• Blog

Thinking Like an Auditor

  • Our goal is to bring you the latest audit and controls industry related content that's essential to all audit and compliance departments regardless of your team size or chosen software solutions. We want to share the best practices and insights that come from our unique global position with everyone in the audit and compliance community.

    Future-Proof Audit Solutions

    June 21, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Technology changes faster than most of us can react. Even for the most responsive audit departments, it is very difficult to keep up with all of the changes that are available to us. As auditors, we depend on three key pieces of technology including audit management software, data analytics, and reporting tools. Over the years, these three tools have gone through huge changes, so how do you keep up with the pace of technology?

    Continue Reading...

    Analytics – Aggregating Spend by Matching Records that Don’t Match

    May 1, 2018 | By Lyle Jacon, BBA, MBA

    My job is to talk to auditors about using data analytics software every day. Many are working on their audit analytics programs and most have issues with data preparation before even conducting audit analytics.

    Continue Reading...

    Combined Assurance Led by Internal Audit

    April 5, 2018 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    We’ve been talking about internal audit as a trusted advisor for a few years now. Many departments have excelled in increasing the presence of internal audit in their organizations by taking on a risk and control advisory role, while maintaining independence, to deepen the trust in the auditors as risk and control experts. It’s time for us to evolve beyond trusted advisor to relevant partner.

    Continue Reading...

    The Opportunity for Internal Audit Teams in Activity Based Working

    March 1, 2018| By Sio Naidoo, B.Compt, MPA-MBA, PMIIA, CIA

    Globally, organizations are responding to changes in global trends in the workforce, the impact of new and innovative technologies by exploring new ways employees work and interact. This is also driven by organizations’ need to reduce costs and manage risks in new and innovative ways – management is realizing that work is what you do and not where you go.

    Continue Reading...

    Why Auditors Clash with Management

    February 15, 2018| By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The audit is over, it’s time for the closing meeting, and the battle lines have been drawn. In the tension filled moments before the meeting begins, audit stands resolute, ready to argue with management, armed with the fully supported, cross-referenced audit report.

    Continue Reading...

    Audit Analytics – Understanding Your Data

    January 31, 2018 | By Lyle Jacon, BBA, MBA

    As part of your Standard Operating Procedures or best practices, we suggest you start every audit with testing five key areas to get a better understanding of the data you’ve received.

    Continue Reading...

    The Value of Assurance Mapping

    October 20, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    As we look for ways to provide relevant risk information to the audit committee and adopt a combined assurance approach, a valuable way we can highlight the current state of our organizational risk profile is with a risk coverage map.

    Continue Reading...

    Agile Auditing: Rethinking the Audit Plan

    July 11, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Every year, most audit departments dust off the previous year’s risk assessment as a starting point for the upcoming year. With some variations, we all do basically the same thing. Update the audit universe, engage with management to discuss the risks in their areas, score and rank the audit universe, and then pick areas to add to the plan. We then present the plan to the audit committee, and commit to getting it all done in the next year. Some departments will proactively revisit the audit plan each quarter, but we rarely deviate from the audit plan we presented.

    Continue Reading...

    10 Steps to Solving Market Problems in Internal Audit

    May 19, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    I recently spoke with an auditor who was lamenting about his organization hiring a team of consultants to evaluate how well a business unit was addressing process changes needed to better solve a set of client problems. He thought internal audit should have been tasked with this work.

    Continue Reading...

    Audit Analytics: Is Sampling Enough for Internal Controls Testing?

    April 21, 2017 | By Stefan Davis MEng, MBA

    Virtually every auditor, whether internal or external, has to test the effectiveness of internal control procedures. For an external auditor, internal controls effectiveness testing allows you to have comfort over an assertion without needing to test substantively. For an internal auditor, a significant part of their role is providing assurance to management .

    Continue Reading...

    The Importance of Good User Interface Design

    April 4, 2017 | By Colleen Knuff, CPA, CIA, CISA, CRMA

    Like so many internal auditors, my career started in internal audit with columnar paper and red/ green pencils as the basis of how to record my work. I took great pride in the neat and tidy appearance of my writing, page referencing and tickmark placement. Even twenty years ago, user interface mattered to me.

    Continue Reading...

    Continued Education – the Value of Staying Relevant

    February 21, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    We made it to another year and memories of December are already fading. The end of the year is a special time in audit departments. Most departments are trying to wrap up their annual audit plan, put together a draft of the January audit committee report, some are thinking about holiday parties, and everyone with a certification is trying to figure out how they are going to get enough Continuing Professional Education hours (CPEs) to meet year-end reporting deadlines.

    Continue Reading...

    #UnderstandingSocialMediaRisk – Beware of Rogue Posters

    February 7, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Identifying and assessing risk is the basis of most of the work done in internal audit, but it is getting harder to keep up with the most relevant risks. In today’s environment, new risks are introduced faster than we can react, and both the emerging and established risks are always changing. Often the most complicated risk to understand and evaluate is reputational risk, and one of the most volatile aspects of reputational risk comes from social media.

    Continue Reading...

    Share Your Toys :Leveraging Audit Technology across the Three Lines of Defense

    January 18, 2017 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal auditors have traditionally led the charge in risk assessment and control monitoring and testing techniques. We have excelled in adopting new technology designed to improve our testing effectiveness and efficiency. It’s time for us to share our tools with other risk and control functions in our organizations.

    Continue Reading...

    The Holidays – A Time for Giving – or Taking?

    December 15, 2016 | By Stefan Davis MEng, MBA

    During the holidays, many people take the opportunity to share their time and talents with others. Unfortunately, some people see the holidays as a perfect opportunity to take advantage of others. In any organization, the holiday season could bring numerous additional fraud risks and fraud indicators that businesses and their auditors should bear in mind.

    Continue Reading...

    Auditing Culture Part 3: Unique Challenges

    November 29, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In the previous installments on this topic, we defined culture for the purpose of understanding the nature of the audit, and we discussed applying a red flag approach as a methodology to performing the audit. In this third installment, we will discuss a few unique challenges presented by auditing culture.

    Continue Reading...

    Auditing Culture Part 2: Where to Begin

    November 16, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. In our first installment on this topic, we defined the term culture for the purpose of performing an audit. With an understanding of culture in place, we can discuss an approach to performing the audit.

    Continue Reading...

    Auditing Culture Part 1: Defining Culture

    October 31, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Institute of Internal Auditors (The IIA) has recently highlighted the need for auditors to assess organizational culture, but there is very little guidance on how to accomplish the task. At first glance, culture may seem like just another risk factor to consider in a governance audit.

    Continue Reading...

    Top 3 Concerns When Choosing a Cloud Vendor

    August 19, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent article in CNN’s Money, there was a discussion about IBM shifting its corporate strategy away from hardware in favor of cloud computing services.

    Continue Reading...

    A Lesson on the Nature of Control

    July 8, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    On July 4th, a day when all service professionals are on vacation, my refrigerator stopped working. My wife and I ran to a store to buy a mini fridge and crammed all of the food for a family of four into an appliance meant for a dorm room...

    Continue Reading...

    5 Critical Steps to Applying Data Analytics

    June 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Toby DeRoche looks at the five critical steps to applying data analytics and understanding and overcoming the challenges.

    Continue Reading...

    Demystifying Data Analytics

    May 30, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Despite the fact that data analytics has been part of the audit conversation for almost 30 years, most audit departments are still struggling with implementing an effective data analytics strategy. The two main contributing factors causing this problem are software and culture. To help everyone understand this issue and how we can all be part of the solution, let’s look at this as if it were an issue in an audit report.

    Continue Reading...

    Internal Audit and EH&S – A Natural Partnership

    April 7, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Often when we discuss the duties of various groups within an organization, there are clear, distinct functions. For example, there are distinct differences between accounting and operations. Even within departments, there are discreet boundaries between accounts payable and accounts receivable teams. Under the umbrella of corporate governance, however, we find overlapping responsibilities.Given the level of risk inherent to corporate governance, we can argue that the overlap is by design.

    Continue Reading...

    The Millennial Evolution

    March 1, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    The Millennial generation is now firmly embedded in the workplace, including in internal audit and compliance departments. A recent Deloitte Millennial Survey predicts that “Millennials, who are already emerging as leaders in technology and other industries, will comprise 75 percent of the global workforce by 2025”. From a management perspective, we need to blend the realities of the work we do with the sociable, optimistic, collaborative, tech savvy, and achievement oriented Millennial staff.

    Continue Reading...

    GRC & Audit-The Right Tool for the Right Job

    January 22, 2016 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    In a recent blog posting, The Audit Department's Unseen Risks, we discussed the problem of overreliance on Microsoft Office, specifically Word and Excel, for performing audit and compliance work. With these applications, we find that the tools are not complex enough for our needs. EVERY AUDIT AND COMPLIANCE DEPARTMENT’S NEEDS ARE COMPLEX, AND YOU NEED COMPLEX TOOLS DESIGNED FOR THE JOB. As an audit or compliance professional, what type of software do you really need? At what point does your software solution go from being complex to simply confusing?

    Continue Reading...

    Presentations that Impress Your Audit Committee

    December 1, 2015 | By Toby DeRoche MBA, CIA, CCSA, CRMA, CICA

    Internal Audit departments have a unique position within an organization. Audit is one of the only groups in any organization with direct access to the board, and in particular to the audit committee. A good internal audit department is one that can effectively work with the audit committee as a partner in enterprise governance. A world-class internal audit department goes much further. As a best practice the audit committee should be educated on the state of the organization and the work performed by audit. The Institute of Internal Auditors (The IIA)1 even states that “the critical connection between audit committee effectiveness and internal auditing mandates that committee members maintain an in-depth understanding of internal audit best practices and how their internal audit activity is functioning”.

    Continue Reading...

    The Holy Grail of Internal Audit

    August 13, 2015 | by: Brad Zolkoske

    With risk continually at the forefront of the profession, having been incorporated into our authoritative guidance, why is it that I run across so few people who are satisfied with their risk program and the role it plays in the work of internal audit? With effective risk programs remaining elusive I am reminded of King Arthur’s search for the Holy Grail.

    Continue Reading...

    Risk and Control Self-Assessment: Beyond the Survey

    June 17, 2015 | by: Toby DeRoche

    At some point in the last decade, auditors seem to have forgotten a major aspect of the Risk and Control Self-Assessment (RCSA) . Lately, it seems like the RCSA has become only a control focused survey, or even just another word for Internal Control Questionnaires (ICQs). It is true that RCSA's have a survey element, but a true self-assessment can be so much more.

    Continue Reading...

    The Audit Department's Unseen Risk

    May 7, 2015 | by: Toby DeRoche

    Internal Audit Departments around the world have an obligation to inform management about the risks inherent to their organizations, but what about the risks inherent to the audit department itself. The Institute of Internal Auditors (IIA) points out several high level issues commonly identified during the Quality Assurance and Improvement Program.

    Continue Reading...

    The COSO Compliance Struggle

    March 24, 2015 | by: Toby DeRoche

    The deadline for meeting the guidance from the updated 2013 COSO Framework has come and gone, but many organizations are still struggling to understand exactly what they were supposed to do to meet the requirements. Many are not even sure what the requirements really were since there is conflicting information being passed from company to company. Find out what the update entailed, why there are misconceptions, and how to move forward.

    Continue Reading...

    Increasing Internal Audit Effectiveness with Data Analytics

    February 25, 2015 | by: Toby DeRoche

    In the past few years, big data and data analytics have become buzz words in nearly all business settings. Experts estimate that there will be 35 trillion gigabytes of stored data in the world by 2020. Many organizations have been reacting quickly to the big data growth trend by increasing the capacity for reporting on the information and analyzing the data.

    Continue Reading...

    Welcome to the Thinking Like an Auditor Blog

    February 25, 2015

    All audit and compliance professionals are expected to keep up with trends and challenges in our industry. With the all demands on our daily lives, it is hard to find the time to do the research and reading. We have the answer. Welcome to Thinking like an Auditor, the audit and compliance blog sponsored by TeamMate. Our goal with this blog is to bring you the latest audit and controls industry related content

    Continue Reading...

  • View Demo
    Contact Us
    Request More Information