TOPICS >> PCAOB | Encryption | GRC | PCI DSS | Internal Audits | Data Loss Prevention | Sarbanes-Oxley
Four keen IA observations
Compliance Week had some interesting observations--all of which are conversation starters--about internal auditing, and where it's headed.
First of all, most practitioners draw a division between what they do and risk management. Do not assume they are synonymous. Better to think of the internal auditors as people who can help risk managers do their job.
Second, boards and audit committees have gotten religious when it comes to risk management--which is great news.
Third, internal auditors aren't clear on what to do about certain risks. It can be very hard to "translate that risk into an auditable event."
And fourth, there are those who feel that internal auditors may be facing a conflict of interest if they were to help management and the board shape a risk management policy and then conduct the audit. It would be too easy to get the auditors "invested" in the success of the program by working with powerful directors, for example. Better to maintain some distinction.
For more:
- here's the article
Related Articles:
Internal auditors vs. info security: Still an issue?
Big battle: Security managers vs. auditors?
The downside of auditor independence
Comments
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |