Connect with us

Accounting

IIA sets cybersecurity topical requirement

Published

on

The Institute of Internal Auditors released the first in a series of topical requirements planned for this year, starting with cybersecurity.

The Cybersecurity Topical Requirement offers internal auditors a consistent approach to assessing the design and implementation of cybersecurity governance, risk management and control processes. The requirements represent a minimum baseline for assessing cybersecurity in an organization. According to the IIA’s research, cybersecurity continues to be a top-rated risk affecting organizations across industries and around the world. The topical requirements give practitioners a set of baseline requirements for reviewing certain risk areas such as cybersecurity and ensure audit functions globally operate in a consistent and reliable manner.

In addition, the IIA’s Internal Audit Foundation and AuditBoard released a new joint report Wednesday discussing the rise in cybercrime in the U.S. and how internal audit and information security teams can work together to ensure organizations today are cyber resilient. The report includes insights from internal audit and information security leaders and provides strategies that organizations can take to safeguard against cyber threats. 

“While internal audit priorities naturally evolve, some key risks will remain consistently critical to organizations and their internal audit plans well into the future,” said IIA president and CEO Anthony Pugliese in a statement. “Cybersecurity continues to be a top concern for organizations worldwide — in fact, it was once again ranked as the top risk in the IIA’s Risk in Focus 2025 report — and is fitting as the subject for our first Topical Requirement.”

Topical requirements are one of the three main elements of the IIA’s International Professional Practices Framework, alongside the Global Internal Audit Standards and Global Guidance, providing a consistent baseline for assessing specific risk areas. 

The Cybersecurity Topical Requirement provides a baseline approach for internal audit functions when they assess cybersecurity as an audit topic or if cybersecurity is identified as a risk within other audits. Some of the main requirements include establishing clear roles and responsibilities within the organization regarding cybersecurity strategic objectives, ensuring a robust and up-to-date risk management approach to account for recurring cyber risks, and that management has established an effective internal control environment.

“Internal audit functions have the flexibility to craft audit plans tailored to the unique needs, objectives, and risk profile of the organization they serve,” said Benito Ybarra, IIA executive vice president of global standards, guidance and certifications, in a statement. “It’s crucial to understand that topical requirements do not mandate internal audit functions to examine a specific topic, but rather provide practitioners with the resources and clear direction needed to assess and address priority risks identified in their audit plans in a consistent manner.”

The next topical requirement will focus on third-party risk, addressing some of the major aspects of third-party risk management structures that internal auditors need to evaluate to mitigate persistent risks. Other topics under development include business culture, business resilience, anti-corruption and bribery.

Continue Reading

Accounting

Continuous auditing: A new era for external auditors or a challenge to tradition?

Published

on

External auditors have long been tasked with ensuring financial integrity, detecting fraud and providing an independent opinion on a company’s financial statements.

Now, with the rise of continuous auditing, this role is evolving. Should auditors be involved in real-time financial monitoring? Will continuous auditing enhance audit quality or introduce new risks? And will AI and automation result in continuous audits that are more efficient, or will it drive up complexity and costs?

These questions go beyond technology — they redefine the audit function, independence and financial reporting expectations. The potential is huge, but so are the challenges that come with it.

What is continuous auditing?

Think of a traditional audit like an annual medical check-up — you go in once a year, the doctor reviews your health and gives you an assessment based on that visit. Continuous auditing? That’s more like wearing a smartwatch that tracks your health 24/7, constantly looking for issues as they happen. It uses AI, automation and analytics to monitor transactions in real time. Instead of waiting until the end of the reporting cycle, risks, anomalies and possible control issues are flagged as they happen.

At first glance, continuous auditing seems like a clear win — faster fraud detection, stronger financial oversight and fewer year-end surprises. But it also raises a critical question: If auditors are reviewing financial data year-round, are they expected to report findings externally in real time? And if they are not, could that expose them to greater liability?

The shift from traditional audits to continuous audits

Auditors traditionally provide independent opinions after management closes the books, but continuous auditing challenges this boundary. When auditors monitor financials year-round, the distinction between independent oversight and management’s control function can become blurred — at least in perception.

Flagging issues at many touchpoints during the year may also introduce concerns about their accountability for financial outcomes before the final opinion is issued.

Independence will always be a core pillar of auditing, both in fact and perception. As auditors engage in real-time monitoring, the challenge becomes ensuring they remain objective third parties rather than part of management’s oversight process. Regulators must then establish clear safeguards to uphold auditor independence while leveraging continuous auditing’s benefits.

AI and automation

This shift isn’t just happening because companies want it — it’s happening because AI and automation have made it possible. And let’s be honest: this technology is a game-changer. AI is transforming auditing by enabling real-time anomaly detection, predictive risk assessment and full population testing with greater accuracy than traditional sampling.

For audit firms, this means a fundamental shift in how audits are conducted. AI isn’t just making audits faster — it’s enabling full population analysis to catch risks that sampling might miss, automating repetitive tasks to give auditors more time for complex judgment calls, and strengthening fraud detection with continuous monitoring that builds investor confidence. How ready are firms to embrace this transformation?

What about the cost of continuous auditing?

Cost is another part of this debate around continuous auditing. Continuous auditing smooths workloads year-round, optimizing firm resources and specialists. AI handles routine transactions, freeing auditors to focus on complex, high-risk (high value) areas requiring expert judgment. It also allows management to have visibility of the audit fee build-up — distinguishing between tasks that can be automated with AI and the specialized work that demands deeper professional judgement. 

While continuous auditing offers those advantages, one could argue this may lead to higher audit fees if auditors are “on the ground” 24/7, the cost of upfront investment in AI tools, and added complexity in maintaining compliance with new regulations. The final answer depends on how firms adopt it — but in the long run, efficiency gains and stronger risk detection (i.e., preventing costly year-end financial restatements) may strongly justify the investment.

Will auditors fully embrace continuous auditing?

The demand for faster financial assurance is already here. Shareholders want more transparency and faster reporting, regulators want better oversight, and companies see AI-driven monitoring as an advantage. For this to happen, regulatory standards will need to evolve to address real-time assurance and how it aligns with auditor independence. Audit firms will need to balance technology investment with governance structures that ensure objectivity, transparency and liability-mitigation.

As companies (and internal audit practitioners) adopt rolling and periodic assurance models with AI-driven monitoring, the shift to a fully continuous audit model for external audit is not just a possibility — it’s within reach. But getting there requires more than just technology; it demands clear regulatory frameworks, strategic investment, and strong legal protection and independence safeguards to maintain trust in the audit process.

AI and automation will rewrite the playbook, shifting audit expectations from a single annual opinion to rolling, real-time insights. With historical audits losing their shine, more stakeholders are asking for a better solution.

Continuous auditing is no longer theoretical — it’s happening now. The challenge is ensuring it enhances audit quality while maintaining independence. With AI redefining expectations, are audit firms, regulators and businesses ready to embrace this shift? The conversation is just beginning — where do you stand?

Continue Reading

Accounting

Senate unveils plan to fast-track tax cuts, debt limit hike

Published

on

Senate Republicans unveiled a budget blueprint designed to fast-track a renewal of President Donald Trump’s tax cuts and an increase to the nation’s borrowing limit, ahead of a planned vote on the resolution later this week. 

The Senate plan will allow for a $4 trillion extension of Trump’s tax cuts and an additional $1.5 trillion in further levy reductions. The House plan called for $4.5 trillion in total cuts.

Republicans say they are assuming that the cost of extending the expiring 2017 Trump tax cuts will cost zero dollars.

The draft is a sign that divisions within the Senate GOP over the size and scope of spending cuts to offset tax reductions are closer to being resolved. 

Lawmakers, however, have yet to face some of the most difficult decisions, including which spending to cut and which tax reductions to prioritize. That will be negotiated in the coming weeks after both chambers approve identical budget resolutions unlocking the process.

The Senate budget plan would also increase the debt ceiling by up to $5 trillion, compared with the $4 trillion hike in the House plan. Senate Republicans say they want to ensure that Congress does not need to vote on the debt ceiling again before the 2026 midterm elections. 

“This budget resolution unlocks the process to permanently extend proven, pro-growth tax policy,” Senate Finance Chairman Mike Crapo, an Idaho Republican, said. 

The blueprint is the latest in a multi-step legislative process for Republicans to pass a renewal of Trump’s tax cuts through Congress. The bill will renew the president’s 2017 reductions set to expire at the end of this year, which include lower rates for households and deductions for privately held businesses. 

Republicans are also hoping to include additional tax measures to the bill, including raising the state and local tax deduction cap and some of Trump’s campaign pledges to eliminate taxes on certain categories of income, including tips and overtime pay.

The plan would allow for the debt ceiling hike to be vote on separately from the rest of the tax and spending package. That gives lawmakers flexibility to move more quickly on the debt ceiling piece if a federal default looms before lawmakers can agree on the tax package.

Political realities

Senate Majority Leader John Thune told reporters on Wednesday, after meeting with Trump at the White House to discuss the tax blueprint, that he’s not sure yet if he has the votes to pass the measure.

Thune in a statement said the budget has been blessed by the top Senate ruleskeeper but Democrats said that it is still vulnerable to being challenged later.

The biggest differences in the Senate budget from the competing House plan are in the directives for spending cuts, a reflection of divisions among lawmakers over reductions to benefit programs, including Medicaid and food stamps. 

The Senate plan pares back a House measure that calls for at least $2 trillion in spending reductions over a decade, a massive reduction that would likely mean curbing popular entitlement programs.

The Senate GOP budget grants significantly more flexibility. It instructs key committees that oversee entitlement programs to come up with at least $4 billion in cuts. Republicans say they expect the final tax package to contain much larger curbs on spending.

The Senate budget would also allow $150 billion in new spending for the military and $175 billion for border and immigration enforcement.

If the minimum spending cuts are achieved along with the maximum tax cuts, the plan would add $5.8 trillion in new deficits over 10 years, according to the Committee for a Responsible Federal Budget.

The Senate is planning a vote on the plan in the coming days. Then it goes to the House for a vote as soon as next week. There, it could face opposition from spending hawks like South Carolina’s Ralph Norman, who are signaling they want more aggressive cuts. 

House Speaker Mike Johnson can likely afford just two or three defections on the budget vote given his slim majority and unified Democratic opposition.

Continue Reading

Accounting

How asset location decides bond ladder taxes

Published

on

Financial advisors and clients worried about stock volatility and inflation can climb bond ladders to safety — but they won’t find any, if those steps lead to a place with higher taxes.

The choice of asset location for bond ladders in a client portfolio can prove so important that some wealthy customers holding them in a taxable brokerage account may wind up losing money in an inflationary period due to the payments to Uncle Sam, according to a new academic study. And those taxes, due to what the author described as the “dead loss” from the so-called original issue discount compared to the value, come with an extra sting if advisors and clients thought the bond ladder had prepared for the rise in inflation.

Bond ladders — whether they are based on Treasury inflation-protected securities like the strategy described in the study or another fixed-income security — provide small but steady returns tied to the regular cadence of maturities in the debt-based products. However, advisors and their clients need to consider where any interest payments, coupon income or principal accretion from the bond ladders could wind up as ordinary income, said Cal Spranger, a fixed income and wealth manager with Seattle-based Badgley + Phelps Wealth Managers.

“Thats going to be the No. 1 concern about, where is the optimal place to hold them,” Spranger said in an interview. “One of our primary objectives for a bond portfolio is to smooth out that volatility. … We’re trying to reduce risk with the bond portfolio, not increase risks.”

READ MORE: Why laddered bond portfolios cover all the bases

The ‘peculiarly bad location’ for a bond ladder

Risk-averse planners, then, could likely predict the conclusion of the working academic paper, which was posted in late February by Edward McQuarrie, a professor emeritus in the Leavey School of Business at Santa Clara University: Tax-deferred retirement accounts such as a 401(k) or a traditional individual retirement account are usually the best location for a Treasury inflation-protected securities ladder. The appreciation attributes available through an after-tax Roth IRA work better for equities than a bond ladder designed for decumulation, and the potential payments to Uncle Sam in brokerage accounts make them an even worse asset location.

“Few planners will be surprised to learn that locating a TIPS ladder in a taxable account leads to phantom income and excess payment of tax, with a consequent reduction in after-tax real spending power,” McQuarrie writes. “Some may be surprised to learn just how baleful that mistake in account location can be, up to and including negative payouts in the early years for high tax brackets and very high rates of inflation. In the worst cases, more is due in tax than the ladder payout provides. And many will be surprised to learn how rapidly the penalty for choosing the wrong asset location increases at higher rates of inflation — precisely the motivation for setting up a TIPS ladder in the first place. Perhaps the most surprising result of all was the discovery that excess tax payments in the early years are never made up. [Original issue discount] causes a dead loss.”

The Roth account may look like a healthy alternative, since the clients wouldn’t owe any further taxes on distributions from them in retirement. But the bond ladder would defeat the whole purpose of that vehicle, McQuarrie writes.

“Planners should recognize that a Roth account is a peculiarly bad location for a bond ladder, whether real or nominal,” he writes. “Ladders are decumulation tools designed to provide a stream of distributions, which the Roth account does not otherwise require. Locating a bond ladder in the Roth thus forfeits what some consider to be one of the most valuable features of the Roth account. If the bond ladder is the only asset in the Roth, then the Roth itself will have been liquidated as the ladder reaches its end.”

READ MORE: How to hedge risk with annuity ladders

RMD advantages

That means that the Treasury inflation-protected securities ladder will add the most value to portfolios in a tax-deferred account (TDA), which McQuarrie acknowledges is not a shocking recommendation to anyone familiar with them. On the other hand, some planners with clients who need to begin required minimum distributions from their traditional IRA may reap further benefits than expected from that location.

“More interesting is the demonstration that the after-tax real income received from a TIPS ladder located in a TDA does not vary with the rate of inflation, in contrast to what happens in a taxable account,” McQuarrie writes. “Also of note was the ability of most TIPS ladders to handle the RMDs due, and, at higher rates of inflation, to shelter other assets from the need to take RMDs.”

The present time of high yields from Treasury inflation-protected securities could represent an ample opportunity to tap into that scenario.

“If TIPS yields are attractive when the ladder is set up, distributions from the ladder will typically satisfy RMDs on the ladder balance throughout the 30 years,” McQuarrie writes. “The higher the inflation experienced, the greater the surplus coverage, allowing other assets in the account to be sheltered in part from RMDs by means of the TIPS ladder payout. However, if TIPS yields are borderline unattractive at ladder set up, and if the ladder proved unnecessary because inflation fell to historically low levels, then there may be a shortfall in RMD coverage in the middle years, requiring either that TIPS bonds be sold prematurely, or that other assets in the TDA be tapped to cover the RMD.”

READ MORE: A primer on the IRA ‘bridge’ to bigger Social Security benefits

The key takeaways on bond ladders

Other caveats to the strategies revolve around any possible state taxes on withdrawals or any number of client circumstances ruling out a universal recommendation. The main message of McQuarrie’s study serves as a warning against putting the ladder in a taxable brokerage account.

“Unsurprisingly, the higher the client’s tax rate, the worse the outcomes from locating a TIPS ladder in taxable when inflation rages,” he writes. “High-bracket taxpayers who accurately foresee a surge in future inflation, and take steps to defend against it, but who make the mistake of locating their TIPS ladder in taxable, can end up paying more in tax to the government than is received from the TIPS ladder during the first year or two.”

For municipal or other types of tax-exempt bonds, though, a taxable account is “the optimal place,” Spranger said. Convertible Treasury or corporate bonds show more similarity with the Treasury inflation-protected securities in that their ideal location is in a tax-deferred account, he noted.

Regardless, bonds act as a crucial core to a client’s portfolio, tamping down on the risk of volatility and sensitivity to interest rates. And the right ladder strategies yield more reliable future rates of returns for clients than a bond ETF or mutual fund, Spranger said.

“We’re strong proponents of using individual bonds, No. 1 so that we can create bond ladders, but, most importantly, for the certainty that individual bonds provide,” he said.

Continue Reading

Trending