An internal auditor has an essential role to play in the governance of an organisation. Which is why it remains difficult to grasp for me why so few internal auditors have a basic understanding of governance principles. We have developed a high level introduction to governance for internal auditors, in Dutch, which provides a basic … Continue reading Understanding basic governance for internal auditors
Category: internal audit
Sharing courses – Internal audit reporting
The quality of internal audit reporting is often significantly below par. The number of times I’ve been confronted with reports that were too long, too convoluted, trying to prove to the reader the auditor had done a lot of work … are impossible to count. While the internal auditor ideally writes something that is digestible … Continue reading Sharing courses – Internal audit reporting
How I used to detest expense reporting and don’t any longer
I’ve spent a significant part of my life working as an auditor for Big 4 companies, first at Andersen, then at Deloitte, and finally, after a stint at IMS Health, I ended my Big 4 internal auditing career at KPMG. One of the realities of Big 4 work is expense reporting. And let’s be honest, … Continue reading How I used to detest expense reporting and don’t any longer
The governance and oversight structures in the Belgian federal government
When looking at the public sector, people not familiar with the structures and the relationship between administrations and the political level often ask how its governance structure compares to other environments, such as the private sector. Governance in the private sector is based on the management and control of a traditional principal - agent relationship. … Continue reading The governance and oversight structures in the Belgian federal government
Joint risk assessment and single audit, sitting in a tree …
Loss of added value Internal audit and external audit both present their findings during the same audit committee meeting. It turns out that both structures independently audited the same entity which is part of the wider organisation. A lot of their findings align. They actually turn out to be comparable to some of the issues … Continue reading Joint risk assessment and single audit, sitting in a tree …
Working papers: it’s not about you …
It seems obvious, but it isn't One of the key requirements of quality working papers is that they contain neither irrelevant information nor personal, subjective statements or opinions. It seems obvious, but during a recent external file review I was taken aback by what I found: personal observations, none too flattering, of an auditor on … Continue reading Working papers: it’s not about you …
Concluding on working papers
So what? I sometimes review a working paper and think by myself: "So what?" Not in a derogatory, dismissive manner, rather in a silent sigh about an unfulfilled expectation. A well written working paper without a good conclusion is like a good short story without a proper ending. It leaves me wanting more but not … Continue reading Concluding on working papers
Clearly written working papers
A quick stroll down memory lane Let me take you on a quick stroll down my memory lane. I was a young auditor, fresh out of university, working on my second or third audit. I was a high potential, as I had already achieved mastery of those skills essential to a young staff assistant: I … Continue reading Clearly written working papers
The relation between audit reports and working papers
Audit reports tend to be overly long I've mentioned before I don't like overly long audit reports. The length usually does not add relevant information for the audit committee and only aims to prove to the audience how much time and effort the internal auditor put in that specific audit. While commendable this is not … Continue reading The relation between audit reports and working papers
Risk management maturity – moving beyond risk registers?
An interesting article on risk register obsolescence I recently read this article by Michael Werneburg which was subsequently updated here. The article deals with the evolution of risk management in organisations beyond the use of risk registers into a risk mature organisation. It restates and reiterates a number of points that have been made by … Continue reading Risk management maturity – moving beyond risk registers?
Exploring The Black Box 