Actualiteit

If internal auditors are to remain relevant and add real value to their organizations, their speed, flexibility, and proactive approach to problem solving must be optimized. The report Perspectives and Insights: Agility and Innovation defines what it means to be agile and innovative in today's marketplace and how the two are interdependent. The modern internal audit function needs to tie traditional audit activities more closely to the organization’s strategic objectives and risks. Most chief audit executives (CAEs) recognize that reality already — either at some visceral level, through conversations with the board and executives in the first line of defense, or through implementation of The International Standards for the Professional Practice of Internal Auditing. In fact, conformance to the Standards requires that internal audit evaluate risks from the perspective of achieving the organization’s strategic objectives. This is not optional, but rather a necessity to ensure internal audit serves its role to protect and enhance organizational value. Two realities thwart that need, however. First, organizations simply have more risks coming at them, and those risks can harm the organization in swift, painful ways: a social media campaign that emerges overnight; a sexual harassment scandal that ousts a key employee; a food safety incident; a merger of competitors or suppliers; a new trade or regulatory policy that upends years of carefully constructed business models. Second, the reality is that CAEs also must dedicate resources to additional tasks providing assurance support for other assurance providers within and for the organization, including monitoring how operational risks are managed; compliance testing; the preparation of evidence for external auditors; and the vetting of accounting policies to ensure compliance with anti-bribery statutes. By continuing to fulfill those more traditional audit tasks, while also becoming agile and innovative, internal audit can transform into something that works more swiftly to help the rest of the organization address an increasingly chaotic, unpredictable environment. That will be a struggle, but one that The IIA feels can be done with awareness of and alignment to the organization’s strategic objectives and risks.

Ceo's van private- en familiebedrijven maken zich het meeste zorgen over cyberdreigingen en gebrek aan talent. Dat blijkt uit de 21ste PwC CEO Survey. 39% van de ceo's ziet cyberdreigingen als de grootste bedreiging van groei. Veel ceo's maken zich zorgen over de snelheid waarmee technologie verandert, en of hun bedrijf opgewassen is tegen de nieuwe dreigingen die daaruit voortkomen, maar ook of hun bedrijf op tijd kan inspelen op de kansen die nieuwe technologieën bieden. Bij gebrek aan talent draait het vooral om het gebrek aan digitaal talent; bijna driekwart van de ceo's zegt zich daar zorgen over te maken, en 48 procent van de private bedrijven zegt dat het erg of enigszins moeilijk is om dit soort werknemers te vinden. Bij familiebedrijven is dit zelfs 57%.

The insights on leading practices shared by CAEs are by turns familiar and fascinating when these leaders open up about how their internal audit functions work with management and the board to address three specific areas of strategic risk for their organizations: cybersecurity, IT projects, and capital projects. The familiarity stems from the risk-based approach of audit leaders for these strategic risk areas, as well as what they say about the underlying enablers of effective “strategic auditing” – an activity that more board members, CEOs, CFOs, and other C-suite executives are encouraging internal audit to perform. CAEs consistently point to the value of internal audit’s early involvement in strategic initiatives, its risk-based auditing approach, internal audit’s credibility in the eyes of business partners, and the function’s capacity to thrive in an advisory manner. These critical building blocks have existed within top-performing audit functions for some time.

Conformance to the IPPF is essential in meeting the responsibilities of internal auditors and the internal audit activity (IAA). It provides a measure of confidence that the IAA is operating to a strict code of ethics and defined professional standards, and that its staff is trained to specified standards of education and continued professional development.  

The word governance has become a staple of the boardroom and C-suite lexicon, but just what governance is, can sometimes become muddled. At its core, governance simply is the amalgam of processes and structures designed to help the organization achieve its objectives.