Actualiteit

Cybersecurity attacks are increasing as the tools for detecting and exploiting vulnerabilities in networked systems and devices become increasingly sophisticated or commoditized. Threatening technologies and methods are advanced by criminal enterprises, state-sponsored hackers, and others with malicious intentions. An organization’s stakeholders rely on independent, objective, and competent assurance services to verify whether cyber incident response and recovery controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value to the organization when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT-IS functions.

A new report, "Diversity, Equity, and Inclusion 101: Internal Audit's Invaluable Role in Creating a Sense of Belonging at Work," from the Internal Audit Foundation and Deloitte, explains why it's essential for internal audit to be more involved in the organization's ESG efforts, and helps you get started today with tangible action items to add value and improve outcomes of DEI initiatives. The top five takeaways: Definitions of key terms like diversity, equity, inclusion, and anti-oppression are provided to help navigate confusing and often misused terminology. Internal audit's opportunity and obligation to foster a diverse, equitable, and inclusive culture starts within its own function. Establishing metrics and monitoring the DEI program are critical actions to ensure the program is meeting strategic objectives. Organizations need new ways to identify and manage DEI risks and examine business processes to expose strengths and deficiencies. Take the first steps on how to address DEI efforts as an assurance provider, trusted advisor, or agent of change. Download the report here  

The purpose of this practice guide is to increase the internal auditor's awareness of fraud risk, including the role the internal audit activity can play, and provide guidance on how to perform a fraud risk assessment at an organizational level. The IPPF requires internal auditors to consider the risk of fraud in their work. The internal audit activity must evaluate the potential for fraud and how the organization manages fraud risk, as per Standard 2120.A2. Implentation of this guide is intended to: Increase the internal auditor's awareness and understanding of organizational fraud risk governance and management. Explain the various roles responsible for preventing, detecting, assessing and investigating fraud at the organizational level and how they interact using The IIA's position paper, The Three Lines Model. Describe the purpose and benefits of utilizing a fraud risk management framework, with specific reference to COSO's Fraud Risk Management Guide.  Explain the role the internal audit activity may play in the organizational's fraud risk management program. Identify the requirements for the internal audit activity to provide assurance on organizationwide fraud risk governance and management. These include: - Evaluating structures and processes for fraud risk governance. - Performing an organizationwide assessment of fraud risks. - Evaluating the design of the fraud risk management program. - Evaluating operationalization of the fraud risk management program. - Communicating results and assurance to senior management and the board. The second edition practice guide supersedes Practice Guide "Internal Auditing and Fraud" originally issued in 2009. This is for members only. To access it and other valuable resources, become a member today. 

This report provides a comprehensive overview to help Audit Committee members properly prioritize and monitor one of the greatest business risks . We outline key questions to understanding why the cyber security perimeter has expanded, its connection with other risks, the greatest threats, the costs of a cyberattack and what can help to mitigate it. The question is not whether there will be attacks, but when. We need to be prepared..    

The conflict in Ukraine requires greater vigilance in cyber security. ISACA Belgium, the Institute of Internal Auditors Belgium and the Institut Français de l’Audit et du Contrôle Internes (IFACI) decided to issue a short impact briefing for all members. Although it remains silent about concrete actions and attacks, clear indications show in the wake of the Ukrainian conflict an expansion of malicious cyber activity, both inside and outside the conflict area. In a digital world, cyber attacks can have a huge impact on daily operations and business, rendering our private and public companies and organizations more vulnerable. Therefore, they need to prepare proactively a mitigation of the potential impact of such events. Introduction & Context This paper intends to raise awareness and to encourage organizations to reflect on their cyber readiness in the context of the conflict in Ukraine. This changing environment calls for a reassessment of the current cyber risk exposure and an evaluation of the need to implement additional measures. Whether or not cyber risk was considered in the past, the current situation may provide an opportunity to assess what needs to be done or to review the existing measures