Jason Mefford

I've spent the last few months interviewing chief audit executives to gain a better view of the state of internal audit. I found that not only is the pace of change accelerating, but with challenges come plenty of opportunities too.

One of the authors and thought leaders that updated the 7th edition of Sawyer's Internal Auditing.

In this 7th edition, 10 authors and thought leaders within the internal audit profession tackle the challenge of what comes next for the profession. What are the opportunities to grow the most value? What emerging risks face the profession? How can this version of Sawyer's best help chief audit executives (CAEs) and internal auditors in considering today’s practices and planning for the… Show more

One of the authors and thought leaders that updated the 7th edition of Sawyer's Internal Auditing.

In this 7th edition, 10 authors and thought leaders within the internal audit profession tackle the challenge of what comes next for the profession. What are the opportunities to grow the most value? What emerging risks face the profession? How can this version of Sawyer's best help chief audit executives (CAEs) and internal auditors in considering today’s practices and planning for the future? How can internal audit stakeholders better see the value they get from internal audit? This new edition is organized more practically around what CAEs need to know to develop the ideal internal audit function and what internal auditors need to know to deliver current internal audit services and products. Show less

This Amazon, best-selling book reveals secrets for mastering success in health, wealth, and lifestyle.

This book mentors you in pointing out the do's and don'ts of success and failure. While success may sometimes be accomplished through personal experience alone, mentoring will invariably reduce the time needed to master any task. Learning to master skills is the key to our progress. It was Walt Disney who said that ll of our dreams can come true if we have the courage to pursue them

I appeared on the Brian Tracy TV show and spoke about Principled Performance®. This program aired on ABC, CBS, NBC, and FOX. You can view my interview at: www.jasonmefford.com/videos

Contributing author of the OCEG GRC Capability Model version 3.0, the international standard on developing and maintaining a governance, risk management and compliance (GRC) capability in an organization to help ensure the reliable achievement of objectives, while addressing uncertainty and acting with integrity.

Internal auditors are told they need to develop a risk-based audit plan, but many internal audit activities simply risk rank their audit universe and believe that is risk-based auditing. Another common mistake is to identify risks to audit without ever determining if they are relevant to the organization’s objectives.

Risk-based internal auditing is really about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. This… Show more

Internal auditors are told they need to develop a risk-based audit plan, but many internal audit activities simply risk rank their audit universe and believe that is risk-based auditing. Another common mistake is to identify risks to audit without ever determining if they are relevant to the organization’s objectives.

Risk-based internal auditing is really about aligning the annual audit plan, and corresponding audit projects and efforts, with the objectives of the organization. This book takes a unique approach to risk-based auditing by incorporating risk management and internal audit concepts to create a new Risk-Based Internal Audit Framework, while still being consistent with internal auditing standards.

The risk-based internal auditing framework shows how internal audit activities can consider the key objectives of their organizations, the strategies utilized to meet those objectives, and what major threats, and corresponding risks, cause uncertainty about whether the organization can meet those objectives. This is the basis of risk-based internal auditing.

The principles outlined in this book are applicable to all internal audit activities, regardless of geographic location, industry, or type of organization. They can be used in the private or public sector, for profit or non-profit, large or small organizations. The concepts in this book can be used to improve the audit quality in any organization and ensure the internal audit activity is adding value by focusing on helping the organization meet its objectives, not just adding and testing internal controls. It helps the internal audit activity provide much better assurance on what the governance group and management is really concerned about – meeting the organization’s objectives.

This book provides answers and practical how-to information to help internal audit activities take that next step in the evolution of the internal audit profession. It is a must read for any internal auditor. Show less

I have spent almost twenty years as an auditor; externally, internally, or training auditors. When discussing the subject of risk assessments and annual audit plan development, I am reminded often of a quote from Winnie the Pooh.

“Here is Edward Bear, coming downstairs now, bump, bump, bump, on the back of his head, behind Christopher Robin. It is, as far as he knows, the only way of coming downstairs, but sometimes he feels that there really is another way, if only he could stop bumping… Show more

I have spent almost twenty years as an auditor; externally, internally, or training auditors. When discussing the subject of risk assessments and annual audit plan development, I am reminded often of a quote from Winnie the Pooh.

“Here is Edward Bear, coming downstairs now, bump, bump, bump, on the back of his head, behind Christopher Robin. It is, as far as he knows, the only way of coming downstairs, but sometimes he feels that there really is another way, if only he could stop bumping for a moment and think of it.”—A. A. Milne.

How much of the time do we feel we are hitting our heads when doing risk assessments and annual audit plans, realizing there is a better way, but not knowing how to change? We do the same things over, and over again, just like Winnie the Pooh coming down the stairs ....

For more information see associated LinkedIn post or Compliance Week article. Show less

Not all organizations are required to have a governance, risk management and compliance (GRC) system that incorporates the Sarbanes-Oxley Act (SOX) or Dodd-Frank, but every organization should conform with the Federal Sentencing Guidelines for Organizations (FSGO).
So what are the FSGO and why do they relate to all organizations? How can your organization ensure your ethics and compliance program conforms to the FSGO? This white paper answers those questions.

One of the most important variables an employee survey should track is employees' perceptions of respect in the workplace. If you want more engaged and productive employees, then focus on respect in your organization.