Actualiteit

Before you can determine where to go and how to get there, you must figure out where you are. The concept of data analytics has become a mandate for internal audit functions. The question isn’t 'if'; it isn’t even 'when.' The time is now; the question is how? If you have not yet started or have only dabbled in the world of data analytics, it is time to learn about it and recognize the potential value you can contribute to your organization by implementing even a basic foundation and building on it as you appreciate the full value and power of information. Is it a daunting proposition? It can be, and there is a learning curve, but even small audit functions can take advantage of the power that data analytics can provide. It can further your reach into and visibility within your organization, allowing you to stay relevant and contribute to your organization’s betterment by providing greater value. “Analytics Refresher,” published almost five years ago in Internal Auditor magazine, is still on target today. “Internal audit can be a catalyst for expanding the use of analytics through the company to provide greater, more holistic business insights,” states the article’s author, Neil White. Those who are not fully engaging in data analytics can enhance their organizational profile and usefulness by making it a priority to introduce data analytics into the audit plan. You can find part 2 here.

Data analytics has become a strategic imperative Embracing data analytics is by no means a new idea for internal auditors, but judging by the number of “how to get started” articles that continue to be published, adoption is still in its infancy — particularly when it comes to smaller audit functions that may be resource constrained. Today’s world is overwhelmed with readily available data, and chances are your various departments or business units already are collecting bits of valuable information. If aggregated and analyzed with the aim of enabling your organization to achieve its objectives, this data may present myriad opportunities from which to boost profits, reduce expenses or waste, and grow.  One barrier to embracing the power of data analytics may be obtaining buy-in from your organization’s leaders. This is where internal auditors have an opportunity to make the case. Not only is data analytics the way of the future, but organizations of all shapes and sizes across all industries cannot afford to ignore a tool with the capacity to yield an irresistible bounty. The key for internal auditors is to win the hearts and minds of decisionmakers who can pave the way for adoption of a solid data analytics strategy. As noted in “Data Analytics Mandate, Part 1: Where do we go from here?,” this paper will review strategies and tactics for those in the early stages of data analytics adoption or those who have yet to begin. This is for members only. To access it and other valuable resources, become a member today.

The growing popularity of blockchain networks, coupled with blockchain’s potential to fundamentally transform the way many business processes are handled, raises an important question for internal auditors: What steps, if any, should the profession be taking in response to this transformational technology? Blockchain’s initial prominence arose from its use as the underlying technology for powering digital currencies such as bitcoin. But the technology has numerous other applications in a variety of business processes and entities beyond cryptocurrencies. As these applications become more widespread and commonplace, internal audit’s role as the third line of defense in risk management will be directly affected. Certain attributes and features of blockchain technology open up the possibility of numerous new and promising applications in a broad range of industries. Yet, in many ways, enterprisewide blockchain applications are still emerging. Evidence suggests that while some internal audit departments are responding to blockchain adoption by their companies, the profession as a whole has not yet taken a leading role in this area.

The IIA’s Global Perspectives and Insights: 5G and the 4th Industrial Revolution looks at keys issues that are bound to arise once 5G is a reality. From implementation challenges, legal issues, and regulatory tests to disruptive technologies, data management, and cybersecurity concerns, the report seeks to prepare organizations for the potential impacts of 5G so they can proactively address the issues. This is for members only. To access it and other valuable resources, become a member today. You can find part 1 here.

De laatste jaren is de aandacht voor de positie van de internal auditor toegenomen. Dit hangt vooral samen met de toegenomen aandacht voor governance in het algemeen. In de Corporate Governance Code 2016 wordt veel dieper ingegaan op zowel de rol alsook op enige werkzaamheden van de internal auditor en eveneens op benoeming, beoordeling en ontslag. Tevens wordt voor het eerst de Raad van Commissarissen direct in relatie met de internal auditor gebracht. Het internal auditvak en -aandachtsgebieden zijn echter niet in steen gebeiteld. Uit dit onderzoek blijkt dat er meer mogelijk is. Op grond van dit onderzoek menen we te mogen stellen dat de internal auditor en de RvC en Raad van Bestuur (RvB) eens fundamenteel na moeten denken of de aandachtsgebieden van de internal auditor niet breder mogen/moeten zijn dan thans gebruikelijk. En ook in hoeverre de bestaande relaties vanuit internal auditor naar de verschillende governance gremia wat creatiever mogen worden ingevuld. Het aandachtsgebied van de internal auditor moet zich misschien ook wel uitbreiden tot een kritische analyse van RvB en RvC. We zijn er toch voor het belang van de organisatie? Bekijk hier de cartoons. De volledige versie vindt u hier.

De laatste jaren is de aandacht voor de positie van de internal auditor toegenomen. Dit hangt vooral samen met de toegenomen aandacht voor governance in het algemeen. In de Corporate Governance Code 2016 wordt veel dieper ingegaan op zowel de rol alsook op enige werkzaamheden van de internal auditor en eveneens op benoeming, beoordeling en ontslag. Tevens wordt voor het eerst de Raad van Commissarissen direct in relatie met de internal auditor gebracht. Het internal auditvak en -aandachtsgebieden zijn echter niet in steen gebeiteld. Uit dit onderzoek blijkt dat er meer mogelijk is. Op grond van dit onderzoek menen we te mogen stellen dat de internal auditor en de RvC en Raad van Bestuur (RvB) eens fundamenteel na moeten denken of de aandachtsgebieden van de internal auditor niet breder mogen/moeten zijn dan thans gebruikelijk. En ook in hoeverre de bestaande relaties vanuit internal auditor naar de verschillende governance gremia wat creatiever mogen worden ingevuld. Het aandachtsgebied van de internal auditor moet zich misschien ook wel uitbreiden tot een kritische analyse van RvB en RvC. We zijn er toch voor het belang van de organisatie? Bekijk hier de cartoons. De verkorte versie vindt u hier.

In the Global Knowledge Brief 'Innovative Approach to Audit Reports' you learn about an innovative approach to developing audit reports for operational and implementation audits. This Brief details the link between findings, maturity, and overall report ratings, and offers best practice examples for organizing and presenting content within audit reports. Neil Frieser, Senior Vice President of Frontier Communications, decided to use a 'ten-year challenge' to look back at 10-year-old internal audit reports produced by Frontier Communication’s audit team, as well as historical audit report formats. Frieser’s core team found much they could improve to add value to future reports for management, the audit committee, and by extension its organization.  The purpose of this Knowledge Brief is to document the steps Frieser’s team took on its journey to bring more user-friendly, communications-focused ideas to the traditional audit report format, as well as highlight some key takeaways other audit shops can use to bring a new level of readability, persuasiveness, and impact to their own reports. This is for members only. To access it and other valuable resources, become a member today.

De continue evaluatie en verbetering van de dienstverlening is een belangrijk kenmerk van professionele organisaties. Dergelijke reflectie en ontwikkeling draagt sterk bij aan het vertrouwen in en de toegevoegde waarde van de dienstverlening. Dit geldt ook voor internal auditfuncties (IAF’s). De beroepsnormen van het Instituut van Internal Auditors (IIA) hebben dan ook een verplicht programma voor kwaliteitsbewaking en -verbetering. Hier hoort tevens een externe, onafhankelijke kwaliteitstoetsing bij, die tenminste eens in de vijf jaar dient plaats te vinden. Dit rapport beschrijft de resultaten van de analyse van de uitgevoerde externe kwaliteitstoetsingen in 2018. Het verschaft inzicht in de conclusies en aanbevolen verbeterpunten die frequent voorkomen. Hiermee beoogt IIA Nederland IAF’s handvatten te geven voor een volgende stap in hun kwaliteitsverbetering. Tevens is dit rapport een hulpmiddel voor IAF’s bij de voorbereiding op een externe kwaliteitstoetsing.

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in the Netherlands in 2018. It provides insight into the conclusions and recommended points for improvement that surface frequently. With this report IIA Netherlands intends to provide IAFs with points of reference for the next step in their quality improvement. The report is also an aid for IAFs in preparations for external quality reviews.

The IIA’s Global Perspectives and Insights: 5G and the 4th Industrial Revolution, part one of a two-part series, looks at keys issues that are bound to arise once 5G is a reality. From implementation challenges, legal issues, and regulatory tests to disruptive technologies, data management, and cybersecurity concerns, the report seeks to prepare organizations for the potential impacts of 5G so they can proactively address the issues. This is for members only. To access it and other valuable resources, become a member today. You can find part 2 here.

The Internal Audit Foundation announced the release of a new research report, Striking an Optimal Balance Between Assurance and Consulting Services – Practical Insights from Internal Audit Leaders, based on the Foundation’s comprehensive Common Body of Knowledge study. As part of the research for this report, chief audit executives (CAEs) were asked to provide insight into how they balance assurance responsibilities with the types of consulting and advisory work that boards and management teams increasingly are requesting from their internal audit function. Audit executives described an ironclad commitment to maintaining internal audit objectivity and prioritizing internal audit’s assurance services over all other activities. However, the need for internal audit objectivity does not preclude them from successfully providing a wide range of internal audit advisory services, according to the report.

Now is the time to commit to the journey to evolve into a next-generation internal audit function. While this journey will be prolonged and marked with steep challenges, it is absolutely imperative given the intensifying nature of the digital transformation underway in the rest of the organization and the overall market. The results of the 2019 Internal Audit Capabilities and Needs Survey, in which Protiviti takes an in-depth look at the adoption of next-generation internal audit competencies such as agile auditing, artificial intelligence (AI), machine learning (ML), robotic process automation (RPA) and continuous monitoring, among many others, provide a detailed assessment of how internal audit groups are progressing on their next-generation journeys. 

Risk management is driven by more than regulations and external forces. Implementing efficient and effective risk management benefits organizations of any type and size by helping them to achieve operational and strategic objectives and to increase value and sustainability, ultimately better safeguarding their stakeholders. Internal auditors must evaluate the effectiveness and contribute to the improvement of risk management process (Standard 2120 – Risk Management). Benchmarking the current state of the organization’s risk management against a risk management maturity model is a good place to start this type of assessment. Benchmarking may help the internal audit activity communicate with senior management and the board about the organization’s level of risk management maturity and about aspiring to improve the process and advance in maturity. This information also enables internal auditors to appropriately tailor each engagement, taking into account the maturity of the area or process under review. This guidance provides examples of risk management maturity models and a basic methodology internal auditors may use to provide independent assurance that the organization’s risk management process is effective. Applying the guidance will help internal auditors protect and enhance organizational value and fulfill the expectations of the board and senior management.

Leaders of organizations in virtually every industry, size of organization and geographic location are reminded all too frequently that they operate in what appears to many to be an increasingly risky global landscape. Protiviti and North Carolina State University's ERM Initiative provided this report focusing on the top risks currently on the minds of global boards of directors and executives. The report contains results from the seventh annual risk survey of directors and executives to obtain their views on the extent to which a broad collection of risks is likely to affect their organizations over the next year. The respondent group provided their perspectives about the potential impact in 2019 of 30 specific risk across three dimensions: Macroeconomic risks likely to affect their organization's growth opportunities Strategic risks the organization faces that may affect the validity of its strategy for pursuing growth opportunities Operational risks that might affect key operations or the organizaion in executing its strategy

ESG, ofwel Environmental, Social en Governance gerelateerde risico’s, kunnen een grote invloed hebben op het succes en zelfs de continuïteit van een organisatie. COSO en de World Business Council for Sustainable Development (WBCSD) hebben guidance ontwikkeld om deze risico’s in kaart te brengen en effectief te managen: Enterprise Risk Management. Daartoe wordt het (nieuwe) COSO ERM-model toegespitst op de ESG-risico’s: "Applying enterprise risk management to environmental, social and governance-related risks." This guidance is designed to help risk management and sustainability practitioners apply enterprise risk management (ERM) concepts and processes to ESG-related risks. The purpose of this guidance is to help an entity achieve: Enhanced resilience: An entity’s medium- and long-term viability and resilience will depend on the ability to anticipate and respond to a complex and interconnected array of risks that threaten the strategy and objectives. A common language for articulating ESG-related risks: ERM identifies and assesses risks for potential impact to the strategy and business objectives. Articulating ESG-related risks in these terms brings ESG issues into mainstream processes and evaluations. Improved resource deployment: Obtaining robust information on ESG-related risks enables management to assess overall resource needs and helps optimize resource allocation. Enhanced pursuit of ESG-related opportunities: By considering both positive and negative aspects of ESG-related risks, management can identify ESG trends that lead to new opportunities. Realized efficiencies of scale: Managing ESG-related risks centrally and alongside other entity-level risks helps to eliminate redundancies and better allocate resources to address the entity’s top risks.