Convergence: The future of COBIT, COSO and fraud management (part 2)

Body:

Do you know ISACA and IIA have already seen convergence? 

 

In October 2010, Richard Chambers of the IIA and Susan Caldwell of ISACA signed an agreement in which there was to bring a heightened level of cooperation between the two organizations.  Some of these areas included conducting jointly sponsored events, creating education programs, local chapter cooperation, and—in my opinion, the most important—“…coordinating and promoting unified messages and responses to standards setters, regulators and legislators globally, and providing them with information regarding best practices.”

 

So, convergence has happened at the ISACA/IIA level. Will we see more?  Yes, I believe so, in part because of declining budgets in audit departments—thus driving the professional membership organizations to act. However, there is an additional, more strategic, point to make about convergence; there is a natural relationship among COBIT, COSO and fraud management. There is a symbiotic relationship for information technology and fraud professionals, just like there is an interdependent collaboration between IT and finance.  

 

So, where are we seeing convergence in action?

 

We’re seeing it, most appropriately, in smaller audit organizations. Large audit shops can take years to change—a bit like turning a cruise liner. Pint-sized departments are like tugboats, tiny on the outside and extremely powerful inside. A great example of small-department convergence comes from Mission Healthcare, located in a small Appalachian valley in western North Carolina. The company may be close to the fictional town of Mayberry, but it is far from conservative in its internal audit structure. In its traditional areas, the company has only two line auditors, one director and one executive. The executive and director have two responsibilities:  health compliance and audit. This leaves the auditors to multitask in the most extreme way.  Mission Healthcare does something innovative in not only calling its auditors “IT and internal auditors”, but also allowing its auditors the flexibility and freedom to move between those environments.  In fact, one of the company’s CISA-certified auditors is also a Certified Fraud Examiner, adding a fraud expert to the team. Operating under this environment is a positive for Mission Health because the company has developed internal audit, IT audit and fraud examination skills for its audits and investigations. Mission Healthcare has no room for excess; they need to execute. Convergence makes it happen.

 

A final item that is also clear about convergence:  internal audit departments are being squeezed on deliverables beyond just cost—from management reports to personnel requests. Auditors are now obtaining skills that are beyond internal audit traditional silos, a bit like an army of Davids. Senior management demands better, more holistic reports to understand risk.

 

Convergence is here to stay. Are you on board?

 

Timothy Hediger, CISA, CIA, CFE, CCSA, ACDA, DoD IASO
Owner and Consultant
Polaris Risk Services, LLC

 

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.

Published: 4/13/2012 1:04 PM

View full post on ISACA Now: Posts

View full post on National Cyber Security