Actualiteit

Deloitte heeft een wereldwijde survey uitgevoerd naar de staat van de IAF, waarbij met name gekeken is naar de functies met de grootste impact en invloed in hun organisatie. Het rapport biedt elke IAF een spiegel om te kijken op welke punten verdere innovatie zou kunnen plaatsvinden. Innovatie van de IAF is een ‘must’ gegeven de veranderingen en innovaties die in de organisaties zelf plaatsvinden. Daarbij blijkt dat IAF’s die een grote impact (menen te) hebben, relatief sterk innoveren. Innovaties die worden besproken betreffen zowel de aard en scope van de audits, de werkmethoden die worden gehanteerd als de sourcing van de functie. Concrete topics zijn bijvoorbeeld het gebruik van data analytics en Robotic Process Automation (RPA), agile werken en het auditen van cyber risico’s en cultuur.

Businesses around the globe recognise that transformation is necessary to survive. Digital transformation brings promise — and uncertainty — to organisations. As companies commit to and make progress with digital transformation, many are looking squarely at their internal audit team to provide guidance and insight along the journey. In Volume XIV of Protiviti’s Internal Auditing Around the World, we take a closer look at internal auditors’ challenges and opportunities as they help to support the business through digital transformation.

Even the most well-prepared audit plans need to be flexible. The 2018 Global Risk Report outlines the top risks faced by CAEs: Talent Management, Data Analytics, Cyber, Regulations, and Responding to Disruption. Are your audit plans flexible and adequate to address these risks?  Presenting 2018 — a new year, new laws, regulations, opinions, ideas, technology, and risks. Today's business environment is significantly different than it was in the past; it is more complex and more connected. Organizations face new and unknown risks, but also new and untapped opportunities. Considering in the year ahead the new opportunities and number of potential challenges and risks — some of which are expected and some of which are unique to 2018 — audit plans should be viewed as frameworks that will change as events occur, including those that are disruptive. 

This report from the Internal Audit Foundation highlights the increasing importance of implementing a comprehensive anti-bribery program in today’s marketplace to combat corruption. It discusses internal audit’s role in evaluating the design, implementation, and effectiveness of the organization’s anti-bribery program. It supports practitioners’ efforts to take a proactive role in anti-bribery initiatives by outlining the elements of a structured anti-bribery program and providing a “how-to” approach for auditing anti-bribery measures. 

The Basel Committee on Banking Supervision (BCBS) strengthened capital adequacy guidelines following several global financial crises. If observed, banking institutions should be able to absorb the volatility of potential credit, market, and operational risks in the wake of another serious market shift. This new practice guide, developed for financial services auditors but useful to any auditor working with statistical models and capital, focuses on how to provide assurance that an institution is well capitalized to meet the guidelines and prepared for cyclical business changes. This guide will help readers understand, measure, and assess the appropriateness and completeness of an institution’s capital planning process. Topics include: How to evaluate whether capital processes support the institution’s stated risk appetite. Strategies and methods to model credit, market, and operational risk. Audit tools and techniques. This is for members only. To access it and other valuable resources, become a member today.

Potential improvements are presented to the auditee by means of a recommendation mainly based on an audit finding. An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the Internal audit function’s effectiveness. This paper relates specifically to the followup of findings and recommendations issued by internal audit, not those identified by first or second line of defence functions. It can also be applied to actions taken in response to issues identified by regulators or external auditors. Implementation of management actions is a first line or second line of defence responsibility. However, in case of insufficient implementation of management actions, the Internal audit function should investigate and document the reason. Therefore, a well-established follow-up monitoring process is crucial to evaluate an internal audit’s effectiveness.

The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area. This paper sets out the view of the ECIIA Banking Committee (the Committee) on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services. 

The objective of this position paper is to provide guidance to the audit departments of banking groups to assist in delivering consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group. The primary principle outlined within this paper is that the group internal audit function is accountable for overseeing audit activity throughout the group. This view is aligned to that expressed in the Basel Committee’s guidance on internal audit (BCBS 223).

To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The internal audit function, as an essential part of the corporate governance framework, provides independent assurance that those risks have been properly managed. As the global business environment and its financial and regulatory requirements have become more complex, users of the audited processes have been calling for more pertinent information for their decision making. The rapidly evolving environment (e.g. digitalisation of services, sustainability, information technology) and a shortening life cycle of products requires organisations to embrace change. Agility and a short response time are critical to survival. This leads to new/enhanced risks which the organisation has to deal with and a new risk appetite. To be able to provide an assurance to senior management in a short time period, it is necessary to focus the audit plan on current and future risks and provide a risk-based approach for audit planning.

Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As risks are more and more complex, there are several functions involved in the implementation and the evaluation of an internal control system. However, it is important to stress the distinctive contribution of internal audit functions. Indeed, as the third line of defence, reporting to senior management and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

Managing the Impact of Models Short of a crystal ball, there is no fool-proof way to predict outcomes in the financial services industry. However, models provide a powerful tool to empower organizations to make important decisions using information from a variety of sources. The IIA’s Practice Guide: Auditing Model Risk Management helps ensure that these models are working as effectively as possible for an organization. This practice guide* provides an overview of key areas related to model risk management including business significance, regulatory requirements and expectations, and model components. It is designed to help chief audit executives and their audit teams understand their roles in assessing model risk management and empower them to implement an audit plan coverage approach and program tailored to the size, scale, and risks facing their organization. *Under Review: This practice guide contains some outdated material and references. It remains available while a review is underway.  This is for members only. To access it and other valuable resources, become a member today.

Over the course of just a few years, cybersecurity has grown into one of the most significant risk management challenges facing virtually every type of organization. Is the internal audit function keeping pace with this rapidly changing area of risk? This report examines this question and, based on a survey of internal audit and cybersecurity professionals, offers some observations on how internal audit departments are adapting in order to address cybersecurity risks. A decade ago, the internal audit function evolved and adapted to the increasingly important role that information technology (IT) was playing in all aspects of business operations. Today, internal audit faces the need to adapt once again to address the critical risks associated with cybersecurity. Recognizing this need, the Internal Audit Foundation and Crowe Horwath, in collaboration with The Institute of Internal Auditors’ (IIA’s) Audit Executive Center, conducted a limited survey of IIA members in order to understand how internal audit has begun to adapt to this new risk landscape. This report offers a summary of key findings from that research and provides insights into some current internal audit and cybersecurity policies and practices. In addition, the report’s authors draw on industry experience and observation based on their working relationships with internal audit functions across a broad range of industries.

Special Three-part Series: Artificial Intelligence, Internal Audit’s Role, and Introducing a New Framework This special three-part edition of Global Perspectives and Insights explores internal audit’s role in Artificial Intelligence by discussing associated risks and opportunities. The paper also introduces an AI Auditing Framework comprised of six components, all set within the context of an organization’s AI strategy. Avaiable in multiple languages.  You can find part 1 here. You can find part 2 here.  This is for members only. To access it and other valuable resources, become a member today.

Moral courage bridges the gap between making judgments and acting on them. According to the philosopher Aristotle, courage is the golden mean between cowardice and recklessness, and where that golden mean lies, depends on the specific circumstances. How do you determine that golden mean? How can you act courageously? What does acting courageously look like? And what can help you to do it? In this report we will look for answers to these questions. Our research for this report is based on insights gained in the field of philosophy and from the practice of internal auditors. In addition, we studied literature in the field of internal auditing, including the aforementioned studies conducted by the IIA Research Foundation. We also conducted empirical research in collaboration with IIA Netherlands. As part of our preparations for the IIA Netherlands Conference in June 2017, we also conducted a survey among the members of IIA Netherlands. In this report we present the findings of our research.

The internal audit activity is uniquely positioned and staffed within an organization to assess whether the information technology governance of the organization supports the organization’s strategies and objectives and to make recommendations as needed. Internal audits of IT governance should focus beyond the implementation of governance practices. Internal audit adds value to the organization by assessing the effectiveness of IT governance components, and providing assurance to stakeholders that principles and practices are followed and working as intended. Internal audit assessments will likely include activities such as: Assessing the degree to which IT governance activities and standards are consistent with the internal audit activity’s understanding of the organization’s risk appetite. Conducting consulting engagements as allowed by the audit charter and approved by the board. Ongoing dialogue with senior management and the board to ensure that substantial organizational and risk changes are being addressed in a timely manner. As the second edition of “Auditing IT Governance,” this GTAG* has been updated to reflect the 2017 International Professional Practices Framework and to be more directly practical to internal auditors. This edition provides tools and techniques to help internal auditors build a work program and perform engagements involving IT governance. *Under Review: This practice guide contains some outdated material and references. It remains available while a review is underway.  This is for members only. To access it and other valuable resources, become a member today.