Tech Titans Rewrite Internal Audit Planning
Ia magazine technology report explores how Google, LinkedIn, Cisco confront risk
ALTAMONTE SPRINGS, Fla. (June 2, 2014) — Like an architect’s blueprints, an internal auditor’s annual audit plan is a crucial framework, specifically for an organization’s management of risks and controls. So what were internal audit executives at two of the world’s fastest-growing companies thinking when they eliminated their annual audit plans?
In a special report on the challenges and benefits that technology brings to the internal audit profession, Internal Auditor (Ia) magazine’s June 2014 issue goes behind the scenes of the internal audit functions at Google, LinkedIn and Cisco. Ia’s cover story, “Auditing at the Speed of Technology,” explores how top auditors at the Silicon Valley giants reduce risk in a rapidly evolving environment where innovation is imperative for survival.
For Google and LinkedIn, the key was to work without an annual audit plan or even formal audit reports — an almost unheard of practice in the profession — because such plans are not designed to adapt quickly to changing business conditions. “Since the business is changing so fast, it is difficult to finalize the internal audit plan for the entire year,” said Inder Gulati, LinkedIn’s head of internal audit.
While Google has no annual audit plan, the company’s Director of Internal Audit Lisa Lee said she plans continuously by keeping a running list of potential audits guided by core risk themes. “It’s not that we don’t plan,” she said.
Although Cisco retains its annual audit plan, it revises the plan every quarter to ensure the audit team remains nimble. “Something is going to come up, and we’ll want to be at the table to support the business,” said Tom Austin, Cisco’s vice president of governance, risk and control. “We just don’t know what that is yet.”
Technology pushed these companies to create highly nimble audit functions, but it also created a new realm of business risk for internal audit. Also in the technology issue, “Businesswide Cybersecurity” looks at how the threat of cyberattacks has grown to include an organization’s systems, data and devices, not just IT. It is a significant risk. Cyberattacks cost the global economy between US $300 billion and $1 trillion in 2013.
Technology also is this month’s theme of “Eye on Business,” a new Ia column in which thought leaders share their insights on business trends and issues. Greg Bell, principal and service leader of information protection at KPMG, and Kieran Norton, principal and U.S. leader of Deloitte & Touche’s cyberthreat management practice, focus on cyberattacks and how audit departments can help reduce the risk of this growing threat.
“‘Eye on Business’ helps our readers better understand crucial issues directly impacting the audit function,” said Anne Millage, Ia editor-in-chief. “We premiered the column in June’s issue because technology and cybersecurity are at the top of all internal audit stakeholders’ priority lists.”
Also in the June issue:
- The IIA’s new North American board chairman, John Wszelaki, tells readers about his career — one that’s anything but dull in his role as director of internal audit for an agency that oversees liquor sales at 348 state-run stores in Virginia.
- Jeanette Franzel, member of the U.S. Public Company Accounting Oversight Board (PCAOB), shares her personal views on internal audit’s role in financial reporting and implementation of COSO 2013.
- A primer on Bitcoin and how the virtual currency impacts internal audit, from IT risks to its tax implications.
The latest issue of Ia magazine is now available in print and online.
About Ia magazine
Ia magazine is the world's leading publication covering the internal audit profession. The award-winning, bimonthly magazine shares timely, helpful, and indispensable information for professionals who want to keep pace with the diverse, dynamic field of internal auditing. For more information, visit www.InternalAuditorOnline.org.
About The IIA
Established in 1941, The Institute of Internal Auditors (The IIA) is a professional association for internal auditors around the world, with headquarters located in Altamonte Springs, Fla. The IIA serves more than 180,000 members from 190 countries, providing professional development, guidance, and certification. For more information, visit www.theiia.org.