initial migration to test org-mode

1 files changed, 0 insertions, 263 deletions

diff --git a/content/blog/2020-09-22-internal-audit.md b/content/blog/2020-09-22-internal-audit.md
deleted file mode 100644
index e761241..0000000
--- a/content/blog/2020-09-22-internal-audit.md
+++ /dev/null
@@ -1,263 +0,0 @@
-+++
-date = 2020-09-22
-title = "What is Internal Audit?"
-description = "Learn about the Internal Audit function and their purpose."
-+++
-
-![Internal Audit
-Overview](https://img.cleberg.net/blog/20200922-what-is-internal-audit/internal-audit-overview.jpg)
-
-# Definitions
-
-One of the many reasons that Internal Audit needs such thorough
-explaining to non-auditors is that Internal Audit can serve many
-purposes, depending on the organization's size and needs. However, the
-Institute of Internal Auditors (IIA) defines Internal Auditing as:
-
-> Internal auditing is an independent, objective assurance and
-> consulting activity designed to add value and improve an
-> organization's operations. It helps an organization accomplish its
-> objectives by bringing a systematic, disciplined approach to evaluate
-> and improve the effectiveness of risk management, control, and
-> governance processes.
-
-However, this definition uses quite a few terms that aren't clear
-unless the reader already has a solid understanding of the auditing
-profession. To further explain, the following is a list of definitions
-that can help supplement understanding of internal auditing.
-
-## Independent
-
-Independence is the freedom from conditions that threaten the ability of
-the internal audit activity to carry out internal audit responsibilities
-in an unbiased manner. To achieve the degree of independence necessary
-to effectively carry out the responsibilities of the internal audit
-activity, the chief audit executive has direct and unrestricted access
-to senior management and the board. This can be achieved through a
-dual-reporting relationship. Threats to independence must be managed at
-the individual auditor, engagement, functional, and organizational
-levels.
-
-## Objective
-
-Objectivity is an unbiased mental attitude that allows internal auditors
-to perform engagements in such a manner that they believe in their work
-product and that no quality compromises are made. Objectivity requires
-that internal auditors do not subordinate their judgment on audit
-matters to others. Threats to objectivity must be managed at the
-individual auditor, engagement, functional, and organizational levels.
-
-## Assurance
-
-Assurance services involve the internal auditor's objective assessment
-of evidence to provide opinions or conclusions regarding an entity,
-operation, function, process, system, or other subject matters. The
-internal auditor determines the nature and scope of an assurance
-engagement. Generally, three parties are participants in assurance
-services: (1) the person or group directly involved with the entity,
-operation, function, process, system, or other subject - (the process
-owner), (2) the person or group making the assessment - (the internal
-auditor), and (3) the person or group using the assessment - (the user).
-
-## Consulting
-
-Consulting services are advisory in nature and are generally performed
-at the specific request of an engagement client. The nature and scope of
-the consulting engagement are subject to agreement with the engagement
-client. Consulting services generally involve two parties: (1) the
-person or group offering the advice (the internal auditor), and (2) the
-person or group seeking and receiving the advice (the engagement
-client). When performing consulting services, the internal auditor
-should maintain objectivity and not assume management responsibility.
-
-## Governance, Risk Management, & Compliance (GRC)
-
-The integrated collection of capabilities that enable an organization to
-reliably achieve objectives, address uncertainty and act with integrity.
-
-# Audit Charter & Standards
-
-First, it's important to note that not every organization needs
-internal auditors. In fact, it's unwise for an organization to hire
-internal auditors unless they have regulatory requirements for auditing
-and have the capital to support the department. Internal audit is a cost
-center that can only affect revenue indirectly.
-
-Once an organization determines the need for internal assurance
-services, they will hire a Chief Audit Executive and create the audit
-charter. This charter is a document, approved by the company's
-governing body, that will define internal audit's purpose, authority,
-responsibility, and position within the organization. Fortunately, the
-IIA has model charters available to IIA members for those developing or
-improving their charter.
-
-Beyond the charter and organizational documents, internal auditors
-follow a few different standards in order to perform their job. First is
-the International Professional Practices Framework (IPPF) by the IIA,
-which is the model of standards for internal auditing. In addition,
-ISACA's Information Technology Assurance Framework (ITAF) helps guide
-auditors in reference to information technology (IT) compliance and
-assurance. Finally, additional standards such as FASB, GAAP, and
-industry-specific standards are used when performing internal audit
-work.
-
-# Three Lines of Defense
-
-[The IIA](https://theiia.org) released the original Three Lines of
-Defense model in 2013, but have released an updated version in 2020.
-Here is what the Three Lines of Defense model has historically looked
-like:
-
-![2013 Three Lines of Defense
-Model](https://img.cleberg.net/blog/20200922-what-is-internal-audit/three_lines_model.png)
-
-I won't go into depth about the changes made to the model in this
-article. Instead, let's take a look at the most current model.
-
-![2020 Three Lines of Defense
-Model](https://img.cleberg.net/blog/20200922-what-is-internal-audit/updated_three_lines_model.png)
-
-The updated model forgets the strict idea of areas performing their own
-functions or line of defense. Instead of talking about management, risk,
-and internal audit as 1-2-3, the new model creates a more fluid and
-cooperative model.
-
-Looking at this model from an auditing perspective shows us that
-auditors will need to align, communicate, and collaborate with
-management, including business area managers and chief officers, as well
-as reporting to the governing body. The governing body will instruct
-internal audit *functionally* on their goals and track their progress
-periodically.
-
-However, the internal audit department will report *administratively* to
-a chief officer in the company for the purposes of collaboration,
-direction, and assistance with the business. Note that in most
-situations, the governing body is the audit committee on the company's
-board of directors.
-
-The result of this structure is that internal audit is an independent
-and objective function that can provide assurance over the topics they
-audit.
-
-# Audit Process
-
-A normal audit will generally follow the same process, regardless of the
-topic. However, certain special projects or abnormal business areas may
-call for changes to the audit process. The audit process is not set in
-stone, it's simply a set of best practices so that audits can be
-performed consistently.
-
-![The Internal Audit
-Process](https://img.cleberg.net/blog/20200922-what-is-internal-audit/internal-audit-process.jpg)
-
-While different organizations may tweak the process, it will generally
-follow this flow:
-
-## 1. Risk Assessment
-
-The risk assessment part of the process has historically been performed
-annually, but many organizations have moved to performing this process
-much more frequently. In fact, some organizations are moving to an agile
-approach that can take new risks into the risk assessment and
-re-prioritize risk areas on-the-go. To perform a risk assessment,
-leaders in internal audit will research industry risks, consult with
-business leaders around the company, and perform analyses on company
-data.
-
-Once a risk assessment has been documented, the audit department has a
-prioritized list of risks that can be audited. This is usually in the
-form of auditable entities, such as business areas or departments.
-
-## 2. Planning
-
-During the planning phase of an audit, auditors will meet with the
-business area to discuss the various processes, controls, and risks
-applicable to the business. This helps the auditors determine the scope
-limits for the audit, as well as timing and subject-matter experts.
-Certain documents will be created in this phase that will be used to
-keep the audit on-track an in-scope as it goes forward.
-
-## 3. Testing
-
-The testing phase, also known as fieldwork or execution, is where
-internal auditors will take the information they've discovered and test
-it against regulations, industry standards, company rules, best
-practices, as well as validating that any processes are complete and
-accurate. For example, an audit of HR would most likely examine
-processes such as employee on-boarding, employee termination, security
-of personally identifiable information (PII), or the IT systems involved
-in these processes. Company standards would be examined and compared
-against how the processes are actually being performed day-to-day, as
-well as compared against regulations such as the Equal Employment
-Opportunity (EEO), American with Disabilities Act, and National Labor
-Relations Act.
-
-## 4. Reporting
-
-Once all the tests have been completed, the audit will enter the
-reporting phase. This is when the audit team will conclude on the
-evidence they've collected, interviews they've held, and any opinions
-they've formed on the controls in place. A summary of the audit
-findings, conclusions, and specific recommendations are officially
-communicated to the client through a draft report. Clients have the
-opportunity to respond to the report and submit an action plan and time
-frame. These responses become part of the final report which is
-distributed to the appropriate level of administration.
-
-## 5. Follow-Up
-
-After audits have been completed and management has formed action plans
-and time frames for audit issues, internal audit will follow up once
-that due date has arrived. In most cases, the follow-up will simply
-consist of a meeting to discuss how the action plan has been completed
-and to request documentation to prove it.
-
-# Audit Department Structure
-
-While an internal audit department is most often thought of as a team of
-full-time employees, there are actually many different ways in which a
-department can be structured. As the world becomes more digital and
-fast-paced, outsourcing has become a more attractive option for some
-organizations. Internal audit can be fully outsourced or partially
-outsourced, allowing for flexibility in cases where turnover is high.
-
-In addition, departments can implement a rotational model. This allows
-for interested employees around the organization to rotate into the
-internal audit department for a period of time, allowing them to obtain
-knowledge of risks and controls and allowing the internal audit team to
-obtain more business area knowledge. This program is popular in very
-large organizations, but organizations tend to rotate lower-level audit
-staff instead of managers. This helps prevent any significant knowledge
-loss as auditors rotate out to business areas.
-
-# Consulting
-
-Consulting is not an easy task at any organization, especially for a
-department that can have negative perceptions within the organization as
-the "compliance police." However, once an internal audit department
-has delivered value to organization, adding consulting to their suite of
-services is a smart move. In most cases, Internal Audit can insert
-themselves into a consulting role without affecting the process of
-project management at the company. This means that internal audit can
-add objective assurance and opinions to business areas as they develop
-new processes, instead of coming in periodically to audit an area and
-file issues that could have been fixed at the beginning.
-
-# Data Science & Data Analytics
-
-![Data Science Skill
-Set](https://img.cleberg.net/blog/20200922-what-is-internal-audit/data-science-skillset.png)
-
-One major piece of the internal audit function in the modern world is
-data science. While the process is data science, most auditors will
-refer to anything in this realm as data analytics. Hot topics such as
-robotic process automation (RPA), machine learning (ML), and data mining
-have taken over the auditing world in recent years. These technologies
-have been immensely helpful with increasing the effectiveness and
-efficiency of auditors.
-
-For example, mundane and repetitive tasks can be automated in order for
-auditors to make more room in their schedules for labor-intensive work.
-Further, auditors will need to adapt technologies like machine learning
-in order to extract more value from the data they're using to form
-conclusions.