Actualiteit
Welkom op onze actualiteitspagina
Ontdek hier het laatste nieuws, bekendmakingen, en publicaties op het gebied van internal audit
Nieuws
Publicaties
Data Analytics, Parts 1-3 This Global Perspectives & Insights combines three Global Knowledge Briefs that explore the growing use of data analytics in modern business and where internal audit fits in. With proper understanding of the organization's data needs and strategies, internal audit can present a data analytics audit plan that is detailed, clear, and illustrates to the board a tangible return on investment. The three briefs are: PART 1: Literacy, Governance, and Management PART 2: Gathering, Analyzing, and Visualizing Data PART 3: Developing a Resilient Data Analytics Strategy
Fraud in the Cryptosphere The world fixated on the sheer spectacle of the FTX scandal in early 2023, but the event also raised greater questions regarding digital assets. With parallels the Tornado Cash and Bitzlato debacles, FTX’s collapse and the subsequent impact on the industry it represented has led many to question the long-term viability of crypto assets. Part I of this three-part series on fraud examines common fraud schemes seen in the early stages of a crypto-asset world. You can find part 2 here. You can find part 3 here.
During the last years supply chains have faced many challenges, including the corona pandemic, the war in Ukraine and a move to more sustainable business models. The Committee of Professional Practices conducted research on the role of internal auditors in supply chain risks. Overall this research shows a great diversity in how internal audit departments deal with supply chains risks. Throughout the diverse range of companies and topics studied, few communalities were found. Despite that supply chain is identified as a top risk for organizations in 2023 by CAE's, 30% of respondents indicate not being involved with supply chain risks in any way. These 30% consists of IAFs of different sizes (from 0-5 tot 50+ FTE) and different industries (Construction, Finance and non-profit). A surprising finding given the attention the topic of supply chain receives in this day and age. It might explain why the internal audit literature contains few research and guidance on the topic. IAF's that do work on supply chain take different approaches and scopes tailored to the organization, taking into account different topics. Often these include the topics identified in the literature study underlying this survey. Additionally a diverse range of other topics are taken into account, including security and outsourcing. Another example of the diversity between IAFs found in this study. Future research could be performed on the diversity of subjects, and on providing a common analytical framework for operationalizing audits on supply chain management. Surprisingly, ESG related supply chain topics such as climate impact are not included by most IAFs. Only three IAFs indicate to include ESG topics in supply chain audits. With upcoming sustainability regulations (and broader societal developments) Internal Auditors have an opportunity to be a driver for ESG related supply chain topics in their organizations. A good chance to be a business partner preparing and navigating the organization through uncertain times!
Part 3, Developing a Resilient Data Analytics Strategy Due to a complex global business and political environment, as well as stakeholder expectations, business leaders are increasingly focusing attention on data analytics to montior risk and drive strategic decisions. Internal audit already adds value by offering perspective and insights that can help organizations develop forward-looking strategies. An appropriate and resilient data strategy can support and augment that effort. This Global Knowledge Brief examines how chief audit executives (CAEs) and their teams can craft data analytics strategies that enhance internal audit capabilities, determine what technologies best suit their needs, and enhance assurance on key areas of data protection, regulatory compliance, and effective overall data governance. This is for members only. To access it and other valuable resources, become a member today. You can find part 1 here. You can find part 2 here.
This paper, prepared by ecoDa on behalf of Governing Bodies, FERMA representing European Risk Managers and ECIIA representing Internal Auditors, focuses on good governance. Governance models such as the Three Lines foster cooperation among all functions and operations within a company, so that sustainability can be truly embedded in business operations and strategic sustainability-related objectives can be achieved. Risk Management (Second Line) and Internal Audit (Third Line) are key forces to support the Board and Senior Management as essential parts of the Three Lines model, and more broadly. It shows why Directors, Risk Managers and Internal Auditors should act now so their companies can fulfill their sustainability responsibilities and expectations. Embracing the European sustainability challenge will require a comprehensive understanding of the organisation, its strategy, business model and value chain; and the impacts, risks and opportunities that it faces. Cooperation between functions is more important than ever, particularly on ESG as it is a truly transversal topic. ESG embedding: are you ready? Press-release
Part 2: Gathering, Understanding, and Visualizing Data ?As organizations increase their reliance on data to enhance products and services, internal auditors are positioned to leverage this ever-growing resource. Data analytics, robotic process automation (RPA), artificial intelligence (AI), and other tools provide practitioners accessible and valuable avenues to improve efficiency and effectiveness in assurance services and increase internal audit's value to the organization. Areas where data analytics can improve internal audit services include performance reporting, fraud prevention and detection, continuous monitoring, and risk assessment. This Global Knowledge Brief, the second of three that focus on data analytics, explores data in its various forms, data gathering techniques, the importance of data validation, data analysis, and keys to effective storytelling with data. You can find part 1 here. You can find part 3 here.
Literacy, Governance, and Management Today, data analytics — the formal term for examining data sets to find trends and draw conclusions — is a key component of virtually all business strategies impacting all levels, from executive management decisions down to frontline workers. This means it must be a fundamental part of the internal audit universe as well, both as a tool and as a focus (directly or indirectly) of audits. In this Global Knowledge Brief, the first in a three-part series on data analytics, we provide an overview of the forms data takes in today's business landscape, as well as how this data must be accounted for in an effective data governance and management strategy. Without a foundational understanding of these topics, internal audit will find providing independent assurance over this critical area next to impossible. You can find part 2 here. You can find part 3 here.
Applying Key Governance Tools and Frameworks Organizations of all sizes and from all sectors are experiencing growing pressure to demonstrate how they manage sustainability risks and opportunities and report them publicly. The focus of this paper is to show how integrated thinking and reporting, effective internal control, enterprise risk management (ERM), and independent assurance provided by internal audit functions align to help organizations achieve their objectives and meet stakeholder expectations. It is critical to long-term value creation to apply ERM broadly, including to environmental, social, and governance (ESG)-related risks, to understand their impacts and interdependencies throughout the value creation process, and to embrace the value of independent assurance. The paper's objectives are to: Increase understanding and awareness of integrated thinking and reporting. Demonstrate parallels among the COSO frameworks (Internal Control and ERM), The Institute of Internal Auditors' (IIA's) Three Lines Model, and the International Integrated Reporting Framework, in terms of: Informing the content, preparation, and presentation of an integrated report. Reinforcing the role internal audit plays in ensuring the integrity of information underpinning integrated thinking and reporting by providing independent assurance over that information. Helping organizations embed integrated thinking into their approach to ERM.
This release shows the alignment of governance structures in the public sector to The IIA’s Three Lines Model. This paper, created in collaboration with INTOSAI, applies the principles of the model to the public sector, with specific emphasis on the role of internal audit activities, supreme audit institutions, and other external audit providers. Additionally, IIA members may access the Global Knowledge Brief, The IIA's Three Lines Model: An update of the Three Lines of Defense, for further information.
In deze Internal Audit Monitor 2021 schetsen we opnieuw de belangrijkste ontwikkelingen van IAF’s bij in Nederland beursgenoteerde vennootschappen. We staan, evenals afgelopen jaren, stil bij de ontwikkeling in het aantal en de verschillende verschijningsvormen (intern, uitbesteed, gecombineerd) van internal audit functies over de boekjaren 2016 – 2020. In de herziening van de Nederlandse Corporate Governance Code (de Code) in 2016 werd de Internal Audit Functie erkend als essentiële schakel in de besturing en beheersing van de organisatie. Het realiseren daarvan is niet echter niet altijd makkelijk, met name voor de kleinere beursfondsen, en zeker geen ‘eenheidsworst’. IIA Nederland heeft sinds 2017 de realisatie van dit principe uit de Code gevolgd met de Internal Audit Monitor. Niet alleen om dit in beeld te hebben, maar vooral om bestuurders en commissarissen handvatten te bieden de IAF binnen hun organisatie zo goed mogelijk in te richten, en daarmee de kwaliteit van de governance waar mogelijk te verbeteren. Klik hier voor de Internal Audit Monitor 2017
Organisaties moeten zich razendsnel en frequent aanpassen aan drastisch veranderde omstandigheden waarin zich nieuwe risico’s manifesteren en nieuwe kansen voordoen. Traditionele benaderingen volstaan niet meer; de nieuwe werkelijkheid vereist een nieuwe kijk op die werkelijkheid. Internal auditors spelen hierin volop mee en zijn meer dan ooit een waardevolle bron van informatie, een zintuig zo u wilt, voor het bestuur van de onderneming en hun toezichthouders. Zij moeten antwoord kunnen en durven geven op die ene vraag: is onze organisatie in staat te floreren in deze turbulente wereld? En ook zij zullen zichzelf steeds opnieuw moeten uitvinden, de ontwikkelingen een stap voor moeten blijven. De bijdragen in dit themanummer beslaan twee invalshoeken. Enerzijds nieuwe blikken vanuit andere, misschien verrassende disciplines. Anderzijds ontwikkelingen binnen en buiten onze organisaties, en de nieuwe blikken die internal auditors daarop moeten werpen om hun rol goed te kunnen blijven spelen. De rode draad in deze bijdragen blijkt die allesbepalende factor, de oorzaak van veel problemen en ook de sleutel tot succes: wijzelf, onze waarden, ons gedrag. Wie goed leest, ziet in dit eerst schijnbaar gefragmenteerde geheel vanzelf een samenhang ontstaan: verandering en vernieuwing door diversiteit en een open mind.
Liquidity is key to a robust and solvent financial sector. Supervisory principles hold boards accountable for an organization's liquidity adequacy assessment and advocate a relevant and active internal audit role in assessing an organization's liquidity risk management (LRM) process. To assure an institution's senior management and board that liquidity management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations. This guidance, updated from the 2017 edition, gives an overview of international standards and best practices of LRM, including the use of an LRM framework. This is for members only. To access it and other valuable resources, become a member today. Nonmembers may purchase ($ 25,-) the practice guide, “Auditing Liquidity Risk Management for Banks, 2nd Edition."
Every year, the European Institutes for Internal Auditors work together to identify the most important risks for the coming calendar year. The results are intended as a tool for drawing up the audit plans for 2023 and give the governing bodies a good idea of what challenges they can expect in the coming year. Key findings Risk in Focus research The war in Ukraine has taken many organizations by surprise. Macroeconomic and geopolitical risk rose to third place this year (compared to seventh place in 2022). Due to the war and the pandemic, this theme has been given a lot of weight. For example, due to the pandemic, hybrid working has become more and more common, with consequences for Cyber ??security and data security and the war in Ukraine has made it clear that companies in a supply chain are increasingly at risk. In addition, companies run compliance risks in connection with the sanctions against Russia. Cyber security and data security retains the number one position of greatest risk. 82% of respondents consider it a top five risk. It is the area where internal auditors say they spend the most time. An example of why Cyber security and data security is number one is ransomware attacks. These have increased by 80%, as you can read in the report. Human capital, diversity and talent management rose to second place. This has to do with various aspects that now play a role in society. Think of scarcity on the labor market, diversity and inclusion. Climate change and environmental sustainability is becoming an increasingly important theme and has again risen in the top five risks. 37% of internal auditors named this theme a top five risk compared to 31% in 2021. Respondents themselves expect the risk to rise to third place in 2026. The risk of digital disruption and new technology has fallen from second to fifth place. It is expected that the importance of this will increase again in three years' time. During the pandemic, digitization efforts have moved to third place. The structure of the Risk in Focus 2023 report differs from previous years. Rather than a similar description of all top ten risks, the report focuses on those areas that are now of greatest importance to internal audit and its stakeholders. A Board Briefing is also available this year.  
In 2022, a ‘perfect storm’ of high-impact, interlocking risks threw many businesses into a permanent state of crisis. Following an ongoing pandemic, the war in Ukraine intensified supply chain failures, fuelled inflation and energy price increases. Boards must rapidly adapt to the new reality of heightened geopolitical instability, climate-related natural disasters, looming recession, an accelerating cost of living catastrophe in Europe, food shortages, employee welfare and skills deficits, and a rapidly industrialising cyberattack landscape. This briefing summarises insights from the latest edition of our annual report, Risk in Focus 2023, which this year is a collaborative project between ten institutes of internal auditors from across Europe. The complete report Risk in Focus 2023 can be found as well on the IIA website.
Grootschalige complexe risico's zetten organisaties onder ongekende druk. De hoop was dat 2022 een geleidelijke terugkeer naar de normaliteit zou laten zien, maar het conflict in Oekranie heeft die veronderstelling op zijn kop gezet. Sinds februari 2022 zijn de prijzen explosief gestegen en is de onzekerheid sterk toegenomen. De wereld lijkt af te stevenen op een recessie, hoge consumentenschulden, historisch hoge rentetarieven en voedseltekorten met de verdere politieke onrust die die trends met zich mee kunnen brengen. Belangrijke bevindingen onderzoek Risk in Focus De oorlog in Oekraïne heeft veel organisaties verrast. Macroeconomic and geopolitical risk steeg dit jaar naar de derde plaats (ten opzichte van de zevende plek in 2022). Door de oorlog en de pandemie heeft dit thema veel gewicht gekregen. Door de pandemie is bijvoorbeeld hybride werken steeds normaler geworden, met gevolgen voor Cyber security and data security en heeft de oorlog in Oekraïne duidelijk gemaakt dat bedrijven in een supply chain steeds meer risico lopen. Daarnaast lopen bedrijven in verband met de sancties tegen Rusland compliance risico’s. Cyber security and data security behoudt de nummer één positie van grootste risico. 82% van de respondenten vindt het een top vijf risico. Het is het gebied waar internal auditors naar eigen zeggen de meeste tijd aan besteden. Een voorbeeld waarom Cyber security and data security op de nummer één positie staat is ransomware-aanvallen. Deze zijn met 80% toegenomen, zoals u in het rapport kunt lezen. Human capital, diversity and talent management steeg naar de tweede plaats. Dit heeft te maken met diverse aspecten die nu in de maatschappij spelen. Denk hierbij aan schaarste op de arbeidsmarkt, diversiteit en inclusie. Climate change and environmental sustainability wordt een steeds belangrijker thema en is wederom gestegen in de top vijf risico’s. 37% van de internal auditors noemde dit thema een top vijf risico vergeleken met 31% in 2021. Respondenten verwachten zelf dat het risico naar de derde plek zal stijgen in 2026. Het risico digital disruption and new technology is gedaald van de tweede naar de vijfde plaats. Verwacht wordt dat het belang hiervan over drie jaar weer toeneemt. Tijdens de pandemie zijn de digitaliseringsinspanningen naar de derde plaats gegaan. De opzet van het Risk in Focus rapport wijkt af van voorgaande jaren. In plaats van een soortgelijke beschrijving van alle top tien-risico's, gaat het rapport dieper in op die gebieden die nu van het grootste belang zijn voor internal audit en haar stakeholders. Er is dit jaar ook een Board Briefing beschikbaar.