Common questions and answers for internal auditors, according to Larry Hubbard.

Forum Actions

Back to Public Directory RSS Feeds
See Earlier Threads
IRA Good in Theory; RRA Good in Practice
Most risk management processes look for risks first, then controls. But, that is backwards. It's much better to find existing controls first (because most processes do already have controls) using the...
View (0 Comments)
Risk Assessment
Jan 23, 2009
Auditors SHOULD find fraud
It's time to stop hiding behind the Standards, and go with what Boards and Management thing auditors are for in the first place - we need to find fraud, in our audits, if it exists!
View (0 Comments)
Fraud
Jan 22, 2009
The biggest risk is control failure
Have you noticed that in the credit crunch, at Enron, at Worldcom, even back to BCCI and before, it is not unknown risks that got companies into trouble - it was basic controls not being done. I think...
View (0 Comments)
Risk Assessment
Jan 22, 2009
There is no such thing as a regular audit
There are financial audits, operational audits, compliance audits, internal control audits, performance audits - etc, etc, etc. But ask 5 auditors for a "regular" or "normal" or "typical" audit, and y...
View (0 Comments)
Audit Tools
Jan 21, 2009
Are these Q&A's???
Not really - they are more in the form of statements, or Audit Sayings. But most of the items have been asked in some form or another in training courses I have led, and I've had to answer them.
View (0 Comments)
Administration
Nov 12, 2008
Risk Responses are not Controls
In the COSO control framework, Control Activities are the things management does to be sure their risk responses are working. Looking very closely, you’ll see that the risk responses themselves are no...
View (0 Comments)
Risk Assessment
Nov 12, 2008
Risk Assessment is a Control
Enterprise Risk Management and Internal Control both contain components called Risk Assessment. So, Risk Assessment is a part of the control process, or a component of control. Risk assessment always ...
View (0 Comments)
Internal Controls
Nov 12, 2008
Risk Assessment is not About the Risks
Risk events are about the future, which cannot be predicted. If an event does occur, then maybe it is a problem to be solved and avoided in the future, but it is no longer a potential risk event. Not ...
View (0 Comments)
Risk Assessment
Nov 12, 2008
Internal Control is like a Pie
We recognize a pie because it has four parts - topping, filling, crust, and stuff on top. If all four are not there, it is not a pie (maybe its pudding, or bread, or something, but it's not a pie).Int...
View (0 Comments)
Internal Controls
Nov 12, 2008
Setting Objectives is a Control
Everything is about performing activities.  Managers are responsible for being sure employees perform activities correctly, so they establish objectives or goals for those activities.Of course, not al...
View (0 Comments)
Internal Controls
Nov 9, 2008
COSO is for Auditors
A Control Framework such as COSO or CoCo is for auditors and other evaluators to use in evaluating the design of management's controls (whether or not management calls them controls). It goes this way...
View (0 Comments)
Internal Controls
Nov 9, 2008
Internal Control is a Process
Controls are such a basic concept, I think, but one understood differently by almost everyone. COSO tried to help, but still we struggle with that.Internal control, and internal control frameworks, ar...
View (0 Comments)
Internal Controls
March 10, 2008
Is using a workpaper system, like TeamMate, really better than Word and Excel?
Yes. If I have the choice, I will never do another audit or project without TeamMate!! The advantages over just using Office Word and Excel are significant - Coaching Notes, embedded links, signoffs,...
View (0 Comments)
Audit Tools
March 10, 2008
Are there any special audit tools we should know about?
Yes, absolutely. I believe auditors need to know about and use these now:   TeamMate Automated Workpaper System Audit Command Language (ACL) Office Word and Excel and Outlook Instant Messaging,...
View (0 Comments)
Audit Tools
March 10, 2008
The category of Financial Objectives in COSO and CoCo seem very wide, since everything eventually impacts the financial statements. Right?
Maybe everything does eventually impact the financials, but that is not what financial objectives in COSO or CoCo means. Both those frameworks, in addition to operational objectives, cover financial R...
View (0 Comments)
Internal Controls
March 10, 2008
Which control framework is best COSO, CoCo, Cadbury, etc?
A control framework, or control model, is simply a definition of internal control. COSO and CoCo are the major ones, and are about 95% the same. One for IT controls, called COBIT, is also very popular...
View (0 Comments)
Internal Controls
March 10, 2008
Hard Controls are About Processes, Soft Controls are About People
The terms soft and hard controls are often used to describe internal controls, but dont actually get used in the formal definitions of control from COSO, CoCo, etc.   An easy way to think of them is...
View (0 Comments)
Internal Controls
March 10, 2008
Do internal auditors have to follow The IIA Standards?
Compliance with The IIA Standards is mandatory for members of The IIA and for holders of IIA certifications, such as CIA, CCSA, etc. There is no enforcement mechanism, and compliance is not reported t...
View (0 Comments)
The IIA
March 9, 2008
It's OK to suggest new questions
Post them to this site, or email them to me at Larry@LHubbard.com.  
View (0 Comments)
Administration
March 9, 2008
Are control confusing to normal people?
Certainly not. Even Dilbert understands controls:  
View (0 Comments)
Lighter side
March 9, 2008
There are earlier threads which are not shown here.
     See Earlier Threads