An open forum for the internal audit community, The Soapbox gives practitioners an opportunity to exchange ideas and voice their opinions.

Submission Guidelines This is a sticky post

Posted on Feb 3, 2011

Welcome to The Soapbox, a forum aimed at promoting idea-sharing and dialogue among members of the internal audit community. We welcome submissions on any internal audit related topic and encourage practitioners from all levels of experience to participate. Entries should be submitted to the InternalAuditorOnline blog editor, Tim McCollum, at for consideration. Posts may be edited for clarity and length.    

continue reading...

Are We Measuring Risk Without a Yardstick?

Posted on Jul 10, 2012

For the past 30 years the audit profession has evolved its risk consciousness, and all professionals embed some type of risk assessment into their periodic audit cycles. These audit risk models tend to apply broad labels such as high, medium, and low risk to various classifications of assets, resources, or programs. Some models attempt to be data-driven by building up from very granular entity information while others are based on qualitative, long-term views of inherent risk. 

continue reading...

Emerging Risk Oversight and Legal Risk

Posted on Jun 4, 2012

Emerging risk oversight requirements are driving audit committees, CEOs, and internal and independent auditors to focus on new and different areas of risk within organizations. This includes reviews of legal departments and the underlying risk that they represent. There is a combination of factors driving these risk reviews, including the definitions of risk oversight and the obligations stated by various oversight bodies.

continue reading...

The Internal Auditor as Project Auditor: A Winning Combination

Posted on Feb 7, 2012

Organizations around the world are losing billions of dollars in wasted project spending that is usually hidden from management and investors. The internal auditor as “project auditor” has a great opportunity to mitigate these losses and add value to their organization’s bottom line. Although some internal auditors may think they do not know or understand the process of managing a project, this couldn’t be further from the truth. The analytical skills displayed by today’s internal auditors can be put to great use in this arena, because audits are best managed as individual projects to be completed successfully and on time. And a key component of transitioning audit staff to become project auditors is for chief audit executives (CAEs) to position themselves and their audit staff as business partners who can provide insight on key projects and strategic initiatives. 

continue reading...

A Perfect Time to Scrap Everything?

Posted on Jan 11, 2012

The recent Committee of Sponsoring Organizations of the Treadway Commission (COSO) revision of its Internal Control–Integrated Framework has me thinking it is a perfect time to scrap everything.  

continue reading...

Improving the Organization's Legal Cost Efficiency

Posted on Nov 3, 2011

Traditional reviews of legal departments and processes simply focused on ensuring legal invoices were documented appropriately. This is a typical control function, but it does not focus on the true issue of budget size and organizational risk.

continue reading...

Rock Vs. Rock Star

Posted on Sep 20, 2011

The concept of an internal auditor being a “rock star” is intriguing, particularly in adding an element of excitement to the profession. But, there is a certain edginess to a rock star, with nostalgia for Woodstock, Liverpool, and the Grammys … do I need to say more?

continue reading...

Time Frames: Are You Establishing Them for the Issuance of Audit Reports?

Posted on Aug 15, 2011

Internal auditors are viewed by many as an extension of top management. Therefore, it is a good practice to issue timely audit reports to management who are vested in the audit results. Timely audit results show management that not only are auditors committed to improving the deficiencies identified in the audit, but also that they are committed to helping management improve the overall effectiveness and efficiencies of the organization’s operations.

continue reading...

Auditors and the Love-Hate Relationship

Posted on Aug 3, 2011

Having started my career in banking outside the internal audit function, I can clearly remember how annoyed and concerned I was when internal auditors would show up in our department. There would be a general alert reaction from everyone as well as a sense of impending danger. The sentiment was clearly based on the fact that we were a team and these people were there to expose our weaknesses and problems.

continue reading...

IT Steering Committee Basics

Posted on Jun 8, 2011

How does your organization’s IT department support the business? Beyond the daily help desk calls, when it comes to strategic IT-related decisions, who should be involved? Should those with IT know-how have most of the say, or should operations personnel make the call? Can they work side-by-side to make this salient decision?

continue reading...