Archive

Posts Tagged ‘Book Review’

Book Review: “Managing the Audit Function” by Michael P. Cangemi and Tommie Singleton

Sant Magí , TGN 2009 per calafellvalo   (96)
Image by calafellvalo via Flickr

Many Internal Audit directors and managers new to their positions sometimes find it difficult to focus on the basics that keep their departments working smoothly.  Especially, when dealing with the challenges of a difficult economy and pressures from Audit Committees adjusting to new regulatory issues.   To make matters worse, audit managers often juggle multiple projects at various locations with limited staffs and little direction or mentoring from “audit subject matter experts” who when needed are difficult to find.   Obtaining timely assistance in these situations can be a challenge.

Subscribing to the hundreds of blogs, Twitter, Facebook, Linkedin and professional networking groups on the web helps, but after a time the inevitable “information overload” occurs and obtaining 120 opinions in 2 hours, each from unknown individuals of varying expertise, and based on assumptions ranging from accurate to insane, can actually hinder decision making.   This is why I recently recommended to a new IT Audit Director experiencing this challenge, that he purchase “Managing the Audit Function”  3rd. Edition, written by Michael P. Cangemi and Tommie Singleton.   This book’s 369 pages are an audit manager’s best friend, direct to the point and authoritative.  The authors, both highly respected and experienced in the audit field, focus on the key elements needed to successfully manage an internal audit department and includes a wide range of forms, policies, guidelines, as well as reporting best practices and organizational / administrative procedures.   In my opinion this is the type of book every internal audit library should have, benefiting both financial and IT audit managers.

Let me review the book in greater detail so you understand why I place so much value in it.

The book is divided into four parts with nine chapters, each thoroughly presented with real life examples focusing on the what, why and when.   The first part provides an excellent background on the  Fundamentals of the Internal Audit Function (for those who have not had the pleasure of reading Brink’s Modern Internal Auditing), covering auditing standards and the responsibilities of a corporate auditor.   The chapters on Internal Controls is precise and covers Risk Assessment and Control Strategies, both of great importance given the current regulatory environment.   This first part of the book also introduces the reader to the “Corporate Audit Department Procedures Manual” which is the tool used by the authors to bring into context each of the many forms and templates presented.   At minimum, this book teaches the new audit director or manager how to prepare a high quality Audit Department Procedures Manual!

The second part of the book focuses on the management and administrative aspects of running a corporate audit department.   Taking nothing for granted, the first chapter in this section starts with how an audit department should be organized, where it should be in the corporate structure, its charter, policies and personnel.    A good amount of focus is given to the responsibilities, duties and roles of internal audit managers and the CAE, as well as their relationships with external auditors and regulators.   An excellent section devoted to audit planning, scoping and implementing is also included (which is later expanded in part three), giving the new manager a quick snapshot of these subjects if they have not obtained it elsewhere.   For me, the best chapter in this part of the book is the chapter on Personnel, Administration, and Recruiting, dealing with performance evaluations and overall staff development.

The third part of the book focuses on Technical Procedures.  This part makes generous use of sample forms and templates, giving the reader a head start on the creation of these, when needed.   The three chapters composing this part of the book are in my opinion, the best coverage of Audit Planning, Audit Performance and Audit Reporting I’ve seen in a book anywhere.   A manager who understands these three chapters is qualified to lead any audit department without worry.   The coverage on Materiality, Workpapers and Reports to Management and Audit Committees is magnificent.   The authors cover the relevant GAAP, SEC and AICPA procedures, pronouncements and guidance related to these important issues with clarity and directness, making the material digestible and easy to follow (the book was written in 2003, so readers need to read up on all relevant updates to be current).

The last part of the book deals with the Long-Term Effectiveness of a corporate audit department, an area many new directors and managers do not focus on very well, because they tend to focus on the “here and now,” but impacts how others see them and measure their success.   Here, the authors cover Corporate Governance issues, Quality Assurance, Continuous Improvement systems and Marketing the Audit Function.   These discussions increase the awareness of the “marketing” process to new audit managers who need to sell themselves, as much as what they do, in order to succeed in the organization.

I will conclude this very positive review by saying that having this book is like having a well rounded and dependable subject matter expert in audit management at you disposal each and every time you need a quick answer.   If you are a new audit director or audit manager, the book will save you countless hours of research time and frustrations.

To purchase “Managing the Internal Audit Function” visit Today’s Audit Journal’s Bookstore

Related articles by Zemanta

Reblog this post [with Zemanta]
Advertisements

Book Review: “The New Data Imperative: Managing Real-Time Risk in Capital Markets” by Dr. Raj Nathan, Irfan Khan, & Sinan Baskan

Nude Sunbathing
Image by STML via Flickr

It seems that since the arrival of the Great Recession everyone has rushed a book out explaining why it happened and how to prevent it in the future.   The feeding frenzy includes folks from all sorts of backgrounds who barely know what Sarbanes-Oxley, a financial statement or a CobiT control is.  For many of these “experts,” the reasons for the recession are clearly not financial or regulatory or linked to Globalization, but deeply ingrained in our dysfunctional and narcissistic society and by nasty “capitalism,” which to many is as deadly a tormentor of society as the Black Plague was 700 years ago.   The damage caused by the recession is viewed as evidence that there is a need to educate the masses in new righteous ways to make money and  legislate new rules over corporate conduct.   The new Robin Hoods of course  are poised to make lots of money by selling new training programs, conducting seminars in Las Vegas and devising new green and “humane” ways to dismantle capitalism.

Although, writen by Sybase excecutives, The New Data Imperative by Dr. Raj Nathan, Irfan Khan and Sinan Baskan is not one of those new opportunistic books I am so disappointed to see in the book stores today.   This book is a breath of fresh air in that it does not overshoot its scope and intent.   Although, discussing the recession and using it as a backdrop, the book in its 115 pages manages to convey the what, how, when and why of the information infrastructure behind today’s globalized financial markets, and why changes to these are needed.  It does this in language that is understandable to non-technical business people (auditors, compliance, legal and financial management), who for the most part  are the ones who need to understand these things, so they can participate in future implementations and improvements to existing  systems.

In the next three to five years Risk Management will see an increase in the complexity of analysis,  the need for faster data acquisition, faster reporting and the integration of more diverse data sources from in-house and  from “the cloud.”   Not to mention a likely increase in Regulatory Compliance  mandates.  For these reasons, the way we approach the infrastructure that supports the  Risk Management function(s) needs to be  re-conceptualized.    “The New Data Imperative” provides a quick snapshot of how to achieve this.  The book looks at the state of current Risk Management “silos,”  their data feeds, analysis cycles, reporting structures and overall data infrastructure, explaining why these current systems fell short during the recent financial crisis and provides us with a well conceptualized picture of how to transition, often without major and costly changes, into the data environments needed for the new Risk Management processes now being proposed by regulators, the Big Four and some of the leading international financial standards organizations.

In addition to its clarity, in my opinion the book serves another important purpose.   That of attempting to educate “legacy” type IT managers who in many organizations today have “stale” skill sets and  are often ignorant of industry best practices  and trends.   As many an experienced IT auditor can confirm,  these managers are ill prepared for the future  and  can not visualize the infrastructure changes needed to implement and maintain the Enterprise Risk Management systems of the post Great Recession era.  Because these folks can not visualize the future, they tend to be serious obstacles to improving performance and strategically positioning IT investments for competitive advantage.    Although, high in authority because of seniority or organizational politics,  these folks have managed to carve out positions where they appear to provide value not by what they do, but by how they stop others from doing.   They are in a way the “Gate Keepers” against innovation and process improvements.    If by some miracle some of  these individuals were to read “The New Data Imperative,” I think great technological achievements would take place in their organizations.

If you are an IT Auditor or a Risk Manager for a financial institution, I highly recommend that you familiarize yourself with this book.   I believe the book will bring you up to date on the latest real time risk management concepts and will open your eyes to some of the technological challenges we will be facing in the next three to five years as Enterprise Risk Management evolves to a more mature level.

Because the book is small and unassuming, I also recommend it as a gift for those “legacy” type IT managers I mentioned earlier.   It may be the most eye opening technology book they’ve read in the last 10 years!

If you’re wondering about the “Nude Sunbathing” sign above…. let me explain why it’s here.   This picture was taken last July one block away from the Jacob Javitz Convention Center in NYC, on the day the National Enterprise Risk Management Club of Buenos Aires, Argentina, was holding its national awards for the most creative use of Twitter in a crisis situation.   When members saw this sign they Twitted all the participants, and half the Jacob Javitz Center emptied as the men rushed to the Hudson River to watch the annoyed sun bathers.   Now the question being debated by serious Harvard sociologists is:  Did Twitter empty out the Jacob Javitz Center, or was it the naked sunbathers and their uncontrollable effects on the hot Latins from Argentina?

Enhanced by Zemanta