Internal Audit

The Institute of Internal Auditors (IIA) defines Internal Audit as “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” The first sentence of this definition uses a number of crucial words to emphasize what we do and more importantly what we do for you. The second sentence defines how we do it.

Read Post An Introduction to Internal Audit

Internal Auditors whose work purports to comply with the Institute of Internal Auditors’ (IIA, Institute) International Standards for the Professional Practice of Internal Auditing (Standards) are also required to comply with the Institute’s Code of Ethics (Code). These documents, the Standards and the Code, require that internal auditors be independent and objective in performing their work. Independence and objectivity is required of the internal audit activity as a whole and of each individual auditor.

Read Post Independence and Objectivity

What is Risk? We all know the answer to this intuitively. Your mother, like mine, probably formed your first understanding of risk, with statements such as “Don’t run with scissors. You’ll put your eye out!” or “Put your coat on before you go outside. You’ll catch your death of cold!” She was concerned about risk to your health and well-being. As we grew, risk became applicable to other areas of life. “You break it, you bought it,” reads the sign in the store. “This was an accident that did not have to happen!” says your Dad after your first fender bender from driving too fast or too carelessly. Now, risky behavior is costing someone money, possibly you. As we get older and life becomes more complex, so does risk and all of its implications.

Read Post An Introduction to Risk

Ask a manager at most companies, public or private, if they have a Disaster Recovery plan and you might hear a response such as "Yes, our IT folks back up our servers on a regular basis." Another common response might be "Our business isn’t big enough to need one of those? Besides we have insurance to cover our losses.” These and many others like them are bad answers.

Read Post Disaster Recovery / Continuity of Operations - First in a Series