IIA and ISACA pool resources and expertise

At the end of September the IIA and ISACA announced they had reached an agreement to “create a basis for cooperation and collaboration” between the organizations.

The agreement is formalized in a Memo of Understanding that has been signed by both parties. The MoU lists a few areas where this agreement makes cooperation possible:

  • Speaking and exhibiting at each other’s conferences, seminars and events
  • Conducting jointly sponsored events
  • Mutually recognizing, where appropriate, each other’s continuing education programs for continuing education credits to satisfy requisite certification requirements
  • Participating in training and educational programs offered by either association where such collaboration benefits the attendees
  • Encouraging similar cooperation and collaboration among local chapters of ISACA and The IIA (an activity that already thrives in many places throughout the world)
  • Identifying opportunities for joint projects that advance the global internal audit profession and the professional standing of its members
  • Engaging in periodic discussions on matters of public policy that impact the internal auditing profession
  • Where appropriate, coordinating and promoting unified messages and responses to standards setters, regulators, and legislators globally, and providing them with information regarding best professional practices

In order of value to each organization’s members, the top 3 in my mind are:

  1. Joint projects to advance the internal audit profession
  2. To me this is going to have the biggest impact on stakeholders because the combined knowledge and experience in both groups should lead to higher quality standards and improved best practices. Perhaps a combined set of standards down the road?

  3. Recognizing each other’s continuing education
  4. For members of both organizations this is huge. Program content frequently overlaps (e.g. the IIA’s GTAGs) and internal audit departments generally have staff with CIA and CISA designations (as well as CA and CPA, and others), so significant cost savings may be realizable.

  5. Collaborating on continuing education
  6. This could open up each organization’s continuing education programs to the other one’s members, which immediately introduces fresh topics and facilitators to both groups. Synergy here will allow members to broaden their training, and provide an easier transition from one to both certifications.

The agreement should work out to be a win-win-win — for the organizations, members, and stakeholders. What do you think?


Enterprise risk audit planning

Earlier this week I watched a webinar put on by the Audit Director Roundtable, a great resource for internal auditors, titled Enterprise Risk Audit Planning.

If you follow me on Twitter, you might have seen this:

@neilmcintyre: IT problems for Audit Director Roundtable delay the start of the Enterprise Risk Audit Planning webinar

The problem was that the large group attempting to log in to the presentation were jamming the conferencing phone system. It was sorted out within 10 minutes of the scheduled start time. Good problem to have, really.

I was introduced to ADR when I joined the world of internal audit in May 2008 and have been taking advantage of the site’s features ever since, such as case studies, internal control questionnaire (ICQ) templates, audit department benchmarking tools and example audit work plans.

Today’s webinar was valuable to me because it focused on how five companies’ internal audit groups are dealing with the challenge of providing assurance over strategic risk. This is a topic that I have championed in my capacity as an internal auditor, and the companies in the webinar were actually walking the walk.

Some of the highlights:

  • One group enabled management to better identify and assess complete risk information by developing a tool that required them to drill down from higher level risks to their lower level components. What I liked in particular about the tool was that it discouraged the tendency to choose medium likelihood and medium impact (what they called “midpointing” although I’d never heard the term) by making those assessments lead to a “signficant” rating.
  • Another group credited management for its efforts in identifying processes which were well-controlled versus those that were less well-controlled, by tailoring the assurance strategy to the former. Simply the act of identifying a poorly-controlled process would spur management to implement the necessary controls, at which point the process would migrate to the well-controlled side.
  • Yet another group maps the principal risks identified at a high level to each applicable business process to ensure adequate coverage. Internal audit focuses on the processes involved in executing on the strategic priorities, to provide assurance that those risks are well-controlled.

I enjoyed the webinar because it took what can be a challenging theoretical problem and showed examples where leading internal audit groups are concretely addressing the concerns of management over the key risks driving the performance of the business.

How are you implementing practices like these to provide assurance over the risks that primarily drive enterprise value?


Thanks for the memories

Dear readers,

It is with great reluctance that I announce the closing of this blog.

As of this Friday, May 9, 2008, I will leave public accounting to pursue new opportunities in the wide world of industry in internal audit.

I have met a lot of great people within the profession through this blog and it is those connections that I will take with me no matter where I go.

Thank you for your attention and comments – you are what made doing this worthwhile.

Neil McIntyre, CA


Explaining the virtues of testing

One of the most challenging aspects of my job as a public accountant and auditor is explaining to clients why I’d like to do what I need to do.

Frequently you’ll find in your position as the auditor that client employees will enjoy seeing you twist in the wind and will find the most effective way to cause this is to ask you to justify the test you’re performing.

To juniors, this is kryptonite. They won’t be able to. They simply don’t have a clue. The keeners will try, and they might get far, but to the seasoned client employee, they will always be able to stump the junior auditor.

The key to counteracting this situation is to fall back on the assertions. Existence, completeness, accuracy, valuation. (There are others, but those four are key.) Explain how the test relates to the assertions for the given balance or transaction stream being tested.

This has two possible effects (both good): The client will understand why you’re doing the test, or they will have a better way to test the assertions you’ve mentioned.

And if you can explain the test to the client with reference to the assertions being tested, then you’ll better understand the test itself and be able to perform it more efficiently and identify errors if encountered. It’s a win-win.


Mid-busy season update

I’ve been very busy the past week at a job out of town, which continues this week. Blog posts have slowed to a trickle again.

It’s the first job I’ve been on that is away from home, but it hasn’t been too bad and the hours we’ve been working aren’t excessive for busy season. There are definite perks to traveling for work, like expensing meals and lots of socializing outside of work.

As for getting my CA, I should be hearing back soon from the ICAO that I’ve met all the requirements. I think in general they meet monthly to accept new members, so it could be pretty quick.

The two weeks after this one I’m back in town working on a new client that I lobbied hard to get scheduled on. I’m looking forward to it! Making a good impression for the firm, giving great client service, and meeting new people.

There’s also the annual CA Dinner Dance (or “CA ball” as it’s known in my circles) next weekend, which will be a good chance to catch up with some co-workers I haven’t seen in a while and celebrate with the 2007 UFE passers as it’s really their evening. Their convocation ceremony is earlier in the day.

Busy season has been going well so far, very manageable. I’m really looking forward to taking a nice vacation in May though!