The latest news headlines on issues and developments affecting the internal audit profession.
Oct. 2, 2020
According to a new report released by Freedom House, a nongovernmental, nonpartisan advocacy organization, the state of democracy and human rights has worsened in at least 80 countries out of 192 surveyed since the start of the pandemic. The problem is particularly notable in developing nations or countries where democracy was already under threat, reports The Washington Post. In Turkey, for example, the pandemic "was used as an excuse for the already oppressive government to do things that it has long planned to do, but had not been able to," said the study. The report also offers some solutions for the democratic dangers such as combating corruption and ensuring emergency powers have time limits. As the fallout from the pandemic continues, internal audit departments should be acutely aware of the geopolitical threats their organizations operate in.
The Cybersecurity and Infrastructure Security Agency (CISA) kicked off its 17th annual National Cybersecurity Awareness Month on Oct. 1, in partnership with the National Cyber Security Alliance. According to CISA's press release, "This year's theme 'Do Your Part. #BeCyberSmart.' encourages Americans to own their role in cybersecurity by focusing on personal accountability and the importance of taking proactive steps to be safer and more secure online." Internal Auditor will join CISA's effort to promote cybersecurity awareness by highlighting content to support the vital role internal auditors play in the cybersecurity efforts of the organizations they serve. The four-part series launches Oct. 6.
Beginning next year, 34 of the largest U.S. companies will disclose previously private race, gender, and ethnicity workforce data collected as a part of regulatory filings, Bloomberg reports. The agreement comes in response to a push by the New York City comptroller and three city retirement funds. The New York initiative began in July as part of a broader push for workforce transparency at companies that made explicit statements of support for equality after the killing of George Floyd.
Amazon.com Inc., Coca-Cola Co., General Motors Co., Goldman Sachs Group Inc., Morgan Stanley, and PepsiCo Inc. are among the companies recognized by Comptroller Scott Stringer in a statement Monday. There is no current U.S. mandate to publicly disclose the race or gender of employees, and only 4% of companies publicly release the data they report to the U.S. Equal Employment Opportunity Commission, says the report.
The U.S. Department of the Treasury says that facilitating ransomware payments to hackers under U.S. sanctions may be illegal, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals,
Reuters reports. In a pair of advisories, the Treasury's Office of Foreign Assets Control and its Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to the sanctions. Organizations are expected to take a tougher stance on the ransomware incidents now that they are coming under government scrutiny.
After a year-long investigation into allegations of forced labor, the U.S. Customs and Border Protection (CBP) agency banned imports from Malaysian palm oil producer FGV Holdings on Wednesday. The CBP's allegations against FGV include "abuse, deception, physical and sexual violence, intimidation, and the keeping of workers' identity documents,"
Reuters reports. A Malaysian government official told Reuters the country expects CBP to ban a second palm oil producer soon. Malaysia is the second-largest producer of palm products in the world, and its palm plantations rely on migrant labor. In its report, the CBP also put U.S. importers on warning that there are questionable labor practices in the larger palm oil industry, as well. The U.S. imports only about 3% of palm oil from Malaysian producers, according to Reuters, but the move by the CBP should remind internal auditors of the risk organizations face in third-party relationships.
Sept. 30, 2020
The IIA is launching a new, comprehensive framework for professional development. The Internal Audit Competency Framework provides career advancement direction and support for practitioners at all levels — from those just beginning their career to more experienced practitioners. The Framework has three levels of competency — general awareness, applied knowledge, and expert — that allow users to assess where they stand in various knowledge areas, then identify the standards, guidance, and other resources in four tracks — professionalism, performance, environment, and leadership and communications. To support this initiative and to ensure tools and other resources are available, the Internal Audit Foundation is partnering with Deloitte to launch a global survey October 5–26 to assess competency levels of internal audit practitioners.
Google parent company Alphabet has agreed to devote $310 million to new diversity, equality, and inclusion measures and to implement more than 80 changes to its handling of sexual misconduct, discrimination, and retaliation cases as part of an extensive legal settlement, CNBC reports. The settlement comes after shareholders filed a class-action lawsuit against the board, accusing the leadership team of mishandling employee complaints of sexual misconduct and discrimination. Shareholders hope the settlement will set a tone for the tech industry, which has been among the industries most plagued by transgressions and power differences during the #MeToo era, according to the story.
Last year, the McKinsey Global Survey reported "a nearly 25% year-over-year increase in the use of AI in standard business processes." The transformative power of artificial intelligence (AI) is already affecting a range of functions, including customer service, brand management, operations, people and culture, and more recently, risk management and compliance, says an article published by the World Economic Forum. "Executives face a fundamental challenge," the article says, "[of] how to maximize the benefits of AI for various business functions without creating intractable risk and compliance issues." The best path forward, according to analysts, is an integrated audit solution that includes the management of risk related to AI. Such solutions must document the behavior of all AI solutions used by a company, assess compliance with a set of defined requirements, and enable cross-department collaboration.
report that analyzes injury rates at Amazon warehouses suggests that Amazon has had a "burgeoning problem" with injuries among warehouse workers over the last three years, according to Business Insider. The report is based on injury data from Amazon fulfillment centers across the U.S. that was leaked to the Center of Investigative Journalism's outlet Reveal by a whistleblower. The data shows injury rates climbing every year between 2016 and 2019, with as many as 14,000 serious injuries occurring in 150 warehouses in 2019. According to Business Insider, this 2019 figure is 33% higher than the online retailer's injuries in 2016, and almost twice the industry standard. The report also noted that the injury rate may have been exacerbated by the addition of robots to the warehouses, as fulfillment centers with robots show a 50% higher rate of injuries. Amazon told Business Insider that "Reveal's metrics for what constituted a 'serious injury' skewed its interpretation of the data" and refuted the claim that it has downplayed worker injuries.
Sept. 28, 2020
According to a recent survey of 600 small and midsize businesses conducted by Morning Consult on behalf of Verizon Communications Inc., a majority — 60% — of small businesses say they expect to be operating beyond six months even if current conditions persist. This figure is up from 46% in April, The Washington Post reports. The most optimistic respondents were in the property and real-estate industry, with 78% expecting to survive even under present conditions, while 47% of businesses in the hospitality and accommodation industry said the same. The survey also indicated that 58% of businesses believe the upcoming presidential election will have a significant impact on the U.S. economy, even though only 22% reported that it would significantly affect job security. Overall, these figures point to a slightly more optimistic outlook for the business landscape in the coming months, but vigilance and due diligence in risk management should still be considered a priority for organizational leaders.
China is keeping its guard up ahead of the Golden Week national holiday that begins on Oct. 1. It will be the biggest holiday since the nation largely brought the COVID-19 outbreak under control, and it will be a major test of its ability to prevent a renewed outbreak. Some provinces such as Hubei — where the disease first emerged — are offering free passes to tourist sites. However, precautions remain in place and people traveling between provinces have to download a health app that shows their recent travel record. China also is asking its 1.4 billion residents to avoid unnecessary travel abroad.
A COVID-19 wrongful death lawsuit filed in August is reported to be the first "take-home" case of its kind in the U.S. — and one that employers should be watching, according to
Reuters. In the lawsuit, a woman is suing an Illinois meat processing facility over the death of her mother, whom she alleges contracted COVID-19 from her father, an employee of the plant. Unlike a U.S. workers compensation claim, there are no liability caps for workplace injuries for a so-called "take-home" lawsuit. Similar to asbestos litigation, the lawsuit alleges the company was negligent in protecting its employees and warning them of risk — in this case, from a COVID-19 outbreak at the plant — which resulted in the plaintiff's father bringing the virus home to his family. Attorneys involved in such lawsuits say successful cases must prove a "causal chain" of events, linking the disease to the actions of the employer. Lawyers also said that the best protection against such lawsuits is adopting and documenting measures to protect workers. Internal auditors should continue to advise their organizations on the importance of health and safety measures during the pandemic.
GE announced last week that it intends to exit the new-build coal power market and "to focus on and invest in its core renewable energy and power generation businesses, working to make electricity more affordable, reliable, accessible, and sustainable." Russell Stokes, president and CEO of GE Power Portfolio, said, "With the continued transformation of GE, we are focused on power generation businesses that have attractive economics and a growth trajectory." The announcement says GE's Steam Power business will work with customers on existing obligations as it pursues the exit, which may include divestitures, site closings, job impacts, and considerations for publicly held subsidiaries. The move has implications for proposed projects, such as a 1050-megawatt coal power plant in Lamu, Kenya, which GE agreed to design, construct, and maintain for an estimated $2 billion in May 2018. "GE is among the companies that are divesting from coal and other nonrenewable sources of energy, partly due to pressure from investors and environmental activists seeking to slow down climate change," writes Victor Juma in Business Daily Africa.