Actualiteit

As companies transform into next-generation competitors, internal audit (IA) functions are working on their next-gen game as well. Protiviti’s latest edition of Internal Auditing Around the World, Volume 15, looks at ways IA departments around the world are reinventing themselves, using aligned governance, more agile methodologies and new enabling technologies to become more efficient, more future-focused and value-adding.

For four years now the Risk in Focus report has sought to shed light on key business risks as identified by Chief Audit Executives (CAEs) across Europe. This latest edition is the result of a working partnership between no fewer than eight European institutes of internal auditors and draws upon qualitative interviews with 46 CAEs in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK & Ireland working in a range of industries. In the previous edition we introduced a quantitative survey to the report for the first time. The report is becoming a more data-rich offering, with a full 528 responses to this year's CAE survey compared with 311 for Risk in Focus 2019. This is a resounding endorsement of our engagement with CAEs in the field, providing vital day-to-day assurance, advice and insight to their organisations.  Risk in Focus is an annual barometer of what CAEs perceive as their organisations’ risk priorities and what is preoccupying their thinking as they prepare their forthcoming audit plans. We see Risk in Focus as a vital point of reference for the internal audit profession Not just in Europe where the annual surveys and interviews are carried out, but worldwide. Risk is not solely the domain of internal audit, of course. Therefore, while the report may serve as a valuable document for CAEs and internal auditors in helping to shape and challenge their own audit plans for 2020, we hope it serves as an important benchmarking and consultation tool for a wide stakeholder group. Indeed, this report is as relevant for boards and audit committees as it is for risk managers and other assurance providers. Inevitably risk assurance is an idiosyncratic exercise that meets the specific needs of an organisation. There is also a board briefing available. 

Why Risk in Focus 2020 matters for you As a board member, it is imperative that you understand the key risks (and opportunities) your organisation faces and assure yourself that internal audit is addressing them. Some of these risks will no doubt be specific to your company, its unique operations and senior management’s growth strategy; others, however, are pervasive issues that are relevant for all businesses, big or small. With this in mind, we are briefing you on a newly published report, Risk in Focus 2020 (RiF20), a collaboration between eight institutes of internal auditors and available at iia.org.uk/riskinfocus.  RiF20, the fourth instalment of this annual report, highlights salient risks that have been identified by Chief Audit Executives (CAEs) and which you should be aware of in your discussions with senior management, audit committees and CAEs. RiF20 is the product of 46 qualitative interviews in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK & Ireland, and a quantitative survey that this year received 528 responses, a 70% annual increase in engagement.  The complete report Risk in Focus 2020 can be downloaded as well on the IIA website.

The IIA’s Core Principles for the Professional Practice of Internal Auditing are part of the Mandatory Guidance of the International Professional Practices Framework (IPPF). Demonstrating the Core Principles validates the effectiveness, credibility, and value of the internal audit activity within the organization's governance structure. By achieving the Core Principles, the internal audit activity also achieves the Mission of Internal Audit: “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” This practice guide explains the concepts embodied in the Core Principles and describes enablers, or specific ways to enable and demonstrate them. The guide also identifies measurable key indicators that enable the internal audit activity to define, measure, assess, and monitor demonstration of the Core Principles. The chief audit executive (CAE) should use these enablers and key indicators to customize an approach to demonstrating the Core Principles that is most applicable to its internal audit team. This customized approach may be used as the basis for a selfassessment tool that may supplement the internal audit activity’s quality assurance and improvement program (QAIP), as well as providing an easy-to-understand, high-level communication of the internal audit activity’s value and effectiveness to key stakeholders, such as senior management and the board. The eBook Practice Guide: Demonstrating the Core Principles for the Professional Practice of Internal Auditing costs $25.00

Fraude kan de bedrijfsactiviteiten verstoren, zorgen voor compliance risico’s, de naam van een organisatie in diskrediet brengen en aanzienlijke kosten voor een organisatie en haar stakeholders opleveren. Al heeft het management, onder toezicht van het bestuur, de primaire verantwoordelijkheid voor het vaststellen en bewaken van effectieve beheersingsmaatregelen om fraude tegen te gaan en op te sporen, het is de plicht van de internal auditfunctie om het risico op fraude te beoordelen volgens de internationale standaarden voor de beroepsuitoefening van internal auditing. In deze praktijkgids worden de kenmerken van fraude beschreven, evenals het proces van het tijdens de planning van de opdracht vaststellen en beoordelen van frauderisico’s. Hoe de frauderisicobeoordeling precies moet worden opgenomen in de planning van de opdracht, kan variëren al naargelang de behoeften van de individuele organisatie, de internal auditfunctie en de opdracht. Over het algemeen omvat het proces echter de volgende stappen: • het verzamelen van informatie om inzicht te krijgen in het doel en de context van de opdracht, alsook in de governance, het risicomanagement en de beheersingsmaatregelen die van belang zijn voor het te beoordelen domein of proces; • het brainstormen over fraudescenario’s om potentiële frauderisico’s te identificeren; • het beoordelen van de geïdentificeerde frauderisico’s om te bepalen welke risico’s tijdens de opdracht verder moeten worden geëvalueerd.