Actualiteit
Welkom op onze actualiteitspagina
Ontdek hier het laatste nieuws, bekendmakingen, en publicaties op het gebied van internal audit
Nieuws
Publicaties
The conflict in Ukraine requires greater vigilance in cyber security. ISACA Belgium, the Institute of Internal Auditors Belgium and the Institut Français de l’Audit et du Contrôle Internes (IFACI) decided to issue a short impact briefing for all members. Although it remains silent about concrete actions and attacks, clear indications show in the wake of the Ukrainian conflict an expansion of malicious cyber activity, both inside and outside the conflict area. In a digital world, cyber attacks can have a huge impact on daily operations and business, rendering our private and public companies and organizations more vulnerable. Therefore, they need to prepare proactively a mitigation of the potential impact of such events. Introduction & Context This paper intends to raise awareness and to encourage organizations to reflect on their cyber readiness in the context of the conflict in Ukraine. This changing environment calls for a reassessment of the current cyber risk exposure and an evaluation of the need to implement additional measures. Whether or not cyber risk was considered in the past, the current situation may provide an opportunity to assess what needs to be done or to review the existing measures
Cybersecurity operations can be categorized into three high-level control objectives: security in design, prevention, and detection. Stakeholders must be able to rely on internal audit’s independent, objective, and competent assurance services to verify whether organizational cybersecurity operations controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT and IS functions. This is for members only. To access it and other valuable resources, become a member today.
The IIA's three-part Global Knowledge Brief series on cybersecurity presents an overview of the new SEC proposals, including the implications they have for cybersecurity reporting regulation in the U.S. as well as abroad. It also explores how internal auditors can play an important role in helping their organizations manage an altered compliance landscape that new regulations could soon create. You can find part 2 here. You can find part 3 here.
Part 3 of this series addresses how internal auditors can better identify and evaluate ESG risks within their own organizations, as well as provides real-world strategies employed by internal audit functions currently in the field. Michelle Uwasomba, Principal, Consulting Enterprise Risk Practice, and Shannon Roberts, Principal, Climate Change and Sustainability Services Practice, of Ernst & Young LLP (EY US) share some of their experiences in supporting companies in the development and execution of management programs to identify, assess, and respond to ESG risks (both upside and downside). You can find part 1 here. You can find part 2 here. This is for members only. To access it and other valuable resources, become a member today.
This new report, part of the Risk in Focus 2022 publication, produced jointly by twelve institutes of internal auditors and the ECIIA, draws on roundtable debates and interviews with CAEs across Europe to explore the key issues for organisations and for internal audit teams and to suggest questions and actions that CAEs and their teams can use to raise awareness in their businesses. Each year, Institutes of Internal Auditors from across Europe and the ECIIA collaborate to survey and interview chief audit executives (CAEs) to produce the Risk in Focus report, highlighting the most important risks for the year ahead. This year, human capital, diversity and talent management rose to its highest position ever when it was cited by 40% of CAEs across Europe as one of their top five risks for 2022. People with technology expertise have been in critically short supply for many years. The skills crisis has widened dramatically and organisations in all sectors and locations are struggling to find people at all levels and with a huge range of skills. It is clear that organisations need to find new ways to attract and retain talented employees and invest in training and education. Corporate reputations matter more than ever. Organisations that have already worked hard to improve their equality, diversity and inclusion will reap the benefits as they are able to reach out to larger pools of potential employees and to attract those who leave employers they perceive as unsupportive or unable to offer them opportunities. Those that have not will have more limited options and must scramble to catch up.
This yearly report has gathered insight from leaders in the profession through the annual Pulse of Internal Audit Survey since 2008. Each survey collects information about established and emerging issues, and other topics of importance to the profession and internal audit management. In an era where disruptive change has become the norm, the need for accurate and reliable benchmarking is paramount. The IIA’s 2022 North American Pulse of Internal Audit report brings together more than a decade of survey results to reveal important trends in four key areas: Budget - Compared to 2020, staffing budgets showed some return to normal, but travel budgets continue to have widespread, sustained cuts. Staff - Initial COVID-related cutbacks have eased generally, but there is less willingness to increase staff levels than before the pandemic. Risk - Technology risks and third-party risks are trending up. For the first time, sustainability risk edged upwards in the survey data. Audit Plan - Cybersecurity is trending up on audit plans for all respondents. For publicly traded organizations, Sarbanes-Oxley is increasing steadily. Beyond benchmarking, the Pulse report offers insights into how CAEs lead their functions, including areas of responsibility outside of internal auditing (fraud, ERM, SOX, etc.), as well as how they determine top concerns and decide how they would spend extra budget. Updated with a new digital-friendly format, the Pulse report is designed to share with peers, audit committees, and executive management.
The Internal Audit Foundation has released a new report in collaboration with Crowe: Privacy and Data Protection, Part 2: Internal Auditors’ Views on Risks, Responsibilities, and Opportunities. This second report in a three-part series reveals a number of potentially valuable opportunities for internal auditors to take an earlier, proactive role in helping to recognize, manage, and mitigate these risks, while still fulfilling their role as defined by the International Professional Practices Framework. Detailed examination of the results provided a number of insights that internal audit professionals can use to reflect on their own organizations’ preparedness and effectiveness in managing risks associated with privacy and data protection. Key takeaways include: Data privacy roles and responsibilities Data privacy as a material risk Internal auditors’ views of program effectiveness Internal auditors’ most critical concerns How internal auditors can add value
This is the second of a three-part series on the evolving ESG risk arena and internal audit's roles and responsibilities. The ESG Risk Landscape Part 2: Implementation, Reporting, and Internal Audit's Role The need for independent assurance on the design and efficacy of ESG-related processes and controls will soon be essential to the work of internal audit. As such, internal auditors should be prepared to act confidently and authoritatively in support of their organizations' ESG efforts. In Part 2 of this series we examine implementation, reporting and internal audit's role. You can find part 1 here. You can find part 3 here. This is for members only. To access it and other valuable resources, become a member today.
Understanding ESG Reporting Standards in 2022 and Beyond This knowledge brief discusses the major frameworks being used to manage ESG risk, along with regulatory concerns and reporting initiatives. The intent is to offer practitioners perspective on the eSG landscape and provide a roadmap for internal auditors as they solidify their role in their organizations' ESG journeys. You can find part 2 here. You can find part 3 here. This is for members only. To access it and other valuable resources, become a member today.
This new report, "Prioritizing ESG: Exploring Internal Audit's Role as a Critical Collaborator," by the Internal Audit Foundation, The IIA, and Ernst & Young LLP (EY) reveals how internal audit functions are currently involved in their organization's ESG efforts, current barriers within their organization that may hinder this involvement, and ways to move forward given impending regulations.
Internal auditors need to understand common technologies that enable remote work, the significant risks arising from remote access, and standard controls that prevent, detect, or remediate unauthorized access or sharing of information. The COVID-19 pandemic prompted a significant increase in those working from home and the resultant risks relating to a mobile or remote workforce. This guide supersedes the Global Technology Audit Guide (GTAG), "Auditing Smart Devices," and broadens the scope to focus on a wider range of risks and controls related to a mobile workforce. This guidance will enable internal auditors to: Define mobile computing hardware, software, and communication tools. Understand risks and opportunities associated with mobile computing. Understand components of remote access processes and related security controls. Understand the basics of auditing mobile computing, including specific controls that should be evaluated. This is for members only. To access it and other valuable resources, become a member today.
The IIA’s new Global Perspectives & Insights, “Internal audit and compliance: Clarity and collaboration for stronger governance,” explains why a clear understanding of roles is critical to effective compliance and independent assurance. The report includes analysis on applying the Three Lines Model’s Six Principles and practical illustrations from practitioners. Download now to review the top four key takeaways.
The Institute of Internal Auditors’ (IIA’s) Internal Audit Foundation (IAF), in collaboration with AuditBoard, has released a new research report, “The Remote Auditor: Challenges, Opportunities, and New Ways of Working,” which assesses the impact of remote work in the profession, explores the importance of technology in addressing remote work challenges, and shares best practices for remote working and sustaining a positive virtual work environment. As we approach the third year of the pandemic, the question “when do we return to normal?” has largely been replaced with “how do we capitalize on the lessons learned over the past two years to further empower and support the hybrid workforce moving forward?” The report presents poll and survey results that help assess the impact of remote work on the profession as a means to answer this critical question. The report cites findings from The IIA’s 2021 North American Pulse of Internal Audit survey, where 58% of chief audit executives (CAEs) indicated their teams were doing all or most of their work remotely and a further 22% said their teams were utilizing a hybrid approach of roughly equal remote and in-person work. This shift to remote and hybrid audit functions has spurred investments in technology. New survey data collected for the report reveals that since the start of the pandemic, more than half of the respondents’ organizations have acquired cloud-based technology to help with remote collaboration and risk management. “As fully remote and hybrid work models continue to become more common, an increasing number of audit teams are discovering that modern audit technology can help them better collaborate on their work, more rapidly surface risks, and drastically improve alignment and communication with business stakeholders," explained John Reese, chief marketing officer at AuditBoard. "In today's broad and dynamic risk environment it’s imperative for internal audit departments to move in this direction." One notable challenge of remote working is the ability to build and maintain relationships with colleagues and audit stakeholders. Leaders must make a conscious effort to schedule formal and informal meetings to ensure connectivity and strong relationships across all levels of the organization. “Audit functions that had done a couple of things before the pandemic started — including establishing very strong relationships, making good investments in technology, and applying the technology as part of their working methodologies — really had a big advantage when the pandemic hit,” says Harold Silverman, The IIA’s director of executive membership. “What we have seen is that a lot of less mature internal audit functions that learned the lessons from their peers are starting to make some of the same investments, especially with the expectation that remote work will continue.” Cultivating an adaptive and intentional mindset will enable auditors to take advantage of lessons learned from the shift to remote work. One company noted in the report did just that, reevaluating their processes and refocusing on the highest risks, and the result was a decrease in travel time from 50% to 25% for their auditors, which saved the company time and money. Going forward, communication skills and analytical and critical thinking are likely to be vital in order to successfully transition from in-person to hybrid or remote auditing.
Within the public sector, procurement is a huge expense funded with taxpayer dollars. Internal audit can provide assurance on the effectiveness of an organization’s plans and programs to procure goods and services with efficient practices. This practice guide will help auditors understand public procurement, improve existing procurement processes, and offer advisory services that help organizations plan new procurements. This practice guide helps auditors: Compare differing methods of public sector procurement. Examine several approaches and their benefits to auditing procurement. Identify contemporary, relevant procurement tools and techniques. Understand the impact of poor procurement on the entity/agency. This is for members only. To access it and other valuable resources, become a member today.
This report helps readers understand business resilience versus business continuity, and how stakeholder and board expectations have changed with recent disruption. Are We Ready? It’s Time for Internal Audit to Focus on Resilience Amid Extreme Change The Internal Audit Foundation, in collaboration with Protiviti, released a new report, “Are We Ready? It’s Time for Internal Audit to Focus on Resilience Amid Extreme Change,” to explain business continuity versus resilience. Addressing business resilience is a challenge. But it is necessary to meet stakeholder expectations for deeper and broader strategic insights and to gain a sharper understanding of enterprise changes and priorities. Now is the time for internal auditors to think and act boldly about the activities needed to help their organizations manage known and unknown risks.