Actualiteit

Cybersecurity operations can be categorized into three high-level control objectives: security in design, prevention, and detection. Stakeholders must be able to rely on internal audit’s independent, objective, and competent assurance services to verify whether organizational cybersecurity operations controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT and IS functions. This is for members only. To access it and other valuable resources, become a member today.

The IIA's three-part Global Knowledge Brief series on cybersecurity presents an overview of the new SEC proposals, including the implications they have for cybersecurity reporting regulation in the U.S. as well as abroad. It also explores how internal auditors can play an important role in helping their organizations manage an altered compliance landscape that new regulations could soon create. You can find part 2 here. You can find part 3 here. 

Part 3 of this series addresses how internal auditors can better identify and evaluate ESG risks within their own organizations, as well as provides real-world strategies employed by internal audit functions currently in the field. Michelle Uwasomba, Principal, Consulting Enterprise Risk Practice, and Shannon Roberts, Principal, Climate Change and Sustainability Services Practice, of Ernst & Young LLP (EY US) share some of their experiences in supporting companies in the development and execution of management programs to identify, assess, and respond to ESG risks (both upside and downside). You can find part 1 here. You can find part 2 here. This is for members only. To access it and other valuable resources, become a member today.

This new report, part of the Risk in Focus 2022 publication, produced jointly by twelve institutes of internal auditors and the ECIIA, draws on roundtable debates and interviews with CAEs across Europe to explore the key issues for organisations and for internal audit teams and to suggest questions and actions that CAEs and their teams can use to raise awareness in their businesses. Each year, Institutes of Internal Auditors from across Europe and the ECIIA collaborate to survey and interview chief audit executives (CAEs) to produce the Risk in Focus report, highlighting the most important risks for the year ahead. This year, human capital, diversity and talent management rose to its highest position ever when it was cited by 40% of CAEs across Europe as one of their top five risks for 2022.  People with technology expertise have been in critically short supply for many years. The skills crisis has widened dramatically and organisations in all sectors and locations are struggling to find people at all levels and with a huge range of skills. It is clear that organisations need to find new ways to attract and retain talented employees and invest in training and education. Corporate reputations matter more than ever. Organisations that have already worked hard to improve their equality, diversity and inclusion will reap the benefits as they are able to reach out to larger pools of potential employees and to attract those who leave employers they perceive as unsupportive or unable to offer them opportunities. Those that have not will have more limited options and must scramble to catch up.   

This yearly report has gathered insight from leaders in the profession through the annual Pulse of Internal Audit Survey since 2008. Each survey collects information about established and emerging issues, and other topics of importance to the profession and internal audit management. In an era where disruptive change has become the norm, the need for accurate and reliable benchmarking is paramount. The IIA’s 2022 North American Pulse of Internal Audit report brings together more than a decade of survey results to reveal important trends in four key areas: Budget - Compared to 2020, staffing budgets showed some return to normal, but travel budgets continue to have widespread, sustained cuts. Staff - Initial COVID-related cutbacks have eased generally, but there is less willingness to increase staff levels than before the pandemic. Risk - Technology risks and third-party risks are trending up. For the first time, sustainability risk edged upwards in the survey data. Audit Plan - Cybersecurity is trending up on audit plans for all respondents. For publicly traded organizations, Sarbanes-Oxley is increasing steadily. Beyond benchmarking, the Pulse report offers insights into how CAEs lead their functions, including areas of responsibility outside of internal auditing (fraud, ERM, SOX, etc.), as well as how they determine top concerns and decide how they would spend extra budget. Updated with a new digital-friendly format, the Pulse report is designed to share with peers, audit committees, and executive management.