IIA Nigeria November 5, 2019 No Comments

Big Data and the Internal Auditor

Big data and analytics are widely predicted to transform the way internal audits are conducted, especially in the areas of risk assessment. For instance, analytics enable the access to the entire database and mining the data to obtain key elements. This allows deeper and more relevant insights, making it easier for them as professionals to focus on the main areas of concern, and to point out the high-risk areas with strong evidence.

By integrating analytics into internal auditing, internal auditors are now expected to deliver more enhanced quality and coverage, as well as provide more business value to their organisation. The managements and stakeholders seek improvements in business analytics and quality of data for better forecasting and decision-making. This actually helps to create more opportunities for internal auditors because they can now perform with greater assurance.

Every day, organizations are introducing creative and innovative ways to use big data. Practical applications of big data can be found in retail, public, private and nonprofit organizations, for example.

Analyzing data to create business value is not a new concept; however, it is becoming increasingly important to interpret data more quickly and base business decisions on the resulting insights. Organizations that effectively acquire and leverage big data are able to capitalize more quickly on emerging business trends, shifts in customer demands, and operational efficiency opportunities. This ultimately enhances the opportunity to improve customer satisfaction and maximize the organization’s success.

As big data programs are implemented and modified over time, internal auditors should remain engaged and monitor these efforts, in accordance with Standard 2010 – Planning and Standard 2030 – Resource Management. In doing so, internal auditors must maintain requisite knowledge and skills, and dynamically alter their risk assessment and audit coverage model to account for any changes (see Standard 1210 – Proficiency).

Big data is evolving rapidly and will continue to present risks and opportunities for organizations and internal auditors for the foreseeable future.

 

Shared by;

IIA Nigeria Media/IT Coordinator

 

________________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For CIA preparatory Class?

IIA Nigeria October 15, 2019 No Comments

Internal Auditor and Risk Managements in an Emerging Technology

Internal audit cannot avoid thinking about and planning for emerging technology such as blockchain; that technology is real and its coming full steam ahead which is something we all need to take seriously as professionals. The biggest questions are how to get educated about blockchain, how to identify and assess risk, and how to know if process controls in this new blockchain world are designed effectively and efficiently.

If your organization intends to manage some or all its business on blockchain, then it’s no longer just the IT auditors’ scope, internal auditors needs to understand the risks and controls in keeping financial transactions in the blockchain – for financial auditors, operational auditors need to understand how blockchain replaces parts of workflow and process and the IT auditors need to understand the security and API frameworks that accompany blockchain.

We are also moving toward more real-time auditing and continuous monitoring of the business, which requires implementing strong data analytics programs. While you are at it, figure out how to audit artificial intelligence, robotics process automation, and blockchain. Then when you figure that out, start using those technologies to make your team better, smarter, faster.

 

 

 

 

In this evolving environment, it is more important than ever for the key players in the auditing ecosystem —auditors, audit committees, and management—to have a strong grasp of roles and responsibilities. As the use of emerging technologies in the reporting process increases, it becomes less likely auditors can design traditional substantive tests (e.g., test of details or substantive analytical procedures) that, by themselves, would provide sufficient appropriate audit evidence that respond to identified assertion-level risks.

A core strength of the auditing profession is the assessment of risks and controls. As they address the challenge of assessing technology risk, auditors can and should focus on the following:

  1. Auditors should gain a holistic understanding of changes in the industry and the information technology environment to effectively evaluate management’s process for initiating, processing, and recording transactions and then design appropriate auditing procedures.
  2. Auditors, as appropriate, should consider risks resulting from the implementation of new technologies and how those risks may differ from those that arise from more traditional, legacy systems.
  3. Auditors should consider whether specialized skills are necessary to determine the impact of new technologies and to assist in the risk assessment and understanding of the design, implementation, and operating effectiveness of controls.

In conclusion,while emerging technologies can bring about great opportunities and efficiencies for a business, they also bring with them new challenges. An understanding of these emerging technologies and an awareness of the benefits and risks they present to financial reporting is essential for auditors, management, and audit committees to discharge their respective responsibilities.

 

Shared by IIA Nigeria Media/IT Coordinator.

________________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For CIA preparatory Class?

IIA Nigeria September 10, 2019 No Comments

Educating clients and stakeholders about internal audit’s roles and objectives in risk management

Everyone agrees that internal audit has an important part to play in risk management, but just where to draw the line is always a controversial topic. Some think internal audit should play a lead role in risk management, setting the risk management agenda and advising management on risk issues. Others take a more purist position, stating that internal audit should only be there to audit the risk management function.

 It’s not surprising. There are widely divergent views on the job of internal audit in general. As an internal auditor, clients and stakeholders are often ask what they believe to be their role. The answers tend to vary widely depending on the maturity level of the client’s internal controls environment. Some see internal audit mainly as the function in charge of Sarbanes-Oxley (SOX) compliance, while others say that it is to uncover fraud or malfeasance. The one common reply, however, that internal auditors are the “controls experts,” rarely changes. 

 If stakeholders have a narrow and incorrect idea of the problems we solve as internal auditors, what are we doing collectively to change that perception? This well-known quote by psychologist Abraham Maslow illustrates how easy it can be to incorrectly define a problem: “If the only tool you have is a hammer, then every problem looks like a nail.” If stakeholders view internal auditors as only “control experts,” then I can correctly rephrase Maslow’s quote to say: “If our only tools as internal auditors are controls, then every problem looks like a potential risk.”

 If we want to think more broadly and completely about the role of internal audit in risk management, we need to think beyond controls.

 

 

 Internal auditors simply must have a strong understanding of the macro and micro risks impacting their respective organizations. Given the increasing threats and dynamic nature of risks confronting many organizations, an inflexible or static “annual audit plan” approach might not provide the responsiveness needed for internal audit to quickly change course and address evolving risks. The use of Risk and Control Self-Assessments (RCSA’s) in theory seems a practical approach. However, the output from using RCSA’s and the skills of the risks’ owners might highlight inefficiencies in identifying and mitigating evolving risks.

 

 Consistent failures stemming from poor tone-at-the-top, sub-culture clashes across different LOB’s within an organization, lack of skills to identify and mitigate key risks, and inability to implement continuous monitoring and oversight of key functions are a few examples that could expose an organization to significant risks. Internal audit will see these dynamics at varying levels in the course of executing our missions. Failures to accept the reality and risks associated with these problems can be directly linked with the inability of the internal audit function to navigate volatile risks environments to create value.

 

_______________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For conference ?

 

 

For CIA preparatory Class?

 

IIA Nigeria September 4, 2019 No Comments

THE CHANGING RELATIONSHIP BETWEEN AUDIT COMMITTEES AND CHIEF AUDIT EXECUTIVES

AUDIT COMMITTEE

Audit committee is one of the major operating committees of a company’s board of directors that is in charge of overseeing every aspect of internal process ,reporting and disclosure.

THE ROLES OF THE AUDIT COMMITTEES

  • The Audit Committee helps to maintain a good communication with the company’ CFO (Chief Financial Official and Controller.
  • The committee can also initiate special investigations in cases where it is determined that accounting practices are problematic or suspect issues arising with employees.
  • The oversight of financial reporting, the monitoring of accounting policies
  • The oversight of any external auditors, regulatory compliance and the discussion of risk management policies with the management.

CHIEF AUDIT EXECUTIVE

Chief Audit Executive, director of audit, director of internal audit, auditor general, or controller general is a high level independent corporate executive with overall responsibility for internal audit. The CAE reports  to the board of board of directors with administrative reporting to the CEO.

THE ROLE OF THE CHIEF AUDIT EXECUTIVE

  • To constitute a third level of control in the organization, which must be independent from the first level control

Note: The first level layer belongs to the management of the organization who is responsible in the first instance for acting in compliance with the organization’s rule and consecutively second level which are the supporting units that is HR, Risk function, financial control, etc.

Engaging with the audit committee is not the same as engaging with other members of the senior management. Fortunately, the profession has come a long way in the past two decades when it comes to reporting relationships; a recent IIA Global Pulse of Internal Audit survey shows that nearly 75 percent of internal audit leader’s worldwide report functionally to a board or its audit committee. From experience, management typically becomes comfortable with internal audit’s dual reporting relationship. Strong audit committees embrace their oversight of internal audit, and management understands that. In the vast majority of organizations, the CEO and other C-suite executives would not interfere with internal audit’s access or reporting relationship with the audit committee. However, this still may create tension as some CAEs feel smothered by their CEO or CFO when it comes to the audit committee relationship and as such report that the CEO wants to review and approve every communication with the audit committee, they also lament that their CEO may frown upon or prohibit communication with the CAE and the audit committee chairman.

This is a complicated dilemma, while it is clearly inappropriate for management to obsessively filter the CAE’s communications with the audit committee; the CAE again is caught between a rock and hard place. Audit committee chairs has to be firm in communicating their expectations on internal audit access, and be the one who initiate contact with the CAE if they believe the management is impeding communication. CAEs have to build productive relationships within their organizations so they are surrounded by advocates and champions for the work of internal audit. CAEs should also try to build a network of peers with whom they can share their frustrations and seek advice. It is never easy to walk alone.

 

________________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For conference ?

 

 

For CIA preparatory Class?

 

IIA Nigeria August 22, 2019 No Comments

IT SECURITY VULNERABILITY

In 2018, so many companies had data breaches that compromised the personal information of millions of people around the world. I’d recount the ordeal of Facebook.

Facebook dealt with a slew of major breach and incidents that affected more than 100million users of the popular social network, 29 million was lost, highly sensitive data, including locations, contact details, relationship status, recent searches and devices used to log in were affected. It happened from July2017 – September 2018, the most interesting part was that this vulnerability was not known to Facebook until September 2018 when the spotted a spike in unusual activity. That is to say that this vulnerability ran for a period of 13 months without the knowledge of Facebook, in other words the hackers did have a feel of user data for a long time and need I to sure that Facebook wasn’t even sure when this attack started.

Vulnerability is the weaknesses in a computer system, in a set of procedures, or in anything that leaves information exposed or simply put It is a cyber security term that refers to a flaw in a system that can leave it open for attacks.

IT Security refers to securing digital data through computer network security.

Causes of IT Security Vulnerability.

  • Exposure
  • Missing data encryption
  • OS command injection
  • Download of codes without thorough check
  • Weak passwords
  • Ignorance
  • Using an already infected software

Protecting client’s data is an integral part of business for any auditing firm or any organization.

Firstly, users should be blocked from visiting confirmed unsafe sites, stay on top of bandwidth range with alerts when devices exceed thresholds. Another way is to filter internet activity by day, category and URL to reveal trends, spikes and irregularities. Try to complete with detailed reporting tools to let you analyze browsing activity and demonstrate the effectiveness of web security. Identify risk with IIA, Nigeria to help you find it wherever it may be hiding.

Role of IA (Internal Audit) to helping organizations

  • They should understand and be aware of the data security threats that loom over organizations.
  • They should help identify the vulnerabilities.
  • They should examine if all the required security precautions have been taken.
  • They should constantly network with industry counterparts to keep abreast of emerging threats.
  • They are also to help to see that cyber security regulations are being met

Internal audit is a pivotal ally which must join forces with IT to build a truly robust cyber security strategy that focuses on anticipating and mitigating risks and building organizational resilience. As vast as cyber threats are growing, cyber security has also become a more serious and relevant topic for system owners than ever before. The world is entering an era when attackers are trying to find a way to disrupt industries and critical infrastructure, attacks are heard every single day, you can stay on top of your game by having the best tools for intrusion detection network monitoring but without people, they can’t do much. People make decisions on how to respond to these threats and assess these vulnerabilities to choose which one to make priority for remediation

IIA, Nigeria is available to provide all the training you need for an efficient and effective IT Security

 

________________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For conference ?

 

 

For CIA preparatory Class?

IIA Nigeria August 5, 2019 No Comments

CYBER THREATS(CYBER INTELLIGENCE) – contributing insights for Internal Auditors

 

Cyber threats are a malicious act that seeks to damage data, steal data and disrupt digital life. Threats like computer viruses, data breaches and denial of service disrupts computer network and paralyze systems making data unavailable. Cyber threats attackers are always after financial gain, disruption and espionage, cyber threats are not static because millions are being created every year.

Cyber/threats are in five categories:

Physical/Digital attacks which is the loss of life or damage of infrastructure. Psychological attacks points to the individuals being left depressed, embarrassed or confused. Economically, there will be a fall in stock price, regulatory fines and reduction of profits. Reputationally, there’s a loss of key staff, damaged relationship with customers and intense media scrutiny. Socially, it stands the risk of disruption of daily life such as impact on key services and a negative perception of technology.

Internal auditors have a role to play in ensuring that advanced cyber threats stays in check to avoid damages. They will ensure the effectiveness of the response actions on IT risk, they will leverage relationships with the audit committee to heighten awareness and knowledge of cyber threats and ensure that they remain aware of the changing nature of cyber threats. Internal audit provides a holistic approach to where an organization may be vulnerable, it is crucial to provide assurance services for all areas of an organization.

 

 

 

Conclusively, internal audits may provide the most value by contributing insights from its extensive scope of work but preparedness assumes the survival of a cyber attack. It serves no purpose if the organization does not evolve and improve the strategies to be better prepared for any type of attack. Cyber threat increase should make organizations see the need to train their employees to know the implications of a security breach and give clear guidance on how to respond to one when it eventually comes since it is inevitable. In cyber intelligence, education is power therefore the need to be educated on the importance of staying free from cyber threats is the great job of IIA, Nigeria, we protect everything.

 

Source :

Media/IT Unit 

IIA Nigeria

 

_________________________

 

IIA Nigeria July 25, 2019 No Comments

STRENGTHENING INTERNAL AUDITS IMPACT AND INFLUENCE

Internal audits performance can be enhanced for both operations and compliance, to strengthen their impact, we look at The Process (How), The Product (What) and The System (Where).

The Process type of audit helps to know that processes are working within established limits. It helps to evaluate a method against predetermined instructions or, standards to measure the conformance to these standards as well as the effectiveness of the instructions.


The Product type of audit is the examination of a particular product or service such as hardware, processed materials or software to evaluate whether it conforms to customers’ requirements. The Big 4(Deloitte, EY, KPMG, PWC) in conjunction with IIA, Nigeria has been able to help in strengthening internal audit’s impact and influence in all organizations.

The System type of audit explains the conduct on the management system.

It is a documented activity performed to verify by evaluation and examination of objective evidence that applicable elements of the system are appropriate and effective and have been developed, documented and implemented in accordance with specified requirements or as part of the IPPF global internal audit framework.
Internal audit has a critical role to play as the third line of defence in risk management and helping organizations in the ongoing battle of managing cyber threats, providing an independent assessment of existing and needed controls and helping the audit committee and board to understand and address the diverse risk of the digital world. And, until we realise the role that internal audit is playing and pay full attention to it, internal audits impact and influence won’t be felt much and as such cannot be strengthened.

 

Internal audits performance can only be heightened or strengthened if they adopt analytics, contemporize reporting, enhance skills and capabilities and try to increase personal impact for all operations and compliance.

 

________________________________________________________

Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership

 |      

 

 

For conference 

 

 

IIA Nigeria June 28, 2019 No Comments

The State of the Internal Audit Profession in Africa

 

 

In 2015, The Institute of Internal Auditors (IIA) launched an African Development Plan designed to build capacity of the internal audit profession across Africa. As the global leader of the internal audit profession, The IIA’s intent is to elevate the profession on the continent to meet or exceed the expectations of the profession’s key stakeholders.

 In conjunction with the World Bank, The IIA released The State of the Internal Audit Profession in Africa (Phase I), which assesses the factors that contribute to the current status of the internal audit profession across 11 countries in Africa, including Nigeria. The valuable insights gleaned from extensive in-person interviews and research outlined in the report helped to identify several areas of focus to build capacity of the profession in the region. 

The analysis of the situation in Africa found there is a greater need for effective internal audit in the public and private sectors, awareness of the internal audit and its contribution to governance is limited, and training resources are inadequate. 

Kindly review the entire report and also share with your stakeholders by using any of the links below to download the report.

 

Download the report for a comprehensive review of the profession by country.

OR

www.theiia.org/StateofIAAfrica.

OR

https://global.theiia.org/knowledge/Public%20Documents/State-of-the-Internal-Audit-Profession-in-Africa.pdf

 

Regards,

 

Humphrey Okorie

CEO, IIA Nigeria