In an effort to reach out to more candidates who hold professional designations related to internal controls, TheIIC will be exhibiting at the 20th Annual ACFE Fraud Conference & Exhibition. The conference, which is expected to draw over 2500 attendees, will be held July 12-15, in Las Vegas. Members of the Board including TheIIC Chairman will man the exhibition booth.

Excerpt from Introduction Section of Study:
With the economy struggling to find its foothold, many businesses and individuals are facing the greatest financial concerns in recent memory. In these tough times, protecting valuable - and increasingly scarce - economic resources has become a monumental task. Losing assets to fraud may be enough to send an already struggling organization to the financial brink. Unfortunately, many of the situations that abound in a turbulent economy are factors that can lead to an influx of occupational fraud. Employees are under growing financial pressures as their houses decline in value and their retirement funds shrink. Organizations in nearly every sector are cutting expenses and laying off workers. Stock prices have been dropping. Morale is down. Fear is up. The combination of these conditions may create an environment ripe for fraudulent activity. Although both logic and experience tell us that the threat of fraud could be heightened in the present economy, it is nearly impossible to gauge the true amount of fraud occurring at any given time. The vast majority of fraudsters take action to conceal their misdeeds. Consequently, some frauds may never be caught. Other schemes may be perpetrated for years before they are uncovered. And, even among those that are detected, a large number of cases will never be reported, allowing them to remain hidden from the public eye. Thus, no exact measure of the level of fraud during the current recession can exist. Nonetheless, examining the association between fraud and a weakened economy is an important endeavor. To get a pulse on how the economy is affecting fraud trends, the ACFE went to the experts who are in the trenches fighting fraud on a daily basis.

In early June 2009, SEC Commissioner Luis Aguilar told a group of compliance officers in Washington, D.C. that smaller companies should prepare to become more familiar with the auditor attestation requirement under Section 404(b) of the Sarbanes- Oxley Act. The SEC's cost-benefit study on Section 404 is close to be finalized and the anecdotal evidence is that the hard learning that the large accelerated filers have done, the work by the PCAOB in re-doing Auditing Standard No. 5, and guidance given by groups such as COSO have all tended to help create a more scalable system. In response to a question about whether non-accelerated filers would finally have to comply with the provision, Aguilar felt that the expectation and hope is that the costs are going to be more in line with smaller companies.

Smaller companies currently comply with the management assessment required under 404(a). They're slated to comply with Section 404(b) for fiscal years ending on or after December 15, 2009. When the SEC granted those companies yet another extension on compliance with the auditor attestation provision last year, the Commission said it would use the time to study the costs and benefits of SOX 404 implementation and assess whether its efforts to ease that burden have helped, seemingly leaving the door open to another delay. However, the SEC's new chairman, Mary Schapiro, has said she wants to bring uniformity to the system, suggesting that small companies may really finally have to bite the SOX 404(b) bullet.

So far, the SEC has not revealed when it will publish the findings of the study. Aguilar noted that if the study indicated a vast disconnection between the costs and benefits, we would have to revisit it, but his working hypothesis is that it won't be extended.

In recent months, the theme of IT governance, risk and compliance (IT GRC) management has arisen as the point of convergence where the governance of the organization intersects with the governance of IT, where the control of risk in, of, and by IT serves to control risk to the business, and where regulatory compliance directly affects IT. Already in this short time, IT GRC has become a loaded term, high on expectations but far too often short on specifics. What exactly does IT GRC mean to enterprises pursuing the broad mandates implied? How do businesses reckon success with these initiatives, and what are the qualities that make for success in IT GRC management? In this study, the ENTERPRISE MANAGEMENT ASSOCIATES team surveyed 224 IT as well as non-IT professionals to answer these questions. While organizations of all sizes were represented, a full one-third (34%) of all respondents were very large enterprises of 20,000 employees or more, with organizations between 1,500 and 20,000 employees making up another 48%. Nearly half (44%) of all respondents represented organizations having annual of revenues of $1 billion or more, with one- fourth (25%) reporting annual IT budgets in excess of $100 million. Although most respondents (89%) were based in North America, nearly half (46%) had a presence in Europe, the Middle East and Africa, while 40% were represented in the Asia-Pacific region, and 30% in the Americas.

Is Internal Audit (IA) up to the challenge? Among the changes on the horizon is IFRS, which has started to illuminate corporate radar screens during the worst financial downturn in US history. The adoption of IFRS provides IA with an opportunity to get involved in their company's accounting conversion now and stay involved throughout the process. IFRS is fast becoming the global accounting reporting standard, with more than 100 countries using it or about to adopt it as their global financial reporting framework.1 The transition to IFRS is not just an accounting exercise. It is a business transformation that goes beyond debits and credits, one that requires an integrated, enterprise-wide approach. The stakes are high, as management's judgments on interpreting IFRS and applying its accounting policies can influence reported results. What's more, implementation challenges will reach far beyond the financial statements and reverberate throughout the enterprise. IA can be an integral player from the beginning, and chief audit executives should not be shy about demonstrating their skills and experience to assist their organizations through broad change. IA's knowledge of the business and the manner in which data flows into the financial statements make IA personnel ideal members of an IFRS conversion team. In addition to affecting the numbers, IFRS may have a significant impact on company processes, people, and technology. For example, changes to existing disclosures under IFRS may require additional controls over financial reporting. The need to bring additional systems and data within the financial reporting control, primarily due to increased disclosure requirements, could result in a significant amount of changes to the existing Sarbanes- Oxley (SOX) framework and documentation. IA has already worked with process owners to review and update SOX documentation in many companies and could serve as a valuable resource during an IFRS conversion. Many businesses overseas, having already implemented IFRS, know the significant impact an IFRS conversion has had and the related challenges their companies have faced during this process. Based on our experience, we see the need for businesses to focus on establishing appropriate and effective means of realigning operations and processes, including accounting, tax, budgeting, internal controls, and training, among many others. IA can play a valuable role in helping companies work effectively toward a smooth and efficient transition while leveraging the lessons learned from those companies that have already converted to IFRS, thus avoiding the common pitfalls. IA can bring a process, people, and technology mindset to the IFRS conversion effort, helping the organization focus on the implications of what can serve as an opportunity to address other necessary broader organizational change that may be needed.

Conversion experience in Europe, as well as Asia and Australia, shows that conversion projects often take more time and resources than anticipated. Historically, that has led some companies to rush and risk mistakes or outsource more work than necessary, driving up costs and hindering the embedding of IFRS knowledge within the company. At the same time, conversion brings a one-time opportunity to comprehensively reassess financial reporting and take "a clean sheet of paper" approach to financial policies and processes. Such an approach recognizes that major accounting and reporting changes may have a ripple effect impacting many aspects of a company's organization. This implementation guide is intended to jumpstart strategic thinking about an IFRS conversion.. It provides an outline for a suggested IFRS conversion approach, highlighting objectives, timelines, key considerations, and insights. It is not a comprehensive "how-to" manual, because each company will proceed according to its own unique needs. Rather, its intent is to provide a framework for understanding the scope of the conversion process, encourage strategic thinking, and help companies identify where they may need more information, resources or experience.

On June 4, 2009 the SEC charged former Countrywide Financial CEO Angelo Mozilo and two other former executives with securities fraud for deliberately misleading investors about the significant credit risks being taken in efforts to build and maintain the company's market share. Mozilo was additionally charged with insider trading for selling his Countrywide stock based on non-public information for nearly $140 million in profits. The SEC alleges that Mozilo along with former chief operating officer and president David Sambol and former chief financial officer Eric Sieracki misled the market by falsely assuring investors that Countrywide was primarily a prime quality mortgage lender that had avoided the excesses of its competitors.

The SEC's enforcement action alleges that from 2005 through 2007, Countrywide engaged in an unprecedented expansion of its underwriting guidelines and was writing riskier and riskier loans, which these senior executives were warned might ultimately curtail the company's ability to sell them. Countrywide was required to disclose these important trends to its investors in the Management Discussion and Analysis portion of its SEC filings, but failed to do so.

The past year has been one of great turmoil with the global financial markets on the brink of collapse and organizations worldwide struggling amid a worldwide recession, regardless of industry. Among the many effects of this crisis, management and boards of directors are looking more closely than ever at risk, finance, governance and operations to ensure that all proper controls are in place and functioning properly. Management is also ensuring that their IT systems and data are secure, and that they are leveraging working capital to the greatest extent possible. In this environment, internal auditors are playing a critically important role in monitoring organization-wide systems, processes and controls, as their companies today cannot afford even the slightest breakdowns, losses or inefficiencies.

It is in this environment that Protiviti conducted its third Internal Audit Capabilities and Needs Survey. More than 700 participants, including chief audit executives along with internal audit directors, managers and staff, answered more than 100 questions in three categories: General Technical Knowledge, Audit Process Knowledge, and Personal Skills and Capabilities. Their responses underscore the areas of priorities for companies today along with internal audit competency in need of the most improvement.

This year, along with reviewing the results of our latest survey, we also chart and comment on some of the more interesting trends that have emerged since 2006, when we first conducted this survey. Each section of the report includes a three-year summary comparing the top seven areas for improvement since Protiviti released the results of its first Internal Audit Capabilities and Needs Survey in 2006. We also review three-year trends among the responses of chief audit executives.

As in previous surveys, participants in this year's study represent virtually all industry sectors, including financial services, insurance, real estate, energy, utilities, manufacturing and distribution, healthcare, technology, biotechnology, hospitality, retail and telecommunications, among many others. Nearly half are with publicly traded companies, and the others from private, government, educational and nonprofit organizations. Respondents were split relatively evenly in representing large, midsized and small organizations, with the largest group of participants coming from companies with annual revenues of US$1-4 billion.

Now that we have conducted this survey three times over the past four years, it is interesting to note the activities and competencies that have emerged as consistent high priorities for chief audit executives and internal audit professionals: Enterprise Risk Management; Fraud monitoring, Detection and Prevention; Continuous Auditing and Computer- Assisted Audit Techniques; Developing Relationships with Other Board Committee Relationships. Clearly, these competencies are tied to organizational priorities for greater transparency in enterprise-wide operations and processes as well as clear and consistent views of key objectives and strategies by boards and their internal audit functions.

Following an extensive four-month search, the Committee of Sponsoring Organizations (COSO) has named David Landsittel as its new chairman. He replaces Larry Rittenberg, who served as COSO Chairman since 2005. As COSO Chairman, Landsittel will lead the COSO board in developing and providing continuing guidance in risk management, internal control, fraud and governance. Other major responsibilities include: interacting with regulators on issues related to internal control reporting and risk management reporting; representing COSO with financial leaders of major countries around the world; and identifying new areas where COSO can enhance the efficiency of organizations through better risk management and internal controls.

A key resource for members is the sharing of information among the membership via articles. Subject matter including techniques for reviewing internal controls, discussion of available tools, case studies, etc. can assist both the new and experienced internal controls auditor/specialist.
If you would like to submit an article or monograph on any subject matter that may be of interest to the membership, we encourage you to do so. You can direct any materials for review to the Chairman at chairman@theiic.org.

For first timers, I would like to welcome you to the TheIIC e-Newsletter. In the design of the newsletter we completed extensive research on how to make the e-newsletter successful. As you can see, the layout is a little different than you see in other e- newsletters. While most e-newsletters only give you a few lines of the article, with a link to the full article, we have decided to present an abstract type summary of each, with a link to the full article, when available. We feel that this allows you to get the substance of the article without having to link to another site. However, we do provide a link for those who want any additional details available. This also provides you with the ability to print out the newsletter and read it at your leisure. We encourage any comments or suggestions for improving the e-newsletter. Comments as well as contributions for publication should be sent to me at e-newsletter@theiic.org.

If you missed a previous edition of TheIIC
e-newsletter, or would like to retrieve a copy, you can now view archived editions of TheIIC
e-Newsletter on TheIIC website at http://www.theiic.org/publicationsnewsletter.html.