Actualiteit

Change management in the IT environment is, as the guide’s title states, critical for organizational success. Organizations are bombarded with change requests ? not only to improve or update existing application functionality, but also to implement necessary patches to help secure those applications, and in some cases to comply with relevant regulatory requirements. Managing the flow of requests should be handled efficiently and effectively to avoid mishaps, rework, unintended consequences, or even system failure. The updated third edition of this topic will help internal auditors understand the risks and controls associated with IT change management and how to assess the operational efficiency of processes involving change management. This guide provides tools to help internal auditors obtain and evaluate evidence that management’s assertions are accurate, and explains how to provide assurance over this critical area. This guidance will enable internal auditors to: Have a working knowledge of IT change management processes. Distinguish effective change management processes from ineffective ones. Recognize red flags and indicators that IT environments are having control issues related to change management. Understand that effective change management hinges on implementing appropriate preventive, detective, and corrective controls to ensure adequate management supervision. Recommend best practices for addressing issues, both for assurance of risks and increasing effectiveness and efficiency. This is for members only. To access it and other valuable resources, become a member today.

Even as companies become more digital savvy, they continue to confront new and emerging data risks that pressure financial and reputational vulnerabilities. To help address these challenges, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Deloitte Risk & Financial Advisory, is releasing new guidance, “Managing Cyber Risk in a Digital Age.” Written to boards of directors, audit committee members, executive management, and cyber practitioners, the new guidance addresses how companies can apply COSO’s Enterprise Risk Management–Integrating with Strategy and Performance (ERM Framework), one of the most widely recognized and applied risk management frameworks in the world, to protect against cyberattacks. The guidance provides insight into how organizations can leverage the five components and 20 principles of the ERM Framework to identify and manage cyber risks. This guidance provides context related to the fundamental concepts of cyber risk management techniques but is not intended to be a comprehensive guide to develop and implement technical strategies.

This report contains the findings of a study into the extent to which Internal Audit Functions (IAFs) conduct audits focused on culture and behaviour (C&B), the extent to which C&B is discussed in the meetings between the IAF and the Audit Committee (AC) and the ambitions of IAFs in this area. Much has been published about C&B in recent years. This publication occupies a unique position in the literature on this topic. It does not focus on the importance of the topic, the possible role of the IAF or the research methods, but on the state of affairs, the ambitions and the tools to achieve these ambitions. In a careful process, the working group defined a practical theoretical framework for this, conducted a survey among Chief Audit Executives (CAEs), discussed the survey results in interviews with a number of Supervisory Board members, and reflected on them in a roundtable meeting with participating CAEs. The report contains a number of key insights and tools, which are elaborated step by step and summarised in a clearly structured way in a concluding section. What is striking in the findings in any case is that many IAFs want C&B to receive more attention, and that the IAF is the main internal supplier of C&B-related audits and the Supervisory Board / AC is seen as an important sponsor, but also that CAEs need to take the initiative on this and ‘pitch’ such audits. The report is an excellent tool for (even) further integrating C&B in management, auditing and supervision. In addition, it provides CAEs with an excellent point of reference for benchmarking their own situation and ambitions and entering into discussions with their Management Board and Supervisory Board / AC. It would be good if the publication also triggered a further professional debate in which the following question can be raised: How can the increasing attention paid to C&B deliver not only effectiveness, but also efficiency for audits that currently still rely primarily on hard controls?  

Culture can be difficult to define, including individual belief systems and preferences of each employee — from line workers to the corner office. Culture captures the complexity of defining and then assessing intangible organization-wide qualities or aspects that comprise human belief systems, social norms, and other psychological factors. This practice guide will help internal auditors understand risks associated with an organization’s culture, how effective management of those risks supports a successful control environment, and how to approach an assessment of culture. This guidance will enable internal auditors to: Understand the business significance of culture and conduct risk in an organization’s control environment. Identify the key components of culture and conduct risk. Understand key stakeholder concerns and expectations related to culture and conduct risk. Recognize internal audit’s role in assessing and reporting on organizational culture. Understand, based on example tools/guidance, possible approaches to assess and report on an organization’s culture and management of conduct risk. The eBook Practice Guide: Auditing Culture costs $25.00

The IIA’s new report, Global Perspectives and Insights: Talent Management, explores the evolving challenges organizations are facing when trying to recruit and retain top internal audit talent. It discusses factors like the expanded ground internal audit is charged with covering as well as issues that compound the situation, like technology advancements and tech-based risks. If you are an internal audit candidate with a background in IT, data analytics, or related tech-based specialties, congratulations. You are the unicorn audit leaders across the globe will be bidding on just for the privilege of basking in the breadth of your knowledge. Life is good, and you will soon have the bank account you have always dreamed about.  One person’s dream, however, is another person’s nightmare. In today’s talent market, audit leaders are losing sleep over how best to maintain functions capable of fulfilling an expanding list of obligations company stakeholders expect of them. As the business risk landscape continues to shift at an ever-increasing rate — driven by emerging technologies, macroeconomics, geopolitics, and more — internal audit functions are tasked with somehow navigating a talent market that is spread thin and demands financial compensation far beyond what some audit functions can offer.  However, no challenge is insurmountable, and this multi-faceted one can be resolved with a comprehensive talent management strategy that spans the entire lifecycle of talent, from recruitment to development to long-term retention. What is needed is an understanding of the factors that have created such a volatile environment for talent, and an informed evaluation of what a talent management strategy should entail.