Actualiteit

The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from (re)insurance undertakings to third parties. It is crucial that key stakeholders, including management, the board and the (re)insurance undertaking’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area. This paper sets out the view of the ECIIA Insurance Committee (the Committee). It is based on the position paper on Internal Audit Oversight of external outsourcing issued by the ECIIA Banking Committee, on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services. This paper was adapted to the specifics of the (re)insurance undertakings, in particular the regulatory requirements of Solvency II. This paper does not consider: Outsourcing of internal audit as a function Internal outsourcing (from one legal entity to another within the same group), albeit many of the same concepts could be applied

Internal Auditing Around the World, Volume 16 - The future auditor had arrivedThe future auditor has arrived. It’s a bold statement — and it’s true. The future auditor is a vision, inspired partly by the definition of internal auditing from The Institute of Internal Auditors: ‘‘an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.’’ When Protiviti first articulated this vision in 2014, we explained that the future auditor, once personified, would be recognized as a ‘‘positive change agent’’ in the organization. We also asserted that chief audit executives (CAEs) who embraced this vision would be ‘‘better positioned to demonstrate to executive management and the board the value contributed by internal audit through their comprehensive risk focus and forward-looking, change-oriented and highly adaptive behavior.’’ Six years later, we see that many internal audit leaders around the globe have answered that call to action — and are committed to bringing forth a next-generation internal audit function. They, and their teams, have disrupted their function’s status quo by thinking differently about how internal audit performs its work and delivers results that do, in fact, add value to the business.

This Global Perspectives and Insights describes the Internal Audit Ambition Model from the perspective of several CAEs who have applied it. Looking toward to its potential applications, the report considers how the model may be used as part of the internal audit activity’s quality assurance and improvement program (QAIP). In today’s unprecedented and volatile business environment, organizations face a future that is as difficult to predict as it is open for creativity and innovation. The internal audit activity can play a vital role in helping organizations anticipate, evaluate, and respond to risks and opportunities. And CAEs must effectively demonstrate that value. CAEs need robust tools to continuously enhance the value that the internal audit activity provides to management and the board. Perhaps equally important, the right tool should enrich the ability to clearly express internal audit’s potential. The Internal Audit Ambition Model seeks to help CAEs achieve those goals. The Internal Audit Ambition Model may help the internal audit activity: Adopt a common approach and consistent criteria for conducting self-assessments of its current (“achieved”) quality. Help drive conformance with the The IIA’s International Professional Practices Framework. Establish a peer benchmark against which to compare itself. Create a visualization of its achievements in key process areas. Identify the “ambition” level to which it aspires. Identify gaps that must be filled to achieve its desired ambition level. Communicate with senior management and the board about its achieved level of quality and its level of ambition. According to the model’s authors, the word “ambition,” distinguishes this model from maturity models because it communicates the CAE’s choice about the level to which the internal audit activity should aspire. The choice takes into account the input of senior management and the board in light of factors such as the complexity of the organization, the size of the internal audit activity, and the industry in which the organization operates. The word “ambition” moves the focus from simply meeting the requirements to inspiring intentionally chosen improvements.  

This paper offers a practical approach to directly address the scenario of an increased risk of fraud (corruption, misappropriation of assets, fraudulent financial statements) in organizations due to the pandemic. It considers related key actions, including assessment of vulnerabilities, risk mitigation, and monitoring fraud alerts (red flags). This report also presents a useful analysis on how to face a possible increase in the risk of fraud in these times of COVID-19 (pre- and post-pandemic) from the perspectives of the fraud triangle, the Three Lines of Defense model, cybersecurity, and global risk. People and organizations around the world are fighting to overcome the crisis caused by the COVID-19 pandemic and its direct and collateral effects. In this fight, internal auditors are actively helping organizations overcome and recover from the crisis. Download it today and watch Continuing the Conversation for a deeper dive.

Organisaties zijn ondernemingen van mensen, die actief zijn in een wereld die steeds onzekerder, complexer, meer onderling verbonden en volatiel wordt. Vaak hebben ze meerdere stakeholders met verschillende, veranderende en soms tegengestelde belangen. Stakeholders vertrouwen het toezicht op de organisatie toe aan een bestuursorgaan, dat op zijn beurt middelen en bevoegdheden aan het management delegeert om passende actie te ondernemen, inclusief risicomanagement. Onder meer om deze redenen hebben organisaties effectieve structuren en processen nodig die het mogelijk maken doelstellingen te realiseren, en die tegelijkertijd een sterke governance en risicomanagement ondersteunen. Aangezien het bestuursorgaan van het management rapportages over activiteiten, resultaten en prognoses ontvangt, rekent zowel het bestuursorgaan als het management erop dat internal audit bij alle vraagstukken onafhankelijke, objectieve assurance en adviezen verstrekt, en innovatie en verbetering bevordert en faciliteert. Het bestuursorgaan is eindverantwoordelijk voor de governance, die door de acties en handelwijzen van het bestuursorgaan, het management en internal audit wordt verwezenlijkt. Het Three Lines Model helpt organisaties structuren en processen in kaart te brengen die het beste bijdragen aan het realiseren van doelstellingen en die een sterke governance en risicomanagement faciliteren. Het model is op alle organisaties van toepassing en wordt geoptimaliseerd door het volgende: Een op beginselen gebaseerde aanpak hanteren en het model aanpassen aan de doelstellingen en omstandigheden van de organisatie. Focussen op de bijdrage die risicomanagement levert aan het realiseren van doelstellingen en het creëren van waarde, en ook aan de 'verdediging' en het beschermen van waarde. Een helder inzicht in de rollen en verantwoordelijkheden in het model en de onderlinge relaties. Maatregelen nemen om ervoor te zorgen dat activiteiten en doelstellingen zijn afgestemd op de voornaamste belangen van stakeholders.