The internal audit profession has long called upon itself to add value to the organizations it serves. It’s not just about performing audits, testing controls and issuing reports. Internal audit is expected to use its unique position within the organization to take the collection of individual pieces and parts and build a comprehensive view of the company and provide valuable guidance on the strengths, weaknesses, threats and opportunities that the organization must navigate in order to succeed.
In most of our conversations, we’re hearing that there is some kind of system in place, but it’s not adequate. Ranging from Excel, Sharepoint, point solutions or older deployments of other technologies, we’ve been hearing over and over “it’s difficult to keep up,” “everyone manages their information in their own ways,” and “we really struggle to pull everything together for the reports we want.”
I recently had the pleasure of co-authoring an E-Book with GRC consultant and “process whisperer” Dan Plato. Dan was one of our most dynamic speakers at Onspring Connect 2017 with his presentation on solution design best practices. We’ve packaged up those best practices, along with a set of templates and samples, into a guide that’s available free on our website.
When it comes to regulations, industry standards and supporting controls, the only constant is change. Most organization have smart people and defined processes for managing change, but tracking the changes themselves—knowing what they are and how they impact the business—can be a massive headache.
We know from reporting on the Equifax data breach that names, social security numbers, email addresses, and physical addresses were taken. This confirmation of the email in the wild should be considered a terrifying confirmation that the rest is also out there, or may be soon.
There is clearly a popular fascination with exploring the “Whatif” concept to varying degrees. I thought it would be interesting to take a similar approach with a concept that is regularly explored in this space: Internal Audit. More specifically, I was interested to explore the following question: What if Internal Audit didn’t exist?
My wife and I recently purchased a new “old” home, meaning it was one that would need some work. Our goal was to complete as much of this work as possible before move-in day, so getting the right contractors in place as quickly as possible was a must. I couldn’t help but picture Tom Hanks and Shelley Long in the movie The Money Pit (one of my favorites) and think, “Is this us? What are we getting ourselves into? Will our house really be ready in two weeks?” (That’s a joke.)