before its downfall into bankruptcy. The failure of Author Andersen and Enron is still a puzzling, outside America. Auditing and accounting principles in the United States of America are considered strong and sophisticated. Transparency and disclosure are really emphasized in American companies, and because of this the downfall of Andersen and Enron still raises questions. This has since become a case of reference in review of issues concerning financial reporting and auditing. It has also been used to explain about regulations on auditing and accounting inside and outside America. This case has brought about huge implications on corporate governance to other countries. Enron Corporation declared its bankruptcy in the year 2001. Afterwards, Anderson’s downfall occurred in 2002. It has been a big question, outside America, on what brought about this failure. The General Accepted Accounts Principles, in the US, are very well developed. These principles require clear disclosures of financial statements that are audited. They also require an established federal agency and a commission to monitor financial reporting. Cases have been written, from the failures of Enron and Andersen, for the exploration of accounting, auditing and financial reporting issues in the US. The head of auditing of Enron Corporation was fired during the company’s downfall for destroying important documents, upon realizing that the company’s accounting methods were...

Words: 1202 - Pages: 5

Premium Essay

Ethics of Offshoring

...Tsai Subject: Ethics of offshoring Date: 05/23/2011 Critical issued of the appropriateness of conducting clinical trials in emerging countries has arisen over years. Being a leading company in biopharmaceutical industry, Novo Nordisk faces the critiques of whether it is justice to offshoring their clinical trials in developing economies. With the consistency of ethical principles brought up by Novo Nordisk, the company would be able to move their trials into emerging economies with the best interest for stakeholders. I will also propose ideas to Mr, Dejgaard for possible approach to media as well as the practices that Novo Nordisk could have changed over time at the end. Conducting Clinical Trials in Emerging Economies With Utilitarian approach, every party has different perspectives in the outcome of an action. In this case, we have shareholders, employees, customers, supply chain, government and local communities, with secondary stakeholders of media, special interest groups and NGOs. For customers, government and local communities, they emphasize more on the proof of efficacy and safety of medical products. While shareholders, employees, supply chain care more of the profitability as a whole in general. As a result, Novo Nordisk will be better off maximizing its profits while holding their ethical justice for conducting clinical trials in emerging countries. Economic Aspect As the Nobel prize winner, Milton Friedman pointed out that making profit will be the first priority...

Words: 919 - Pages: 4

Premium Essay

Flat

...Internal audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.[1] Internal auditing is a catalyst for improving an organization's governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. The scope of internal auditing within an organization is broad and may involve topics such as an organization's governance, risk management and management controls over: efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting, and compliance with laws and regulations. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish...

Words: 3415 - Pages: 14

Premium Essay

Auditing

...Audit and Assurance Services Chapter 1 1 Learning Objectives 1. What is auditing?  Distinguish between auditing and accounting.  Importance of auditing in reducing information risk. 2. Distinguish audit services from other assurance and non-assurance services provided by CPAs. 3. Three main types of audits. 4. How to become a CPA?  Identify the primary types of auditors. 2  What is auditing? Evaluating 3 Nature of Auditing Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and established criteria. Auditing should be done by a competent, independent person. 4 Audit Reporting -- (Expressing Opinions) The final stage in the auditing process is preparing the Audit Report, which is the communication of the auditor’s findings to users. 5 Information and Established Criteria To do an audit, there must be information in a verifiable form and some standards (criteria) by which the auditor can evaluate the information. 6 Accumulating Evidence and Evaluating Evidence Evidence is any information used by the auditor to determine whether the information being audited is stated in accordance with the established criteria. Transaction data Client inquiry Written and electronic Communications with outsiders Observations 7 Competent, Independent Person The auditor must be qualified...

Words: 2208 - Pages: 9

Premium Essay

Business & Economy Related Topics

...Determinants Of Audit Fees: Empirical Evidence From Emerging Economy Kamal Naser* Hamed Abdullhameed** & Rana Nuseibeh*** Abstract This study investigates the structure of audit fees in an emerging economy, Jordan. Data were collected from a sample of companies listed on the Amman Stock Exchange that forms 90% of the total population and fairly presents all industrial sectors within the economy. Consistent with previous research, the results of the analysis revealed that corporate size, status of the audit firm, industry type, degree of corporate complexity and risk are the main determinants of audit fees in the Jordanian environment. Unlike previous studies, however, variables such as corporate profitability, corporate accounting year-end and time lag between year-end and the audit report date appeared to be insignificant determinants of audit fees in the sampled companies. Key Words: * Audit fees, Emerging Economy, Jordan. S S cientific Journal of Administrative Development Vol.5 I.A.D. 2007 Dean College of Business Administration, Al-Ain University of Science and Technology, UAE. ** Freelance Financial Analyst, Jordan. *** Link Officer, National Health Service (NHS), UK. 84 Determinants Of Audit Fees: Empirical Evidence From Emerging Economy Introduction Although a number of studies have provided empirical evidence on the relationship between audit fees and the attributes of audited companies, most have tended to focus on developed economies...

Words: 8901 - Pages: 36

Premium Essay

Financial Statement Analysis

...role of each of the following in the Formation of Accounting Principles? * AICPA * FASB * SEC Ans: * AICPA: American Institute of Certified Public Accountant: The American Institute of Certified Public Accountants (AICPA) is the national professional organization for Certified Public Accountants (CPAs) in the United States.  Founded in 1887, the American Institute of Certified Public Accountants (AICPA) is the national professional organization of Certified Public Accountants (CPAs) in the United States, with more than 394,000 members in 128 countries in business and industry, public practice, government, education, student affiliates and international associates. It sets ethical standards for the profession and U.S. auditing standards for audits of private companies, non-profit organizations, federal, state and local governments. It also develops and grades the Uniform CPA Examination. The AICPA maintains offices in New York City; Washington, DC; Durham, NC; and Ewing, NJ.The AICPA celebrated the 125th anniversary of its founding in 2012. The AICPA’s founding established accountancy as a profession distinguished by rigorous educational requirements, high professional standards, a strict code of professional ethics, and a commitment to serving the public interest. The AICPA’s mission is to provide members with the resources, information and leadership that enable them to provide valuable services in the highest professional manner to benefit the public,...

Words: 1851 - Pages: 8

Premium Essay

Management

... . . . . . . . . . . . . . 8 Governance & Oversight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 . . 2 3 Introduction In order to deliver value to our consumers, patients, caregivers, employees, communities and shareholders, we at Johnson & Johnson (J&J) must understand and manage the risks faced across our entire organization. Risks are inherent in our business activities and can relate to strategic threats, operational issues, compliance with laws, and reporting obligations. This document provides an overview of our enterprise-wide approach to risk management (the “J&J Enterprise Risk Management Framework”) and illustrates examples of how this approach is implemented within the organization. The purpose of the J&J Enterprise Risk Management Framework is to describe  Categorization of risk  The common framework used to identify and manage potential events that may...

Words: 3109 - Pages: 13

Premium Essay

Pcoab Review of Pwc

...The P.C.A.O.B. review of PwC The Sarbanes-Oxley Act On July 30th, 2002 the 107th Congress of the United States enacted public law 107-204, better known as the Sarbanes-Oxley act. This congressional action was in response to many unscrupulous acts by major corporations which caused investors to lose confidence in the capital markets. The major issues were caused by three main organizations, Enron, WorldCo, and Tyco. Enron, did not accurately record their debt obligations. They also recorded gains on internal sales amongst subsidiaries effectively overstating profits. WorldCom capitalized expenses that violated the Generally Accepted Accoutnign principles skewing creating inflated profits. Tyco’s fraud included providing unapproved loans to executives and then subsequently forgiving these debts without approval from the Board of Directors. The PCAOB Prior to the the enactment of the Sarbanes –Oxley Act the accoutning profession was operating in an era of self-governance. The audit standards had been set by the AICPA. Title I of the Satrbanes-Oxley Act established the Public Company Accounting Oversight Board. The PCAOB was created to “to oversee the audit of public companies that are subject to the securities laws, and related matters, in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports for companies the securities of which are sold to, and held by and for, public investors...

Words: 1700 - Pages: 7

Premium Essay

The Role and Function of Pcaob and as 5

...Oversight Board (PCAOB) and Auditing Standard 5 (AS 5). Due to the increased demand for oversight in auditing standards, this paper also examines the impact of Sarbanes-Oxley (SOX) and the reasons for the creation of the PCAOB, as well as the implementation of the rules and regulations. Additionally, this paper examines the impact of AS 5. Keywords: audit, AS 5, financial statements, PCAOB, SEC, SOX Table of Contents Introduction ………….……………………………………………………..……………………4 Scandals ...…..……………………………………...……………………………………………4 PCAOB Mission and Vision …………………… ……………………………………………….5 Structure ………………………….……………..……………………………………………5, 6 PCAOB's Objective….…….……..…………………………………………………………….6, 7 Duties ………………………….…..………………………………………………….……… 7, 8 Standard Setting………..………………………………………………………………..……..…8 Inspection ………………………………………………………………………………………..8 Enforcement…………..………………………………………………………………..……...8, 9 AS5 .…………………….…………………………………………………...…………….…9, 10 Conclusion………………………………………………………………………….....……. 10 References …………………………………………………………………………………….. 11 History of PCAOB …………………………………………………………………… 13-19 Introduction Sarbanes-Oxley (SOX) was passed in 2002 and as a result brought numerous changes to auditing. The Sarbanes-Oxley was passed in direct response to business failures, allegations of corporate improprieties and financial statement restatements. Prior to the SOX passage, auditors used a risk-based approach to perform audits of a company's internal controls. The auditors would...

Words: 4474 - Pages: 18