it auditing case study with solution pdf

Case Studies: IT Audits, IT Security Audits, and Network Security Audits

It security audit company with certified auditors provides it audit and compliance audit services., selected case studies and industry experience, every engagement is unique. we are happy to customize our audit services to your specific needs.

Network Security Audit

A mid-size telephone company with many entities was concerned about network security risks., client situation.

A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.

Altius IT Solution

Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:

• Risk assessment, risk analysis, and risk treatment
• Policies, procedures, plans, and related documents
• Use of service providers
• Security of servers, firewalls, and network infrastructure
• Protection against malicious software (viruses, spyware, etc.)
• Security mechanisms and practices
• Controls over removable media and USB devices
• Incident response and business continuity

Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.

Client Benefit

Altius IT’s network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets

Cyber Security Audit

A large county needed assurance that its sensitive information was protected against hackers and other threats..

A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.

Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county’s external risks:

• Firewall – reviewed and analyzed configuration
• External penetration – evaluated vulnerabilities
• Social engineering – determined employee risks
• Phishing – used fake e-mails and USB devices
• False web sites – determined risks
• Policies – evaluated security related policies

Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.

Altius IT’s provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.

Altius IT’s external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.

Web Application Security

A software developer was notified it's application was not secure. a client of the software developer requested a web application security audit..

A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that it’s software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer’s President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.

Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.

Altius IT’s web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT’s report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization’s enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.

Compliance Audit

A large regional hospital needed assurance that health information was protected against unauthorized access. meet hipaa and hitech compliance requirements..

A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.

Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:

• Administrative Safeguards - policies, procedures, plans, forms, security training, incident response, business continuity
• Physical Safeguards - controls over access to data centers, cameras, EPHI
• Technical Safeguards - firewalls, server configurations, network segmentation, anti-malware, logging, backups

Altius IT’s reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.

Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.

Risk Assessment

A mid-size medical product manufacturer was concerned about the security of a new device. a risk assessment was needed to address concerns about patient confidentiality and the integrity of the product..

A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.

Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT’s Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.

Altius IT’s risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:

• Security – security assurance knowing that the product had effective security safeguards and controls.
• Continuity – ability to continue functioning even if the product had been compromised.
• Alerts – remote notifications to appropriate personnel so they could take appropriate actions if the product was compromised.
• Redundancy – ability of the product to continue operating in the event of normal failures.
• Sociability – ability of the product to not interfere with existing systems and devices.

Mobile application security audit

A marketing company needed assurance that a newly developed mobile application was secure. a mobile application security audit was needed to address concerns about the security of the software application..

A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.

Altius IT provided a "hand on" security audit of the mobile application. We evaluated security risks related to:

• User use of the device
• Mobile software coding issues
• Interfaces to servers and databases
• Configurations of servers, firewalls, and network segmentation
• Authentication issues
• Backups and recovery

Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.

Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.

Social Engineering Audit

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually perform a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT’s social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.

Altius IT's social engineering security assessment helped the bank formalized its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.

Case Studies

It audits, it security audits, and network security audits.

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

• Fortify your information systems, applications, and network infrastructure
• Comply with regulatory requirements
• Protect your valuable assets
• In the news
• Success Stories
• (714) 794-5210
• [email protected]

Altius IT's services are provided throughout the United States and in selected international countries. Our corporate HQ is located in Orange County California between Los Angeles and San Diego. Contact us and we will help you choose the right audit for your organization.

I.T. Auditing : Sample Cases – Representative Matters

• Case Studies
• I.T. Auditing : Sample Cases -…

The following audit case studies highlight several matters for which Vestige was retained that involve I.T. Auditing Services. Each of these I.T. audit case studies are real matters that we have worked, but for privacy and confidentiality purposes, any identifying information has been sanitized from our auditing samples. Learn how Vestige LTD has provided assistance in various I.T. auditing cases below.

Publicly Listed Professional Services Firm

Our client, a public company, subject to SEC regulation, had both a robust Internal Audit Department as well as its outside audit firm (one of the Big 4). While the Internal Audit Department had financial auditors on staff and had a handful of individuals that dabbled in I.T. Reviews, it became evident that the level of expertise needed for such a complex environment exceeded their internal resources. Over the years the organization has had to deal with a number of regulatory requirements, including: Sarbanes-Oxley (SOX) compliance, HIPAA, PCI, and FINRA, to point out a few. Vestige became involved as an extension of this organization’s Internal Audit Department, providing a wide range of I.T. audits and assessments for a number of the organization’s divisions and separate business entities. Reporting through the Internal Audit Department, we were able to closely coordinate our efforts with the financial auditors to provide the organization with an even better overall assessment of the organization’s risks. Beyond that, we provided our client confidence with moving forward on its external audits, knowing that issues were identified and addressed internally in ample time to remediate the controls and show that they had been in-place and working over a period of time. It was even reported to us that the external auditor was able to rely upon much of our work product due to its completeness, accuracy and quality of findings, thereby saving our client substantial fees in having to undergo additional scrutiny and testing by the external audit firm.

Institute of Higher Education

Vestige has complemented the Internal Audit Department of a four year college that caters to more than 30,000 students and has several campuses. The Internal Audit Department is on the smaller side (2-4 auditors) and has no one that specializes in I.T. Auditing. While it is void of this important function within its internal resources, it does have one of the financial auditors who has shown an interest. As a result, not only has Vestige partnered with the University to conduct the I.T. component of its audits, but we have provided some additional ancillary services to assist with the training of this individual. For example, as part of our engagement we have created the audit programs for some of the areas of concentration, as determined by the organization’s risk assessment. Vestige initially conducted an audit of one of these areas, completed our documentation and also created add-on audit programs, custom-tailored to the University, and provided these along with training to the internal resource for them to conduct on-their-own. In this manner, the University is not only gaining Vestige’s expertise as it relates to the identification of risks and the conducting of the I.T. audits, they are also gaining important knowledge and resources to build up their own internal expertise.

Large Conglomerate

For more than 12 years, Vestige has provided outsourced I.T. Auditing to a large ($1B+ revenue) conglomerate. Throughout the years, this organization has maintained its own Internal Audit Department of 8-10 financial auditors. They had previously attempted to recruit, hire and retain IT Auditors, but were never successful at keeping these individuals long enough to gain any of the efficiencies and insight that someone gains by being in the environment an extended period of time. Frustrated with this approach, the conglomerate originally sought our services out to augment the internal I.T. auditor’s experience, to act as a reviewer and to mentor the individuals on the I.T. Auditing side since the balance of the Internal Audit Department was financially-focused. Eventually it became evident that the organization was in a vicious cycle of recruiting, hiring, training and then losing these individuals and turned to Vestige as an outsourced solution providing full I.T. Auditing services as part of its Internal Audit Department and its 20+ individual portfolio companies.

Outside Accounting Firm

As a Public Accounting firm, our client provides external audit functions to thousands of clients. Like so many other regional and local accounting firms, our client has financial auditing expertise, but does not have the internal resources from an I.T. Auditing focus. Since the introduction of the AICPA’s Statement of Audit Standards 94 (SAS.94) in May 2001, reliance upon auditing “around” the technology involved in a financial system is no longer acceptable and auditing firms have had to rely upon and develop expertise in being able to audit the actual technology. As most auditors are financially-focused, there is a wide dearth of expertise as it relates to the I.T. Auditing component. Vestige has complemented these firms’ needs by partnering with them to jointly provide comprehensive audits that focus on the financial and the I.T. components. This has included routine financial audits, but has also included specialized I.T. audits such as SAS70s (deprecated) and SSAE16/SOC-type compliancy reports.

CONTACT US today to discuss how Vestige can assist your Internal Auditing Department with I.T. Auditing .

CONTACT US  

Related Articles

• All Related Articles

How to Remediate your gaps in preparation for CMMC

IP Theft Analysis From a Defense Standpoint

Mobile Device Forensics Compared to Traditional Forensics

The Dangers of Using Template Policies in your Cybersecurity Compliance

Related white papers.

• View All White Papers

So You Need to Comply with NIST 800-171 & CMMC

Related case studies.

• View All Case Studies

HQ: Cleveland, OH

• 330.721.1205
• 800.314.4357
• 330.721.1206

Columbus, OH

• 614.846.8660
• 303-872-9231

Pittsburgh, PA

• 412.315.7277

New York, NY

• 332.204.1001

This site uses cookies, for more information, review our privacy policy .

The global body for professional accountants

• Search jobs
• Find an accountant
• Technical activities
• Help & support

Can't find your location/region listed? Please visit our global website instead

• Middle East
• Cayman Islands
• Trinidad & Tobago
• Virgin Islands (British)
• United Kingdom
• Czech Republic
• United Arab Emirates
• Saudi Arabia
• State of Palestine
• Syrian Arab Republic
• South Africa
• Africa (other)
• Hong Kong SAR of China
• New Zealand
• Apply to become an ACCA student
• Why choose to study ACCA?
• ACCA accountancy qualifications
• Getting started with ACCA
• ACCA Learning
• Register your interest in ACCA
• Learn why you should hire ACCA members
• Why train your staff with ACCA?
• Recruit finance staff
• Train and develop finance talent
• Approved Employer programme
• Employer support
• Resources to help your organisation stay one step ahead
• Support for Approved Learning Partners
• Becoming an ACCA Approved Learning Partner
• Tutor support
• Computer-Based Exam (CBE) centres
• Content providers
• Registered Learning Partner
• Exemption accreditation
• University partnerships
• Find tuition
• Virtual classroom support for learning partners
• Find CPD resources
• Your membership
• Member networks
• AB magazine
• Sectors and industries
• Regulation and standards
• Advocacy and mentoring
• Council, elections and AGM
• Tuition and study options
• Study support resources
• Practical experience
• Our ethics modules
• Student Accountant
• Regulation and standards for students
• Your 2024 subscription
• Completing your EPSM
• Completing your PER
• Apply for membership
• Skills webinars
• Finding a great supervisor
• Choosing the right objectives for you
• Regularly recording your PER
• The next phase of your journey
• Your future once qualified
• Mentoring and networks
• Advance e-magazine
• An introduction to professional insights
• Meet the team
• Global economics
• Professional accountants - the future
• Supporting the global profession
• Download the insights app

Can't find your location listed? Please visit our global website instead

• Audit and assurance case study questions
• Study resources
• Advanced Audit and Assurance (AAA)
• Technical articles and topic explainers
• Back to Advanced Audit and Assurance (AAA)
• How to approach Advanced Audit and Assurance

The first article in this series of two on Paper P7 case study questions discussed question style, what to look for in the requirements, how higher-level skills are tested, and the meaning of professional marks within a question requirement. This second article goes through part of a typical Section A case study question, applying the recommended approach described in the previous article. This approach comprises four stages.

Stage 1 – understanding the requirement

The first thing to do is to read and fully understand the question requirement. Here is the requirement we will be looking at in this article:

‘Prepare a report, to be used by a partner in your firm, in which you identify and evaluate the professional, ethical, and other issues raised in deciding whether to accept the appointment as provider of an assurance opinion as requested by Petsupply Co.’ (12 marks)

Note: this requirement includes two professional marks.

Having read the requirement, break it down. You are asked to do two things:

• identify, ie state from the information provided
• evaluate, ie discuss from a critical point of view.

The requirement asks you to consider ‘professional, ethical, and other issues’. This could cover a wide range of considerations, such as:

• ethics: independence, competence, conflicts of interest, confidentiality, assessing integrity
• professional issues: the risk profile of the work requested, the fee – and whether it is sufficient to compensate for high risk, availability of staff, managing client expectations, logistical matters such as timing, legal and regulatory matters – such as money laundering, and (in some cases) obtaining professional clearance
• other issues: whether the work ‘fits’ with the commercial strategy of the audit firm, the potential knock-on effect of taking on the work – such as the impact on other clients, or on other work performed for this client.

You are asked to produce a report, so remember that the professional marks available will be awarded for using the correct format, the use of professional business language, and for presenting your comments as a logical flow culminating in a conclusion.

From reading the requirement, you know that the question scenario will be based on a potential assurance assignment and will be broadly based around acceptance issues.

Stage 2 – reading the scenario

When reading through the detail of the scenario, you should now be alert to information relevant to this requirement. Highlight important points that you think are relevant to the scenario and remember to focus on issues that could affect your acceptance of a potential assurance assignment.

Now read the following extract from the scenario and highlight the salient points – remember to look out for any factors relevant to the ethical, professional, and other issues described above.

Extract: You are a senior manager in Dyke & Co, a small firm of Chartered Certified Accountants, which specialises in providing audits and financial statement reviews for small to medium-sized companies. You are responsible for evaluating potential assurance engagements, and for producing a brief report on each prospective piece of work to be used by the partners in your firm when deciding whether to accept or decline the engagement. Dyke & Co is keen to expand the assurance services offered, as a replacement for revenue lost from the many small‑company clients choosing not to have a statutory audit in recent years. It is currently May 2007.

Petsupply Co has been an audit client of Dyke & Co for the past three years. The company owns and operates a chain of retail outlets selling pet supplies. The finance director of Petsupply Co recently communicated with your firm to enquire about the provision of an assurance report on data provided in the Environmental Report published on the company’s website. The following is an extract from the e-mail sent to your firm from the finance director of Petsupply Co:

‘At the last board meeting, my fellow directors discussed the content of the Environmental Report. They are keen to ensure that the data contained in the report is credible, and they have asked whether your firm would be willing to provide some kind of opinion verifying the disclosures made. Petsupply Co is strongly committed to disclosing environmental data, and information gathered from our website indicates that our customers are very interested in environmental matters. It is therefore important to us that Petsupply Co reports positive information which should help to retain existing customers, and to attract new customers. I am keen to hear your views on this matter at your earliest convenience. We would like verification of the data as soon as possible.’

You have looked at Petsupply Co’s Environmental Report on the company website, and found a great deal of numerical data provided, some of which is shown below in Table 1.

Table 1: Petsupply Co's environmental report – numerical data

Stage 3 – take time to think about the requirement and the scenario.

As discussed in the previous article, you must take time and not rush to answer. When evaluating this particular scenario try to think widely about the information provided. Your answer should cover a broad range of issues rather than concentrating on one or two. Your comments must be tailored to the scenario. It is pointless, for example, to write about a general acceptance issue which is not specifically related to Petsupply Co.

It is important to appreciate that few marks will be available for stating the issue. The higher-level skill marks in this question will be awarded for a discussion of why the issue is relevant to the decision about whether or not to provide the assurance service to Petsupply Co. The requirement is to evaluate the scenario and therefore it is crucial to demonstrate an appreciation that there may be two conflicting sides to the discussion.

Table 2 shows an example of a thought process which identifies the issues and explains why each issue is relevant to the requirement; the issues are shown in the order in which they appear in the question.

Table 2: Example of a thought process which identifies issues and shows relevance to the requirement

Table 2 is not an answer, it is a thought process. This is what you should be thinking about after reading through the scenario. The previous article stressed the importance of thinking through the scenario. It may help to jot these ideas down in an answer plan before making a start on your written answer, as this will help you to prioritise the points and give the report a logical flow.

Stage 4 – writing the report

The requirement states that two professional marks are available. As discussed in the previous article, these marks are not for the technical content of the answer, but for the way the relevant points are communicated. The report will be evaluated on the following:

• Use of a report format – a brief introduction, clear separate sections each discussing a different point, and a final conclusion.
• Style of writing – the report is addressed to the partner and so language should be appropriate. You do not need to explain things that would be obvious to a partner, and you must be tactful.
• Clarity of explanation – make sure that each point is explained simply and precisely, and avoid ambiguity.
• Evaluation skills – demonstrate that each point may have a positive and a negative side.

Remember, when answering any question requirement it is quality not quantity that counts. You should make each point succinctly and remain focused on the specific requirement. Questions can be time pressured, but it is important to remember that you should be able to read the requirement, think about it, and write an answer in the time available. This means that there is only a limited amount of time available for actually writing the answer, so keep it short and to the point. Irrelevant waffle earns no marks and will detract from the professional skills evaluation. What follows is an outline report format for this requirement:

Introduction

• Report is internal, addressed to a partner, covering proposed assurance service for existing audit client

Section 1 – ethical matters

• Provision of non-audit service
• Impact on total fee from client
• Competence to perform work – specialised engagement

Section 2 – risk-related matters

• High inherent risk – figures prone to manipulation
• Data highly subjective
• Need to rely on systems put in place by client

Section 3 – commercial matters

• Fee will have to be high enough to compensate for high risk
• Fee may need to compensate for specialists if used
• Strategic fit – assignment in line with commercial goals of Dyke & Co
• Build up experience in non-audit service
• Ascertain whether assignment will be recurring

Section 4 – other matters

• Managing client expectation regarding type of opinion sought
• Managing client expectation regarding timeframe
• Summary of key issues and decision on acceptance

Note: not all of the above points are necessary to secure a pass mark; the marking scheme is also flexible enough to cater for comments that may not appear in the ‘model answer’.

This article shows how to approach one requirement from a typical Section A question in Paper P7. It is important to practise technique by attempting as many questions as possible, starting with the Pilot Paper for Paper P7.

Written by a member of the Paper P7 examining team

Related Links

• Student Accountant hub page

Advertisement

• ACCA Careers
• ACCA Career Navigator
• ACCA Learning Community
• Your Future

Useful links

• Make a payment
• ACCA-X online courses
• ACCA Rulebook
• Work for us

Most popular

• Professional insights
• ACCA Qualification
• Member events and CPD
• Supporting Ukraine
• Past exam papers

Connect with us

Planned system updates.

• Accessibility
• Legal policies
• Data protection & cookies
• Advertising

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

INTERNAL AUDITING CASE STUDY

Related Papers

Farah Adiba

individual assignment

Contemporary Accounting Research

Joseph Carcello , Terry Neal

... We thank Scott Bron-son, Jon Hansen, Katherine Hansen, Beverly Hudler, Shelly Kane, Stacy Mastrolia, Fred Muchunu, Hazel Ryon, and Beth Swang for their assistance in transcribing, tabulating, and cod-ing the interview data. ...

1 Pursuant to paragraph 7.4.3 of the Procedures for the Audit Scheme (resolution A.1067(28)), this document contains in the annex a consolidated audit summary report (CASR) on the final eight audits conducted under VIMSAS and the transitional arrangements. 2 The CASR, which is intended to facilitate the attainment of two of the objectives of the Scheme as contained in paragraphs 5.2.3 and 5.2.4 of the Scheme's Framework, has been developed to reflect the findings identified during audits, which in themselves provide valuable lessons for Member States and would enable the Organization to further consider the effectiveness and appropriateness of its legislation. 3 The Framework and Procedures for the Scheme do not stipulate the format and method for the distribution of a CASR. As is now the established practice, the report is issued once a year as a Council document during the first year of a biennium and as an Assembly document during the second year. The report now contains findings and the related corrective action undertaken or proposed by the audited State, the root cause for each finding, areas of positive development, areas for further development, as well as any best practice identified during the audit.

Maandblad Voor Accountancy en Bedrijfseconomie

philip wallage

Robert Denham

internal audit in india

Vivek Mishra

Internal Audit Foundation

Dr. Rainer Lenz

6/24/2020 ​New Internal Audit Foundation Report Challenges Internal Auditor Functions to Be Value Drivers This new Internal Audit Foundation report, based on the findings of a global survey and in-depth interviews with world-class internal audit functions, addresses the question, “What is the added value of internal auditing?” It suggests concrete pointers on how to define and measure added value, and how to communicate that value to stakeholders. The findings in this report, one of the Internal Audit Foundation’s first crowdfunded research efforts (learn more), are based on a global survey and in-depth interviews with key individuals and chief audit executives of diverse organizations considered to have best-practice internal audit functions. The results suggest a maturity model that distinguishes “governance, risk, and control (GRC) partner,” “trusted advisor,” and “value driver” as growing roles of the internal audit function. This approach can help internal audit functions clarify what the added value of internal audit should look like, how chief audit executives (CAEs) and key stakeholders can measure the success of the function, and how internal auditors and CAEs can communicate that added value to stakeholders. The idea of internal auditing being a value driver means it adapts to circumstances at the speed of risk, takes a seat at the table, and offers unique insights and foresight that can contribute to discussions about corporate culture, strategy, operations, and decision making. The report’s authors, Marc Eulerich, CIA, and Rainer Lenz, CIA, QIAL, conclude that internal auditors should become value drivers if they are not already aspiring to do so. https://na.theiia.org/news/Pages/New-Internal-Audit-Foundation-Report-Challenges-Internal-Auditor-Functions-to-Be-Value-Drivers.aspx

Rajendra P Srivastava

RELATED PAPERS

Journal of Solution Chemistry

Maria Atanassova

Adam Dobrzanski

Luso-Brazilian Review

Carolina Castellanos Gonella

lorenza putignani

felix engel

Ali Madouri

Aurel Maxim

Genetics and Molecular Biology

Fausto Foresti , Cristiano Neves Do Nascimento

Neža Benedik

David felipe Sánchez

Visnyk of Taras Shevchenko National University of Kyiv. Geology

Kseniia Bondar

Sonia Vázquez

Anais Do Computer on the Beach

Eliane Lima

Proceedings of the 20th international conference companion on World wide web

Giovanni Grasso

International Journal of Infectious Diseases

Applied Physics Letters

Steven Ringel

Brazilian Journal of Development

Aleia Harumi Uchibaba Yamanaka

Reme Revista Mineira de Enfermagem

Vera Lucia Freitag

Ecotoxicology and Environmental Safety

Enrica Allevato

Revista Espanola De Paleontologia

francisco soto

International Journal of Mass Spectrometry

mohammad hassan khodabandeh

Bruno Muratori

The Astrophysical Journal

Phil Marshall

MATEC Web of Conferences

Hindayati Mustafidah

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

What caused Dubai floods? Experts cite climate change, not cloud seeding

• Medium Text

DID CLOUD SEEDING CAUSE THE STORM?

CAN'T CREATE CLOUDS FROM NOTHING

Coming soon: Get the latest news and expert analysis about the state of the global economy with Reuters Econ World. Sign up here.

Reporting by Alexander Cornwell; editing by Maha El Dahan and Alexandra Hudson

Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab

The European Parliament approved rules on Tuesday to give consumers the right to have worn-out products like washing machines and smartphones repaired by producers, to cut waste and make goods last longer.

Chinese mining giant Zijin Mining said on Tuesday it would cooperate with authorities in Democratic Republic of Congo after radiation was detected in a shipment of cobalt from its mine in the country, and had recalled it.

World Chevron

Migrants drown in English Channel hours after UK passes Rwanda policy

Five migrants, including a child, died in an attempt to cross the English Channel from France to Britain in an overcrowded small boat on Tuesday, hours after Britain passed a bill to deport asylum seekers to Rwanda in a move to deter the dangerous journeys.

Sudan's army used anti-aircraft missiles on Tuesday to shoot down drones targeting its headquarters in the city of Shendi, witnesses and army sources said, the latest in a series of such drone attacks.

Lebanon's Iran-backed Hezbollah group said on Tuesday it had launched a drone attack against Israeli military bases north of the city of Acre, in its deepest strike into Israeli territory since the Gaza war began.

Spain is to set up a fund, to be financed largely by the Catholic Church, to compensate an estimated 440,000 victims of decades of sexual abuse by Catholic clergy, staff or teachers, the justice minister announced on Tuesday.

• Publications

Reducing Embodied Carbon in Cities: Nine Solutions for Greener Buildings and Communities

As cities grow in population and importance, urban construction will continue to gather pace. It is estimated that global floor area is expected to double by 2060, the equivalent of adding New York City every month for the next 40 years. This white paper highlights case studies and nine innovative solutions that provide models for cities seeking to meet sustainable development goals.

Addressing the amount of carbon released due to new construction and infrastructure development, as well as the decommissioning of obsolete buildings, is critical to decarbonizing the built environment. Collectively referred to as “embodied carbon emissions”, this is the next frontier in mitigating climate change.

The paper identifies common challenges cities face in the effort to reduce embodied carbon emissions and outlines best practices that have been developed and tested by pioneer cities, and which are are adaptable, scalable and designed to accelerate innovation across the construction industry.

World Economic Forum reports may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License , and in accordance with our Terms of Use .