Archive for 'Corporate Investigation'

There are numerous benefits to conducting an internal audit. However, they can depend on the nature of the internal audit and the type of company that runs it. Generally, though, the benefits of an internal audit are:

  • Increased efficiency
  • Decreased risk exposure, generally from discovering flaws or shortcomings in compliance mechanisms or information technology cybersecurity
  • Discovering internal misconduct
  • Verifying financial statements and other important information for legally-required disclosure

Together, these benefits can streamline a business’ practices, improve its bottom line, shield it from threats, and increase its future prospects. Many businesses that run an internal audit come to see the process as an investment in the company – one that pays substantial dividends in the long run.

The internal auditing professionals at Corporate Investigation Consulting help company executives and stakeholders conduct effective internal audits that produce these benefits.

1. Internal Audits Find Inefficiencies and Propose Solutions

Internal audits often focus on reviewing the company’s business practices, policies, and internal controls. By reexamining them and monitoring how they function, auditors are often able to find inefficiencies and other weaknesses in the system. These can take a huge number of forms, from problems like:

  • Nearly identical job functions being performed by multiple people
  • A needlessly excessive physical distance that has to be traveled by employees from one work station to another
  • Confusing workplace hierarchies
  • Unnecessary levels of oversight or sign-off requirements by supervisors

On a day-to-day basis, these issues and others like them may be little more than an inconvenience for workers. In some cases, they are barely noticeable. Over time, though, they can amount to a significant amount of time and money lost to the inefficiency.

Internal audits look for workplace problems like these and then propose solutions that, if implemented, would eliminate or at least alleviate the inefficiency. In some cases, the payoff for the change would make itself financially worthwhile in only a few months.

In many instances, the findings by an internal auditor come as a surprise to company executives. Their familiarity with their own company often keeps them from noticing how things can change. The fresh perspective that auditors bring to the table – as well as experience with other, similar companies – help them see issues that may have been overlooked and then propose original solutions that solve them.

2. Identify Compliance Shortcomings and Reduce Risk Exposure

Many internal audits focus on a company’s compliance mechanisms, especially in the fields of healthcare and securities trading where the legal obligations imposed by federal and state statutes and regulations are intimidating and onerous. Rather than looking to improve the company’s performance, the purpose of these internal audits is to make sure that the business is complying with the law and is not exposed to the legal liability that can come with noncompliance.

Internal audits like these typically target specific aspects of the company’s compliance obligations, like:

These are all entities that have numerous laws that they need to abide by. Many of those laws impose active requirements that the company has to affirmatively take in order to stay on the right side of the law. Failing to take those steps can expose the company to intrusive investigations, embarrassing allegations, and legal liability in the form of administrative sanctions, civil fines, and potentially even criminal penalties. The steps that have to be taken to avoid these penalties, though, are often vague.

A good internal audit can review the steps that the company has deemed necessary to satisfy their legal obligations and see if they are as effective as they were supposed to be.

3. Detect Internal Misconduct

Another important benefit to running an internal audit is that it can uncover signs of employee misconduct that would have continued to go unnoticed without the inspection. In most cases, that misconduct is merely negligent, like when a worker is failing to uphold their role in the company’s compliance protocols and putting the business at risk of liability. Occasionally, though, that misconduct is deliberate, fraudulent, and potentially even criminal.

These issues can be spotted in audits that focus on compliance mechanisms as well as those that pinpoint the business’ routine practices and policies. The most common first sign of trouble is simply money going missing at a particular point in the process. Generally, the problem is confined to a worker having an opportunity to divert the company’s funds into his or her own pocket and then making the most of it. In some rare circumstances, though, the problem is more widespread, with multiple or numerous employees having a hand in the conspiracy.

Resolving these problems can be tricky, but they can also answer some pressing questions that company executives may have had simmering for a while.

4. Verify Information and Accuracy of Disclosures

Internal audits also help companies by verifying internal information that the company has about its business practices and finances – a benefit that is especially important for companies that are about to issue critical disclosures about how the company is faring.

This aspect of an internal audit into the company’s finances can be an important one to consider when deciding when to start the auditing process. In many cases, the information to be disclosed would have had to be verified, anyway. By making it a part of the internal audit, the company can streamline the ordeal by avoiding a duplicative verification process.

Internal Auditing Professionals at Corporate Investigation Consulting

These are just some of the most important benefits that come with an effective internal audit of your company. Others include the peace of mind that comes with knowing that your company’s compliance protocols have been tested and strengthened, the input that a professional auditing consultant can provide to your company, and the deterrent effect that the audit can have on employee negligence or those who have been eyeing company property for their own taking.

The auditing consultants and experts at Corporate Investigation Consulting can help your company conduct an internal audit that provides all of these benefits. Contact us online or call us at (866) 352-9324.

Companies should regularly audit their employees’ I-9 immigration statuses to ensure the company is in compliance with federal immigration laws and the Immigration and Nationality Act. However, while these audits are essential for insulating the company from legal liability for having undocumented or illegal workers on their rosters, poorly planned audits can actually expose the company to legal liability for retaliating against workers or discriminating against them.

The internal auditing professionals at Corporate Investigation Consulting have helped numerous companies in all industries perform exceptional I-9 internal audits. In this article, they provide a checklist that they frequently use for conducting internal I-9 audits, as well as recommendations for making the audit as effective as possible.

Internal I-9 Audit Checklist

Internal I-9 audits can be done in a variety of ways. They should follow strict and formal procedures that ensure that the process is thorough and fair for everyone, though many companies use a more relaxed, informal process. Regardless, I-9 audits should at least cover the following basic steps.

Collect I-9s to Audit

One of the first decisions that companies have to make is whether they are going to audit all of their employees’ I-9s or just a sampling of them. Obviously, doing them all is more thorough but also more time-consuming, especially if your company has lots of employees. Only doing a sampling of targeted I-9s that are the most likely to uncover noncompliance is a tempting option. However, it can run afoul of anti-discrimination laws and other workplace protections.

Once a decision has been made, the next step is to collect I-9s for:

  • All current, active employees who were hired after November 6, 1986
  • Any terminated employees who were terminated within the last year or hired within the last 3 years, whichever is later

You will also need a list of all current employees as well as those who have been terminated but who fit in one of the criteria, above.

Review Section 1 and Correct Errors

Section 1 of the I-9 Form covers the following information about the employee:

  • Their name,
  • Address,
  • Date of birth,
  • Social Security Number, if they are a U.S. citizen,
  • Email address,
  • Telephone number,
  • Citizenship status,
  • Alien Registration Number, if they are a lawful permanent resident, and
  • If they are an alien authorized to work, the expiration date of their work authorization, as well as their:
    • Alien Registration Number,
    • Form I-94 Admission Number, or
    • Foreign Passport number, with its country of residence.

The Form also must be signed and include an attestation, under penalty of perjury, that the information on it is true.

If there are any inaccuracies in Section 1 of an I-9 Form or if any fields are not filled out, the employer or auditor cannot correct it. The employee must fix the error. According to the U.S. Citizenship and Immigration Services (USCIS) Handbook for Employers, the employee can:

  • Either strikethrough incorrect information or enter the correct or missing information, and
  • Initial and date the alteration.

The USCIS Handbook for Employers also covers other situations that may arise during this process.

Review Remaining Sections and Correct Errors

Sections 2 and 3 of the I-9 Form can be corrected by the employer. These Sections comprise the employee’s name and immigration or citizenship status as well as documents that were used to verify the worker’s:

  • Identity, and
  • Employment authorization.

Similar to the process for Section 1, the employer’s agent should strikethrough or add the information and then initial and date the Form.

Ensure Recordkeeping Requirements are Being Followed

I-9 auditors should also be keeping an eye out for whether the appropriate recordkeeping measures have been followed. For example, all current employees should have an I-9 on file, and the I-9s of recently terminated employees should be kept for the required amount of time.

Complete the Auditing Log

Throughout this process, auditors should be maintaining an I-9 audit log. For I-9 audits, this log should generally have three columns:

  1. The employee’s name,
  2. A description of the errors that were found on their I-9 Form, and
  3. The actions that were taken to correct the error.

The auditing log should then be kept according to the applicable recordkeeping policies of the company and the I-9 Forms returned to an appropriate and secure location with other important legal documents of employment.

Recommendations for Conducting an I-9 Internal Audit

The two most important elements that set good I-9 audits apart from bad ones are:

  1. Bad internal I-9 audits can expose the company to allegations that the audit was discriminatory or retaliatory, and
  2. Good audits satisfactorily show federal law enforcement that the company is taking its compliance requirements seriously.

Avoiding Allegations of Discrimination and Retaliation

When a company audits its employees’ immigration and citizenship status, it can lead to unforeseen and serious repercussions for some employees, but not others. It can also inconvenience certain workers, but not others.

Companies need to avoid both of these issues when they audit employee I-9 Forms.

This can generally be done during the planning stage by:

  • Setting the scope of the audit in a non-discriminatory way, and
  • Setting the timing of the audit in a way that cannot be seen to retaliate against audited employees.

The best way to avoid allegations of discrimination is to audit all employees. When that is not possible or feasible, a metric should be chosen to set the scope that could not be interpreted as discriminatory. One way to do this would be to conduct internal I-9 audits every three years and only audit people who were hired in the last three years – a sampling that is based on seniority rather than any protected class.

Show Law Enforcement That Your Company is Taking Compliance Seriously

Hiring immigrants who are not legally authorized to work in the United States can expose a company to significant legal liability. Showing that your company undertook good faith efforts to ensure that all of its employees were legally authorized to work for the business can make a big difference if immigration officials find unlawful workers on your company’s roster. Documentation of an internal I-9 audit can help to do that.

Internal I-9 Auditing Consultants at Corporate Investigation Consulting

The auditing professionals and consultants at Corporate Investigation Consulting have helped companies both large and small conduct effective I-9 audits of their employees. Contact them online or call them at (866) 352-9324 to get their assistance in running such an audit for your company.

5 Best Practices for Internal Audits

Conducting internal audits of your company’s compliance mechanisms and its business practices is a great way to discover potential sources of legal liability, as well as ways to make your company operate more efficiently. However, not all audits work the same. Some can be poorly planned or inexpertly executed. Others are all-encompassing, conducted efficiently with little wasted time or money, and produce actionable recommendations that alleviate the most pressing concerns of all of the stakeholders involved.

Certain best practices should be followed to ensure that an internal audit is a successful one rather than a disappointing one. Over the course of years of experience, our team of internal auditing consultants and professionals at Corporate Investigation Consulting have found that the following five best practices are among the most important.

1. The Final Audit Report Needs to Be Concise and Actionable

The final audit report is the culmination of the internal audit. It is the document that the internal auditors end up handing over to the company and its stakeholders. The report is probably the single most important aspect of an internal audit because it communicates the audit’s findings, provides its recommendations, and summarizes the investigation.

It is hard to overstate the importance of a good final audit report. However, it is easy for internal auditors to lean towards the over-inclusion of information, generally in an attempt to avoid the potential for leaving out relevant or important details or because of the time that the audit took to uncover them. Taking this route, though, inflates the length of the report and often provides details and information that are not very valuable. They may also do little other than to add bloat to the report.

A better practice is to make the report quick and concise, focusing on the important information that backs up recommended changes and other conclusions, and little else. This helps steer stakeholders towards the outcome that will help their company, giving them guidance for improvement without making them wade through extraneous information.

2. Always Look Out for a Lack of Duty Segregation

Internal auditors should always beware of a lack of duty segregation within a company, whether for audits of compliance procedures or business practices.

Duty segregation refers to how many steps that one person does in a row within a specific process or function. An example of a lack of duty segregation is when a single person is responsible for:

  • Receiving cash payments as a cashier,
  • Balancing the cash drawer at the end of the shift or business day,
  • Recording the amount in the drawer,
  • Depositing the money from the drawer into the business’ bank account, and
  • Recordkeeping of bank statements.

When one person or party is responsible for so many steps in a row, it opens up the possibility for costly errors or intentional and potentially even criminal misconduct. Because one person is responsible for so many steps without intervention or supervision, it is easy for them to act in their own interests and then cover up their conduct after the fact. It also presents the opportunity for innocent mistakes to be made at one stage that skews the results for the rest of the process.

Auditors should be on the lookout for these situations and give them extra scrutiny. Pulling out what is really going on during these situations can be trickier than normal.

3. Never Blindly Take Someone’s Word for Anything

Internal auditors should behave like investigative journalists, confirming and corroborating any statements given to them by employees and other workers within the organization being audited. Uncorroborated statements must be taken with a grain of salt, and if there is no way to find supporting evidence to back it up, then the speaker’s motivations must be scrutinized closely before a decision is made as to whether they are reliable or not. Even if they are used during the audit, any information that they provide or that they lead to should be denoted with an asterisk.

4. Always Remember to Keep the Goal of the Audit in Mind

One of the most important things that internal auditors have to do during the execution of the audit is to keep their focus on the goal of the process. Not all audits have the same goal – some focus on the company’s compliance measures, while others focus on business efficiency, and even within these general categories different audits can serve different purposes. Staying on track of the current audit is one of the most fundamental best practices in all of internal auditing.

It is also one of the most important, though.

If an audit gets sidetracked by extraneous information that is outside the scope of the inspection or that does not alleviate or dispel the concerns of the stakeholders to the company, at the very least it will slow down the audit until it can get back on track. If it never returns to the intended focal point of the audit, the resulting final audit report will be unsatisfactory or nearly useless to the company’s stakeholders.

5. Document the Auditing Process

Finally, a best practice that is frequently overlooked is documenting the auditing process. Including documentation into the process can seem like a waste of time. However, it pays some very important dividends to those who take the time.

Auditors who take meticulous notes of the process, the findings, and how the auditors moved forward with those findings can find themselves with an additional source of strong support for their eventual conclusions and recommendations.

Internal Auditing Professionals at Corporate Investigation Consulting

Planning for and then executing an effective internal audit takes skill, experience, and a meticulous attention for detail. The auditing experts at Corporate Investigation Consulting have built a long track record of successful audits for companies large and small, including in a wide variety of industries, from pharmacies to laboratories to law firms.

Contact them online or call them at (866) 352-9324.

Before starting an internal audit, professional auditors need to determine what is going to be the best way to execute their inspection. They need to fully understand what the concerns of the company are, how those concerns can best be addressed by the audit, and foresee any potential obstacles or problems that may arise. Not creating an effective internal audit process can all but completely undermine the value of the audit to the company that wants it done.

In their time helping clients and corporations, the internal auditing consultants at Corporate Investigation Consulting have found five keys to creating an internal audit process:

  1. Listen to the client’s concerns
  2. Investigate the client’s problems and reasons for the audit
  3. Provide experienced feedback to draw out underlying worries and risks
  4. Determine what is needed to alleviate these concerns, as well as what is not
  5. Create the audit procedure in a way that hits all of the salient points without wandering too far

1. Listen to the Client’s Concerns

One of the most important things that all auditors need to do from the very start is to listen to the client. While most audits end up being similar to one another, the reality is that they are all unique in their own way, albeit often only a small one. Understanding what that small nuance is going to be in the next audit can change its results from merely satisfactory to a huge success.

Gone are the days when most companies would conduct internal audits on a regular basis to make sure they were on the right path or to ensure compliance. Now, many internal audits are the result of a regulator’s warning or a new risk exposure. Auditors need to know what that concern is before creating the process for the upcoming internal audit. The only way for auditors to get that awareness is by including stakeholders in the planning stage and asking pointed questions to reveal their concerns and intentions for the audit.

2. Look Past the Stated Worries for Underlying Risks

Experienced auditors, however, know that what company stakeholders say is their goal for the audit is not always completely accurate. It is not that stakeholders are lying or hiding their intentions, though. While stakeholders may feel like they have a good idea of what is going on and that they understand what the potential threat is to their company, in some cases their concerns are misplaced or are focused on problems that are actually just the tip of the iceberg. They just do not know it.

In crafting an effective internal audit process, experienced auditors – like those at Corporate Investigation Consulting – know to take the stakeholder’s stated concerns with a grain of salt. They know to dig into them and search for the unspoken worries and the risks that are really causing them, but are hidden from the stakeholders’ often relatively inexperienced eyes.

3. Provide Experienced Feedback to Pin Down the Real Goal

If that seems to be the case and stakeholders are missing the real threats to their company that could be addressed in the audit, auditors should press stakeholders on these issues before creating the audit procedures. This needs to be done during the planning stage, or else the audit will have run at least some of its course before it becomes apparent that it will not be addressing the root cause of the problems faced by the company.

Generally, this can be done by asking pointed questions about the context surrounding the need for an audit and providing experienced feedback about the underlying cause of the stakeholders’ concerns.

4. Figure Out How to Deliver on That Goal

Once the true risks and needs are ascertained, the next step is to use them as the foundation for creating the internal audit processes. How the audit runs its course should adhere closely to the needs of the company and its stakeholders. However, audits can be executed in a huge variety of ways. Choosing the one that is appropriate for the calls of the situation can be difficult. Importantly, the risks of not getting it right at this stage can keep the audit from producing results that the company can use to streamline its business or insulate itself from potential liability.

5. Create the Audit Procedure That Executes Efficiently

However, delivering on the goal of an internal audit is only the most basic part of a successful review. Good audits do not just deliver; they deliver a streamlined and efficient result that does not overcharge the stakeholders or their company or waste any time or resources.

This added level of success is something that all internal auditors strive for, and is something that the professionals at Corporate Investigation Consulting take very seriously. Pursuing the goal of the audit without a care for the efficiency of the process increases the costs of the inspection exponentially, and all for very little value added to the company. The results provided in the final audit report end up being expensive to produce, but are often duplicative, meaningless, and little more than filler.

A good internal audit process should strike a balance between these competing demands: The rigid requirement that the audit be all-encompassing and thorough and the conflicting, but softer need that it is also not wasteful.

The Professionals at Corporate Investigation Consulting Can Help

Creating the internal audit process is one of the most important phases of a good internal audit. Without a solid process in place, even a perfect execution will fail to address the needs and concerns of the stakeholders and their company.

The auditing consultants at Corporate Investigation Consulting have helped numerous companies, both large and small, in the past. With CIC’s help, internal auditors have drafted procedures to follow that were both thorough and streamlined, providing effective and actionable plans in the audit report without entering the field of diminished returns.

Contact us online or call our firm at (866) 352-9324.

Internal Audit Certification

Internal auditing is a profession. In order to promote uniformity across the field and to ensure that companies know what they are getting when they hire an internal auditor, entities that regulate the field offer certifications to auditors who pass rigid tests that prove their auditing abilities.

Many of the internal auditing professionals at Corporate Investigation Consulting have these credentials, which are often difficult to obtain and easy to lose.

How Internal Audit Certifications Work

An internal audit certification is a badge of honor that can only be worn by those who have the eligibility to take a strenuous examination and then the experience and the abilities necessary to actually pass it. The credentials that internal auditors get for passing the test show that they have a skillset that is above and beyond those that have not done so.

For companies that want to hire an internal auditor or a consulting firm to conduct an internal audit of the business’ operations and compliance protocols, these certifications matter. They let hiring parties see, at a glance, the types of skills and knowledge that they can expect from a given job applicant, auditor, or consulting firm. This helps them quickly identify who may be right for the job and who will be in over their head. It also lets hiring agents, as well as the company itself, rest assured that someone qualified is handling their internal audit for them, rather than someone who might expose the company to even more liability.

The Many Types of Internal Audit Certifications

Not all internal audit certifications are the same, though. Many show that the certified person has a specialized skill set and body of experience in a very particular role within the field of internal auditing, like the auditing of information systems. Others only indicate that the holder has a generalized skillset in the auditing world.

Some auditors have multiple certifications, showing that they are adept in several specific areas.

Generally, all auditors have a college degree in accounting or something very similar, as well as a background or working experience as an accountant or in a similar financial role. However, some certifications substitute extra working experience for a college degree.

The following are some of the most common certifications that you will see internal auditors have on their resumes.

Certified Public Accountant (CPA)

Perhaps the most common certification that internal auditors can get is the CPA, which makes them a Certified Public Accountant. While individual state accounting boards grant the CPA designation, it is the American Institute of Certified Public Accountants (AICPA) that administers the exam that leads to the certification. People who pass the exam can then become AICPA members, but do not have to do so in order to practice.

While each state varies slightly in their requirements for a CPA, when you see an internal auditor with a CPA certification, you can generally rest assured that they:

  • Have a college degree in accounting with at least 150 credit hours
  • Passed an ethics exam
  • Passed the Financial Accounting and Reporting (FAR) exam
  • Are up to date on their continuing education mandates

The FAR exam is not easy. Around half of test takers fail it the first time around.

Certified Internal Auditor (CIA)

The Certified Internal Auditor (CIA) certification is sponsored by the Institute of Internal Auditors (IIA). While it is a generalized internal auditing certificate, it sets internal auditors apart from other accountants, which is essential for hiring entities to know.

To get a CIA, accountants have to provide character references, have an extensive working experience – especially if they do not have a college degree in accounting – and pass an extremely difficult exam that includes 325 multiple-choice questions and lasts for 6.5 hours. The exam covers topics like:

  • The governance, risk management, and control of internal auditing
  • Auditing industry standards
  • Quality assurance
  • Planning and managing an internal audit
  • Practical aspects surrounding the communication of the results of the audit
  • Financial management
  • Information technology issues

Importantly, the CIA certification is a global one. Non-U.S. professionals can obtain one.

Certified Fraud Examiner (CFE)

A Certified Fraud Examiner (CFE) is someone who specializes in fraud prevention. They have passed the CFE exam, which is sponsored by the Association of Certified Fraud Examiners (ACFE).

These professionals are often what companies look for when they need to test their internal systems for problems like healthcare fraud.

Certified Information Systems Auditor (CISA)

A Certified Information Systems Auditor (CISA) has passed a rigorous examination related to the auditing practices for information and technology systems. The exam is sponsored by ISACA.

CISA certifications are especially important for companies that may want to conduct an internal audit on their cybersecurity systems and structures, like home health agencies and pharmacies.

Certified Information Systems Security Professional (CISSP)

A Certified Information Systems Security Professional (CISSP) has passed an exam administered by the non-profit International Information System Security Certification Consortium, or ISC². People with these certifications have:

  • Passed background checks
  • At least five years of experience working in information security, or fewer years if they have a college or master’s degree in information security
  • Passed the four-hour CISSP exam
  • Been endorsed by another ISC² certification holder

CISSP holders have shown a strong familiarity in the following areas of knowledge:

  • Security and risk management
  • Asset security
  • Identity and access management
  • Security operations
  • Software development security
  • Security assessment and testing
  • Security architecture and engineering
  • Communication and network security

The Auditing Professionals at Corporate Investigation Consulting

Certifications are a quick, easy, and reliable way of seeing what skill sets a person has, as well as whether he or she has focused their internal auditing talents into a particular field or issue. Knowing the field and the level of expertise that you are getting is critical for making an informed decision about who to hire to conduct an internal audit of your company and what you can expect once the hire is made.

The auditing professionals and consultants at Corporate Investigation Consulting (CIC) have numerous certifications scattered among our team of financial investigators. Whether your internal audit is to look for flaws in your cybersecurity system, holes in your corporate compliance mechanism, or fraud in your billing apparatus, we have professionals with the experience that you need the most.

Contact us online or call CIC at (866) 352-9324.

Internal Audit Checklist and Template

An internal audit checklist is an essential tool for auditors. It lists all of the things that the audit is supposed to check, as well as all of the ways that the audit’s findings could benefit the company. Because internal auditing is, at its core, an effort in organization and measurement, having a good checklist is one of the most important things that an internal auditor can have.

While each checklist will be as unique as the particular audit it accompanies, there are some overarching templates that can be used to ensure that all of the general bases are covered.

Checklists Promote Uniformity Between Audits

One of the most important roles of an internal audit checklist is actually behind the scenes, hidden from view of the companies that are conducting the audit: The checklist ensures that each of the internal auditor’s projects covers at least the same baseline of issues, ensuring a degree of uniformity between audits that gives each a credibility that it would not otherwise have.

This is not a minor benefit to using a good audit checklist.

Reliability is one of the most important aspects of an internal audit. Companies that conduct one should rest assured that they are going to at least cover the basics and that it will be as reputable as the last one that was performed. By using an internal audit checklist, an auditor can make this happen.

Audit Planning Should Be Reflected in the Checklist

While a checklist should ensure uniformity with prior or subsequent audits, that consistency should only cover the basic elements of the internal audit. Each internal audit is different – companies in different industries have widely diverging risks to manage or compliance goals to achieve, and even audits within the same industry or even the same company can have different focal points. The checklist used by the internal auditor should reflect that. Only the basic elements should always be the same.

For example just a few of the different industries that make heavy use of internal auditing are:

The risks that companies in each of these fields face are radically different. Even those in the same field can face drastically different risks and compliance needs based on their business practices. For example, companies that deal internationally will have to take compliance measures – and then audit them – for International Traffic in Arms Regulations (ITAR) and the Foreign Corrupt Practices Act (FCPA). Healthcare and pharmaceutical companies, on the other hand, can be the target of corporate healthcare fraud investigations and have to take care not to raise scrutiny on that front. Organizations of all sorts may find themselves in need of auditing internal processes related to:

Each of these types of companies and types of audits require their own focal points. The planning that goes into ascertaining the overall goal of the audit should be reflected in the checklist that ends up getting used by the auditors conducting the inspection.

Auditors Who Use Checklists Work Faster and Miss Fewer Issues

Another big benefit to using an internal audit checklist is that it keeps the audit process more focused, organized, and streamlined. Auditors who keep to their checklist do not get distracted by issues that fall outside the scope of the inspection. They move from one step to the next, progressing the audit along without hesitation or delay.

That organization also reduces the odds that the auditor will miss a key finding within the scope of the audit, enhancing the thoroughness of the process.

Internal Auditing Checklists Tend to Follow a Template

Generally, these internal auditing checklists tend to follow a basic template that covers the fundamental aspects of the audit process, plus additional elements that cover the more specific concerns that are to be addressed.

Some examples of elements in the template that many checklists are built from include:

  • How well performance processes further the organization’s business plan and goals
  • Whether prior audits proposed corrective actions and whether those actions were implemented
  • Whether customer satisfaction is recorded and, if it is, how well the company responds to problems that it raises
  • How qualified employees and other personnel are for their job duties
  • Whether there are workplace hazards that could jeopardize occupational health and safety
  • How reliable quality control processes are
  • Whether prior records regarding quality control are kept

The goal of this general template is to begin to uncover important evidence related to the business’ activities. As more information is gathered, new questions will present themselves that prove to be invaluable to the auditor and to the business that is being audited.

Compliance and Risk Management Auditing Consultants at Corporate Investigation Consulting

When done well, internal audits can reveal gaps in compliance protocols that have exposed the company to substantial legal liabilities, or can uncover inefficient systems and processes that are costing the company thousands of dollars every year. When done poorly, internal audits can miss important signs of wasted money and effort or can falsely lead the company to believe that it is in compliance with all relevant laws and regulations.

Companies should strongly consider hiring internal audit professionals or consultants to make sure their audit is done the right way.

The auditing consultants at Corporate Investigation Consulting have years of experience working with federal law enforcement agencies, including the Federal Bureau of Investigation (FBI) and the U.S. Department of Justice (DOJ), investigating signs of noncompliance and putting together cases of financial misconduct in industries from securities trading to healthcare fraud.

Contact them online or call them at (866) 352-9324 to get their input on your internal auditing needs.

Developing internal controls is an extremely important part of a company’s compliance structure. Without them, achieving compliance with applicable laws is nearly impossible, and it can be extremely difficult to reach planned objectives that mean to streamline your company so it performs more efficiently.

Here, the internal audit professionals at Corporate Investigation Consulting summarize five keys to developing effective internal audit controls.

What are Internal Controls?

According to the Committee of Sponsoring Organizations (COSO), internal controls are procedures that are “designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

Essentially, internal controls are a how:

  • How to improve operational and financial performance or safeguard assets from loss
  • How to adequately report financial and other information to regulators
  • How to reach compliance with applicable laws and regulations

They are steps that everyone in a given company has a role in furthering. Precisely because there are so many people involved, though, there are numerous weaknesses in developing a good set of internal audit controls.

1. There Needs to Be an Environment of Following Internal Controls

First and foremost, everyone has to be on board with the internal audit controls that are adopted for the company. This includes the board of directors and all supervisors. If these important players in the company do not go out of their way to parrot the importance of the internal controls that have been adopted, the lower level employees who have a direct role in implementing those controls will not take their obligations seriously. If they see these workplace responsibilities as anything short of mandatory and as being crucial to follow to the letter, they are likely to cut corners in ways that undermine the effectiveness of the control process and that can expose the company to legal liability for noncompliance.

It is up to the higher level employees and partners to instill a sense of urgency in following the internal control system. Only then will there be an environment of compliance inherent in the company.

2. Internal Controls Should Be Reevaluated Regularly

This is a key to developing strong internal audit controls that many executives overlook or forget about. Just because controls have been synthesized and adopted by the company does not mean that they will always be the most efficient way of getting things done or the best way to comply with applicable laws.

Technological developments can make the current processes that are set out in the internal controls policies outdated. Should this happen, the internal controls would no longer be the most efficient way to conduct business. By regularly reevaluating those controls, they can be updated to reflect the new best practices.

The laws and regulations that your company has to comply with can also evolve over time. What were once good ways of complying with them may no longer be necessary or may no longer insulate the company from legal risk or liability. Auditing the internal controls is essential to keep them up to date.

3. Employees Need to Know That Controls Exist for a Reason, Even If They Seem to Slow Their Workflow

Similar to the first key to success in developing internal audit controls, above, it has to be pressed into employees that the internal controls exist for a reason. Many workers, particularly those who have an important role in performing the internal compliance controls but who do not directly see how it fits into the grand scheme of things, lose sight of the importance of what they do or never appreciate it in the first place. This can happen especially quickly if the internal controls prove to be a hassle for them to implement in their daily workflow.

Whether through training and retraining, a company-wide culture of compliance with the demands of the control protocol, or with education regarding the role that the employee has in the scheme and the importance of them fulfilling it, it is especially important for rank-and-file workers to uphold their obligations. In many cases, they are the ones who are most responsible for the actions that actually implement the policy.

4. Internal Controls Need to Be Monitored to Ensure Compliance

The internal controls that are adopted require consistent monitoring to make sure that they are actually doing what they were intended to do. They can fail or struggle to succeed for two reasons:

  1. Employees are not taking their obligations under the control system seriously
  2. The internal control requirements are not precise enough to solve the problem or inefficiency that they were designed to correct

Monitoring both the input and the output of the control system is essential for detecting shortcomings.

5. Determine How Selected Controls Can Be Evaded and Take Corrective Action

Effective monitoring can be supported with careful inspection of the control requirements to isolate potential practices that could undermine it. Employees who perceive that the obligations that they have under the policies are onerous and infringing on their work product may elevate their work over the demands of the internal control system. This is a very foreseeable and predictable event. Determining how those employees would go about evading their obligations is trickier. Figuring out how they would go about doing so and then patching up that possibility is a crucial part of developing a good internal audit control for the company.

The Professional Internal Auditing Control Team at Corporate Investigation Consulting

Establishing effective, but also streamlined, internal audit controls is essential for every company that intends to streamline its business practices or shore up its compliance requirements.

The auditing professionals at Corporate Investigation Consulting can help. Whether you are trying to create an effective corporate compliance program or manage risks that your company has to deal with every day, our team of professionals can help. Contact us online or call us at (866) 352-9324 so we can plan and execute the set of internal controls that will make your business even better.

Internal Audit KPIs

The goal of an internal audit is to test a company’s policies to ensure that they are doing what they are supposed to do. The key performance indicators, or KPIs, of an internal audit aim to measure how well those policies are working in a way that is easy to describe and understand.

The internal auditing professionals at Corporate Investigation Consulting make heavy use of KPIs to ensure that the audits that they conduct or oversee meet the expectations and demands of their clients and help them make actionable responses to the audit’s findings.

What are KPIs for Internal Audits?

KPIs are measurements of how well a policy or process executes the goal that it is meant to achieve – nothing more, but also nothing less. These measurements can take a huge variety of forms, as both the goals and the ways of achieving them can be almost anything.

Generally, though, KPIs fall into 2 broad categories:

  1. Execution indicators, and
  2. Value indicators.

Execution indicators track the audit, itself. Some common execution KPIs can be:

  • How many hours the audit has taken, so far
  • The percentage of the audit that has been completed
  • How many problems have been detected
  • How many corrective actions have been proposed
  • How many of those corrective actions have been implemented

Value indicators, on the other hand, measure how well the audit has helped the company that is being audited. Some common value KPIs are:

  • Reductions in expenses from the audit’s corrective actions
  • Hours of work time saved because of changes implemented after the audit
  • Productivity increases
  • Satisfaction rates from employees and managers

These are just a few examples. Every internal audit should have a unique set of KPIs.

KPIs Should Be Tailor-Made for Each Audit

Because almost any metric can be used as a KPI for a given internal audit, it is important to select the right ones for your purposes. No matter how effective and detail-oriented the audit is, if it is based on poorly chosen KPIs, the results will not be actionable or even very useful.

So, for example, if you are a healthcare company that is conducting an internal audit of its billing practices to make sure overcharges are not being made that could expose the company to allegations of fraud, some important value and execution KPIs might be:

  • The number of bills or transactions that have been reviewed
  • How many improperly billed services have been found
  • The percentage of bills that have errors in them
  • The net amount of overcharges discovered
  • How many billing errors each employee is responsible for making
  • Which billing codes are more or less likely to be incorrectly used
  • The percentage of bills that are within the scope of the audit that have been examined

Obviously, if your internal audit is for a different type of company, or is being run to detect other kinds of compliance issues, the KPIs should be different. For example, if the goal of the audit is to test your company’s compliance with the Securities and Exchange Commission (SEC), then the KPIs will be completely different.

A skilled and experienced auditing team will know which metrics will produce the data that you want to see.

All Good KPIs Rely on Well-Defined Goals

However, because KPIs are metrics for how well a given process reaches certain objectives or goals, KPIs are only as reliable or useful as the goals themselves. If the objective of a certain process is vague or poorly defined, then it becomes debatable whether the process is working or not. Because it is the success of the process that is being quantitatively measured by the KPI, this can produce a wide variety of results, undermining the value of the measurement, its reliability, and faith in the audit as a whole.

Ascertaining and defining the actual goals of the procedures and policies that are being audited are essential steps to take before the audit begins.

KPIs Should Promote Efficiency and Reduce Liability

Generally, the use of KPIs during internal audits can serve two important functions. They should be geared towards:

  1. Promoting efficiency within the company, and
  2. Reducing the company’s exposure to legal liability.

The purpose of the audit will determine which of these functions should be the focus of the inspection. For example, audits that are designed to test the company’s compliance mechanisms are going to focus on the exposure to legal liability. However, that focus does not necessarily have to be exclusive. Good auditors will still make note of potential issues at the fringes of the scope of the audit that they are conducting.

Without KPIs, the Findings of an Internal Audit are Vague

The value of using KPIs during an internal audit becomes even more apparent when you consider what would happen without using them. A lack of quantitative measurements would lead to audit results that are vague, at best. The lack of precision would make the audit’s findings difficult to understand and work with, making it almost impossible to use them to improve the inner workings of the company.

This undermines the real value of an internal audit: The production of data and findings that are actionable.

The Internal Auditing Consultants at Corporate Investigation Consulting

Crafting and executing an effective internal audit is part science and part art. It takes foresight to see the difficulties that are going to arise, given your company’s unique business practices and structure. It also takes creativity to come up with KPIs that are going to produce data points that can be used to gauge your company’s performance, legal exposure, and efficiency, and that will draw out actionable responses for your company to implement.

The experienced internal auditing professionals at Corporate Investigation Consulting can help you and your company from square one of this intimidating but incredibly important process. Contact them online or call their office at (866) 352-9324.

Internal Audit Job Description

When company executives, the legal department, or compliance officers want to hire outside help to conduct an internal audit, steps must be taken to ensure that you get auditors who are going to help your company the most. Creating a job description for the internal audit is an effective way to weed out the potential auditors who are not going to be a good fit for your company’s needs.

In order to be effective, a good internal audit job description should utilize a wide variety of ways to separate the bad candidates from the good, and to give ideal auditors the opportunities they need to stand out from the rest of the pack.

Here are four elements to consider for your company’s internal audit job description.

1. Be Industry and Audit Specific

It is crucially important to remember that auditing a company in one industry is not the same as auditing another company in a completely different industry. This is particularly true when the internal audit is being done to test the corporation’s compliance protocols. Healthcare companies face radically different compliance requirements than, say, a family investment office. One has to comply with extensively detailed billing obligations for healthcare services provided, while the other has to abide by coextensive sets of securities and investment rules laid out by the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA).

Some other divergent industries that require auditors who are familiar with the particular legal compliance obligations of the field are:

Even within these industries, there are different types of audits. Some focus on certain aspects of the company’s compliance obligations, while others focus on other pressing issues like:

Your internal audit job description should reflect how specialized the auditing field has become. Make it clear what type of auditor you are looking for, and scour the applicants for those who match the industry you are in and the skillset that you want.

2. Do Not Just Demand Experience: Demand Relevant Experience

It is not uncommon for internal audit job descriptions to demand at least a certain number of years of experience in conducting internal audits.

This is not precise enough.

Rather than requiring, say, five years of experience in internal auditing, you should be demanding at least a set number of years in internal auditing in your industry and in the type of audit you want to run. Even if you have to lower the threshold for candidates to meet, you will still be far more likely to get auditors with the skillsets that you want.

Therefore, consider replacing, “10 years of experience in internal auditing,” with something like this, “4 years of experience conducting risk management audits for healthcare providers that handle Medicaid, Medicare, and Tricare.”

3. List Audit Certifications

Professional auditors who are serious about their jobs will accumulate as many auditing certifications as they can. A few of these certifications will be relevant to the needs that you have for your particular internal audit. Many others will not be.

Just because there are only one or two certifications that you want to see, though, does not mean that the others are meaningless. Instead, they show a professional drive on the part of the auditor to expand the breadth of their understanding of their field. That broad knowledge base can be useful for your company.

However, this is not necessarily the case, and is not always a good thing. As mentioned earlier, applicants who respond to an internal audit job posting should have a deep familiarity within your industry and should have experience conducting internal audits that align with the purpose of the one that you want to do. A broad range of certifications – especially those well outside your company’s field – can be a sign that the auditor’s experience is too diluted to be the best value in your pool of candidates.

This is still helpful information to have, so encouraging applicants to list all of their auditing certifications in the job description is often still a good idea.

4. Keep an Eye Out for Potential Conflicts of Interest

The job description is also a good place to draw out information about past work experience that can reveal a potential conflict of interest.

For all of the importance in getting an auditor that has extensive experience in conducting the type of audit that you want in the industry that your business is in, you also want to be on the lookout for an auditor’s prior clients that are too close to your company. If an auditor has helped competitors in the past, it may be wise to at least be more careful in your contract negotiations, should you choose to hire them to conduct the internal audit of your own company.

Generally, these concerns are needless, as auditors are professionals in their own right. However, it can be wise to use the internal audit job description as a way to tease out these potential conflicts of interest so you can behave appropriately to them.

The Internal Auditing Professionals at Corporate Investigation Consulting

Hiring outside help to conduct an internal audit of your company is both essential and stressful.

On the one hand, getting an independent auditor to review the compliance protocols in your company is the best way to obtain unbiased, professional, and often novel ideas about the shortcomings, weaknesses, and inefficiencies in your company’s policies. The best auditors can uncover problems that are exposing your company to legal liability, as well as any needlessly onerous costs of compliance that are costing your company time and money for little benefit.

On the other hand, it can be extremely difficult to determine which outside auditing professional is going to be the best fit for your needs.

Crafting an internal audit job description that accurately represents your needs and desires and that sets an appropriate standard for applicants to meet is a big start in the process.

The professionals at Corporate Investigation Consultants can help you and your company decide who should perform an internal audit of your firm’s compliance protocols. Call them at (866) 352-9324 or contact them online.

Internal Audit Training

An internal audit is an essential part of corporate compliance and risk management. However, not all auditors are the same. Some have certifications in specific areas, while others have a reputation for precision and efficiency in a particular industry.

Whether you are an auditor who wants to improve their credentials to advance in the field, or an executive who is considering whether to hire outside counsel to perform an audit and is performing due diligence to see if the auditor has the training necessary to do it well, it can be useful to have a basic sense of which internal audit trainings are the best.

Here are five internal audit training courses that the consultants at Corporate Investigation consider to be among the best for their targeted audiences.

1. University of Illinois Internal Auditing Suite

The University of Illinois Urbana-Champaign has several well-regarded internal auditing courses available online on the website Coursera. A few of their offerings are:

All of their courses have exceptionally high ratings, with many of them still coming in over 4.5 out of 5, even with several hundreds of reviews. All of them are taught by faculty at the college, with some of the leading minds in the field providing the lectures. They are also exceptionally thorough, with the syllabi for the courses estimating completion times over 25 hours for each, spread out over multiple months.

However, some of the courses tend to focus on financial statement auditing, which may or may not be what you are looking for.

2. Be a Pro Internal Auditor

Another highly ranked, and much shorter, course is the Lead Auditor Tools for a Professional Internal Audit course hosted by Udemy. Unlike the University of Illinois Urbana-Champaign courses, which can take months to complete, this one has only 10 articles, 3 hours of video lecturing, and 7 downloads to do. In spite of the brevity, it is thorough enough that several big companies, including Eventbrite, Volkswagen, and Nasdaq offer this course to their employees.

A nice perk of this internal audit training course is that if offers email support to the students who are taking it, and includes opportunities for 1-on-1 sessions with the instructor. It is also taught by Danielle Volski, an experienced auditor with a history of using the ISO 9001 model for auditing.

3. Hong Kong University

Another well-rated and highly regarded course on Coursera is Information Systems Auditing, Controls and Assurance, offered by the Hong Kong University of Science and Technology. Named one of the Best Free Online Courses of All Time and the Best Online Courses of the Year for 2021 by Class Central, this online course focuses on auditing information systems in order to maintain the integrity of those systems and stay in compliance with legal obligations and requirements. The course explores the risks that are inherent in information systems, including those that are related to data privacy and information security requirements and expectations, and then covers how to address and mitigate those risks.

Because it is so focused on internal audits of information systems, it generally requires an educational background in that field. The course recommends students first have a degree in:

  • Information systems (IS)
  • Information technology (IT)
  • Computer science

Years of work in the field may substitute for the degree, though.

4. Internal Audit 360’s Suite

Internal Audit 360 bills itself as “the independent resource for internal auditors.” In furtherance of that, the company has a suite of internal audit training courses that cover:

  • Agile
  • Data analytics
  • Project management
  • Ethics
  • Six Sigma
  • Lean

Some of these courses are quick, while others are extremely in-depth, with numerous hours of content to take in.

Many of these courses provide continuing professional education (CPE) credits. These credits, however, are generally only for internal audit certifications and cannot be used by accountants to satisfy their requirements.

5. Internal Audit: A Guide for Management

Another course hosted on Udemy, Internal Audit: A Guide for Management, is a valuable one that covers an often underappreciated role in the process of internal auditing – company executives who have found themselves in need of an internal auditing consultant, but who do not yet have a full understanding of how the process works. This is a difficult position to be in, because you have to make an important decision for your company without being comfortable knowing how to make it.

The prerequisites for this course highlight its value to executives in this position: There are none. While other internal audit training courses – particularly those involving information technology – have extensive lists of what students are expected to know and understand before clicking the play button on the first video, A Guide for Management is for people who need a bird’s eye view of the playing field to get a sense of the basics of what they are about to get into.

The Internal Auditing Team at Corporate Investigation Consulting

Running an internal audit is a complex task, whether you hire outside help to do it or use in-house personnel. The benefits of conducting an audit, though, are hard to overestimate: It can identify problems in your compliance protocols or can spot fraud, waste, or inefficiencies in your company that are lowering its profits. Audits that are done well can end up paying for themselves very quickly.

However, a good internal audit generally requires a good internal auditor. Well trained auditors are difficult to find and either hire for your company or contract with as an outside consultant.

The internal auditing team at Corporate Investigation Consulting has numerous certifications from completing a wide array of courses on the many facets of auditing. They also have years of experience working as agents in federal law enforcement agencies. Contact them online or call them at (866) 352-9324.

WordPress Lightbox