Audit Board

FEBRUARY 28, 2023

Respondents from CyberRisk Alliance Business Intelligence’s November 2022 Third-Party Risk Survey believe third parties are increasingly the cause of IT security incidents, while some think they have been the primary source of attacks in the past two years.

Compliance 52

Compliance Technology 52

Audit Board

FEBRUARY 8, 2023

Managing third-party and supply chain threats remains a daunting task, according to new research from CyberRisk Alliance Business Intelligence, which gauged companies’ understanding, interest, and investments in managing third-party risk.

Compliance 52

Compliance Technology 52

Audit Board

NOVEMBER 1, 2023

72% of risk executives say that implementing digital transformation initiatives is critical to growth. Many audit, risk, and compliance folks don’t have software-buying experience. Step 1: Identify specific pain points you’re solving for when trying to decide on a preferred vendor. How long would it take? Let’s get started!

Technology 52

Technology Start-ups Compliance 52

Audit Board

SEPTEMBER 9, 2022

Vendor vulnerabilities continue to plague many industries and teams are struggling to manage the associated risk volatility. A strong third-party risk management (TPRM) program can help alleviate the impact of related risks. Trends and Approaches for Handling Third-Party Risk Management.

Start-ups 52

Start-ups Compliance Banking 52

Audit Board

JUNE 30, 2023

83% of executives only identified third-party risks after initial onboarding had already occurred. While the third-party risk universe has expanded dramatically, risk management hasn’t kept up. Today’s volatile risk landscape requires us to look beyond third-party vendors to include their vendors and beyond.

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

83% of executives only identified third-party risks after initial onboarding had already occurred. While the third-party risk universe has expanded dramatically, risk management hasn’t kept up. Today’s volatile risk landscape requires us to look beyond third-party vendors to include their vendors and beyond.

Compliance 52

Compliance 52

Audit Board

OCTOBER 3, 2023

A common misconception about risk quantification is that it requires starting from scratch. In reality, businesses that are already documenting their IT risks and controls can build on the data they already have to begin quantifying their risks. Identify the threats applicable to your assets that could trigger risk events.

Technology 52

Technology Compliance 52

Audit Board

MARCH 15, 2022

Supply chain disruption is one of the most visible risks impacting many organizations. Gartner’s 2022 Audit Plan Hot Spots report calls out the supply chain as a top 10 risk that should be on every auditor’s radar. Five Supply Chain Risks to Include in Your Assessment. Reputational Risk. Cybersecurity Risk.

Compliance 98

Compliance Start-ups 98

ThomsonReuters

DECEMBER 20, 2020

Sales tax : Resellers issue a tax exemption certificate to the vendor and do not pay tax on purchases of items to be resold. VAT : Resellers pay tax to the vendor and reclaim the VAT for the tax amount paid on business inputs. Audit risks for sales tax and VAT. Are you unsure about your company’s sales tax obligations?

119

119

ThomsonReuters

FEBRUARY 9, 2023

Mobile applications or “apps” that regulated entities commonly offer to individuals to help manage their health information collect a variety of information provided by the user that is considered PHI and, therefore, is subject to the HIPAA rules. Tracking Within Mobile Applications. Contributing Editors: EBIA Staff.

Technology 59

Technology Compliance 59

Reynolds Holding

OCTOBER 6, 2022

The settlement also underscores that Reg S-P enforcement remains a priority for the Commission, which as discussed in our Data Blog post , brought a series of Reg S-P actions just last year. Failure to Adopt Reasonably Designed Policies and Procedures for Vendors. The Firm’s Data Decommissioning Failures. Violations.

Compliance 45

Compliance 45

Audit Board

JANUARY 12, 2023

Cybersecurity risk assessments are a means for organizations to assess risks to their information assets and are a core requirement of most cybersecurity frameworks. It includes: A process flow for building and manage a cybersecurity risk management program. .

Compliance 97

Compliance Start-ups Asset-based Approach Specific Risk 97

Audit Board

JULY 26, 2022

Imagine that an exciting, thriving industry — one filled with multi-billion-dollar companies, far-reaching growth potential, and fascinating risks — offered you a wide-open door to build better processes and lay your wisdom at its feet. Focus on Regulation, Less on Broader Risk Management— and an Imminent Need to Address Risk.

Technology 52

Technology Banking Compliance 52

ThomsonReuters

SEPTEMBER 22, 2023

in the hiring process may “run the risk of violating existing civil rights laws” unless certain precautionary measures are taken. Consider having an outside vendor help audit the tool before and after implementation, to monitor for and correct for any potential disparate impact on protected groups. By using A.I.

Compliance 52

Compliance Technology 52

ThomsonReuters

JUNE 16, 2023

What are the risks of using outdated accounting software? However, it is critical that firms remain open to change as there are several risks associated with using outdated accounting software. This is a risk firms cannot afford to take. Change is not easy. Let’s take a closer look.

Technology 98

Technology Start-ups Accounting Firms Compliance 98

Audit Board

APRIL 7, 2022

As the importance of risk management continues to grow in a volatile risk environment, organizations are seeking to examine risk metrics from their key risk indicators (KRIs) to gain insights into top risks and forecast future risks. What are the risks we want to mitigate?

Start-ups 98

Start-ups Compliance Banking Technology 98

Audit Board

DECEMBER 18, 2022

This article originally appeared on the ISACA Blog. Life before the cloud limited access to certain devices and networks, incorporated defensive layers to protect internal applications and data, and relied on a known and manageable security perimeter to prevent unauthorized access. Security and Threats in the Cloud Environment .

Compliance 52

Compliance 52

Audit Board

DECEMBER 14, 2022

For example, a business that plans to expand into the European market will benefit from complying with ISO 27001 , the leading international standard for information security management systems, in addition to the EU’s GDPR standard. . Perform due diligence with third-party vendors. Federal, state, and industry-specific regulations.

Compliance 52

Compliance Technology Marketability 52

Internal Audit 360

JANUARY 16, 2024

Encourage the use of password managers and implement multi-factor authentication (MFA) to add an extra layer of security. Access Management: Granular access controls based on the principle of least privilege ensure only authorized individuals have access to the data and systems they need to perform their jobs.

59

59

ThomsonReuters

AUGUST 26, 2022

Using a risk-based approach grounded in comprehensive data, companies can better manage supply chains in an unpredictable world. Companies are also increasingly attuned to issues which are affecting how they approach their suppliers and vendors. Strategy #1 – Transparency through data.

Start-ups 97

Start-ups Data Analysis Compliance 97

Internal Audit 360

SEPTEMBER 2, 2021

GUEST BLOG POST. As part of that effort, the IIA recently published a second edition of its guide, Auditing Identity and Access Management. As part of that effort, the IIA recently published a second edition of its guide, Auditing Identity and Access Management. The IIA mandates a risk-based approach and that requires judgment.

Technology 52

Technology 52

Audit Board

MAY 30, 2023

Only 12% of organizations rate their third-party risk management (TPRM) program as highly mature. They’re also interested in using TPRM data to benefit the organization and improve how it manages third-party risk. While organizations have drastically increased their use of third parties, TPRM maturity hasn’t kept pace.

Compliance 52

Compliance 52

Sun Acquisitions

APRIL 18, 2022

In one of our previous posts, we looked at how to sell a business , but in this blog, you’re going to learn how to sell a business privately. To many, this may seem like you’re blindsiding employees, vendors, landlords, and others you’re in business with. Rule #1 Get The Business Ready For Sale At Least 1 Year In Advance.

Appraisal 98

Appraisal 98

Audit Board

AUGUST 1, 2023

The SEC recently adopted their proposed rules, including those regarding Cybersecurity Risk Management on July 26, 2023. The stakes and expectations of an organization’s IT Risk Management capabilities have never been higher – and as we all know, the dollar impacts are real.

Technology 52

Technology Start-ups Compliance Marketability 52

Audit Board

JULY 26, 2023

We live in the era of technological transformation, where business-owned digital assets brim with an abundance of sensitive employee, customer, and vendor data, while a formidable burden rests upon the shoulders of the information security teams tasked with safeguarding these assets through robust and resilient IT risk management programs.

Start-ups 52

Start-ups Technology 52

Audit Board

JUNE 2, 2022

Whether an organization works with 10, 1,000, or 10,000 third parties, any third-party risk management (TPRM) program faces the same challenges: organization, visibility, and limited resources. How an organization approaches these challenges from the beginning can set a third-party risk program up for success or failure.

Technology 52

Technology Compliance 52

Audit Board

JUNE 13, 2022

Integrated risk management (IRM) is a strategic and collaborative way for organizations to manage risk across their entire group. This strategy accepts risk as a part of doing business, and pulls it into a company’s culture so that the organization manages risk as a part of both daily operations and long-term strategy.

Compliance 52

Compliance Technology Start-ups Marketability 52

Audit Board

AUGUST 23, 2023

Every company should feel urgency about maturing cybersecurity risk management. The risk is widespread and likely underreported. That’s the core message behind the heightened regulatory focus on cybersecurity — and with the U.S. The SEC cybersecurity rules will have a significant impact on your organization and role.

Compliance 52

Compliance Technology Start-ups 52

Audit Board

DECEMBER 7, 2022

On your connected risk journey, careful planning and guidance from audit, risk management, and compliance professionals are essential for business success when facing risk challenges such as digital transformation, climate change, supply chain disruption, and economic uncertainty. This is the decade of uncertainty.

Start-ups 52

Start-ups Compliance Specific Risk Technology 52

ThomsonReuters

APRIL 6, 2023

If out of balance, immediate attention is needed to regain financial wellbeing. As an accountant, your clients depend on you to help manage their finances. Accounts payable (AP) , is the list of all amounts a company owes to its vendors. Below is an example of the journal entry for cash paid to the vendor.

B2B 52

B2B Technology Finance 52

Audit Board

JUNE 1, 2022

FutureRisk spotlights emerging risk areas and unique approaches to risk treatment with risk leaders from the world’s most prominent organizations. Where are organizations placing their bets around future risk. Where to look for big risks that may be looming on the horizon?

Compliance 52

Compliance Technology 52

Audit Board

MARCH 31, 2023

Seizing opportunities — increased scrutiny on vendors and data providers provides an opportunity for internal audit to step up to help streamline assurance functions. Amanda Pope of InComm Payments discusses how she's building relationships and providing visibility into risk across the business.

Start-ups 52

Start-ups 52

ThomsonReuters

JUNE 28, 2022

Very little in the way of reliable, objective research on indirect tax solutions exists, after all, and all too many vendors have been known to over-promise and under-deliver. The study’s key findings show that three years after deploying ONESOURCE Indirect Tax, the aggregate company realized total risk-adjusted PV benefits of more than $3.8

Compliance 90

Compliance Technology Start-ups Marketability 90

Audit Board

JUNE 22, 2023

Security and privacy are typically regarded as key risks from an internal audit perspective. Because it largely consists of personal identifying information for employees, customers, and/or vendors, big data is one of the most strategic organizational assets as it allows the business to evolve, innovate, and grow.

Technology 52

Technology Compliance 52

ThomsonReuters

JULY 8, 2021

Today, finance is the corporate function most commonly managed this way — but longstanding obstacles have prevented the model from being extended to statutory reporting and tax compliance. The next steps included researching available software solutions and drafting a request-for-proposals (RFP) document for vendors. “We

Technology 98

Technology Finance Compliance Corporate Finance 98

Audit Board

SEPTEMBER 21, 2022

While a recession brings challenges for auditors and the organizations they serve, an economic downturn may also be an opportunity to leverage our risk and control skill set and become a change agent. Lesson 2: Update the Audit Plan for Recession Risks. Pressure from a recession impacts all layers of an organization.

Start-ups 52

Start-ups Marketability 52

ThomsonReuters

MAY 12, 2022

What triggers a sales tax audit and how do you reduce the risk of an audit? This sales tax audit guide can help indirect tax teams avoid common audit triggers and manage the sales tax audit as smoothly as possible. Download our free whitepaper on managing sales and use tax audits. Treat the auditor with respect.

Compliance 105

Compliance Technology 105