Actualiteit
Welkom op onze actualiteitspagina
Ontdek hier het laatste nieuws, bekendmakingen, en publicaties op het gebied van internal audit
Nieuws
Publicaties
Internal Audit in a Post-COVID World Part 3: Redefining the Resilient Organization This Global Knowledge Brief, the last in a series of three that examine risks in a post-COVID 19 environment, offers a careful review of lessons learned that may help internal auditors prepare for the next major disruption. Looking closely at three broad areas of consideration, in particular, yields practical insight: What are the attributes of a resilient organization? How can internal auditors help lead their organizations toward greater resilience? How can internal audit increase the resilience of the audit function itself? With the benefit of actionable steps distilled from each of these areas, auditors can better equip themselves to help address potential challenges. Understanding how to enhance resilience is essential as organizations confront large-scale disruptions that seem to occur at an increasing cadence. You can find part 1 here. You can find part 2 here.
Cybersecurity in 2022, Parts 1-3 This collection of Global Knowledge Briefs provides information and analysis on changes to the evolving cybersecurity landscape in 2022. Collectively, it provides practical information to help internal auditors: Anticipate and prepare for new cyber reporting regulations, Strengthen key relationships within the organization to boost ybersecurity effectiveness, and Respond to and recover from cyber incidents. PART 1: How the new SEC proposals could change the game PART 2: Critical Partners — Internal Audit and the CISO PART 3: Cyber Incident Response and Recovery
Internal Audit in a Post-COVID World Part 2: Supply Chain While the global supply chain has yet to recover fully from the pandemic, the internal audit community now has enough available hindsight to analyze what went right in the responses to the global supply chain crisis, what went wrong, and what actions organizations can take to help address any vulnerabilities the pandemic exposed. You can find part 1 here. You can find part 3 here.
Internal Audit in a Post-COVID World Part 1: Talent Management This Global Knowledge Brief looks at talent management in a post-COVID environment. What emerges is a picture of employers struggling to define a new equilibrium that embraces work-life flexibility to attract and retain top talent while maintaining productivity, resilience, and innovation in a rapidly changing world. This will invariably impact internal auditors, both in maintaining effective internal audit functions and delivering high-quality assurance and advisory services over this evolving risk area. You can find part 2 here. You can find part 3 here.
The Internal Audit Foundation and The IIA conducted a global survey to inform the new report, Internal Audit: A Global View, to gain a clearer perspective of our profession and its professionals. The report captures the breadth and depth of internal auditing and the nuances of industries, sectors, and regions with feedback from more than 3,600 auditors in 159 locations. The results reveal regional differences within a vibrant and diverse profession that’s not only broadly involved in traditional activities like compliance, risk, and fraud but also adding value for stakeholders through governance, sustainability, and IT/cybersecurity engagements. The report examines how internal audit functions are positioned differently within entities, explores how a function’s reporting line correlates with its funding and dives deeper into other regional differences. Within the report are 12 action items outlining opportunities for improvement and continued growth.
Hoe ziet de toekomst eruit voor het internal auditberoep? In de jaarlijkse ‘Internal Auditing around the World’ publicatie van Protiviti delen tal van leiders binnen het vak hun visie over de belangrijkste trends en ontwikkelingen. Het is alweer de achttiende keer dat Protiviti (een adviesbureau gespecialiseerd in onder meer risk, governance, finance en compliance) zijn jaarlijkse publicatie uitbrengt. Centrale onderzoeksvraag: hoe kan internal audit zich doorontwikkelen en blijven inspelen op de veranderende behoeftes binnen- en buiten de organisatie. Na gesprekken te hebben gevoerd met tien leiders in audit en internal audit, komen de onderzoekers tot een heldere conclusie: internal audit heeft een “belangrijke rol” gespeeld bij het helpen van organisaties tijdens de coronacrisis en bij het beperken van de financiële en operationele risico’s.
Intended to serve as a practical, step-by-step approach for internal audit leaders, this guide summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit activity in the public sector. It reviews existing literature, applicable IPPF guidance, and practical advice from experts who have been through the experience. This practice guide will help: Identify issues to address in establishing an effective internal audit operational delivery model or in improving an existing internal audit activity in compliance with the IPPF and national and local requirements. Apply practical considerations when establishing or improving an internal audit activity's processes such as: Creating a strategic plan. Establishing a delivery model and organizational position and relationships. Identifying necessary resources and competencies and hiring and training staff. Creating and carrying out an enterprisewide risk assessment and audit plan; performing and reporting on assurance services and consulting engagements including quality assurance. Reporting on internal audit performance and collecting feedback from stakeholders to help ensure organizational value. Recognize and handle the political dimension (or potential interference) on internal audit within the public sector, in its planning, performing, and reporting on assurance work in line with the IPPF. This is for members only. To access it and other valuable resources, become a member today.
The World Business Council for Sustainable Development and The IIA collaborate to offer practical suggestions and examples for integrating sustainability considerations into the key roles and responsibilities within The IIA's Three Lines Model. This paper considers how environmental, social, and governance (ESG) threats and opportunities should be embedded into the Three Lines processes to ensure efficient and effective risk management and internal oversight.
In an increasingly complex cyber environment organizations require, clear, robust cybersecurity controls and processes built on core fundamentals, including continuous learning about the risk and its related regulations, as well as communication and alignment among the board, management, and internal audit. This Global Knowledge Brief focuses on the development and implementation of an organization's cyber incident response strategy, and more specifically where internal audit can provide organizational value in assessing the controls critical to quickly recovering from a cybersecurity breach. You can find part 1 here. You can find part 2 here.
Stability within the banking sector is crucial to preserve the trust that underpins a well-functioning economy. Government legislators and regulators globally have incorporated the Basel Framework, a composite of recommendations created after the 2007–09 financial crisis, into regulations for financial institutions.
The IIA's three-part Global Knowledge Brief series on cybersecurity presents an overview of the new SEC proposals, including the implications they have for cybersecurity reporting regulation in the U.S. as well as abroad. It also explores how internal auditors can play an important role in helping their organizations manage an altered compliance landscape that new regulations could soon create. You can find part 1 here. You can find part 3 here.
Cybersecurity attacks are increasing as the tools for detecting and exploiting vulnerabilities in networked systems and devices become increasingly sophisticated or commoditized. Threatening technologies and methods are advanced by criminal enterprises, state-sponsored hackers, and others with malicious intentions. An organization’s stakeholders rely on independent, objective, and competent assurance services to verify whether cyber incident response and recovery controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value to the organization when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT-IS functions.
A new report, "Diversity, Equity, and Inclusion 101: Internal Audit's Invaluable Role in Creating a Sense of Belonging at Work," from the Internal Audit Foundation and Deloitte, explains why it's essential for internal audit to be more involved in the organization's ESG efforts, and helps you get started today with tangible action items to add value and improve outcomes of DEI initiatives. The top five takeaways: Definitions of key terms like diversity, equity, inclusion, and anti-oppression are provided to help navigate confusing and often misused terminology. Internal audit's opportunity and obligation to foster a diverse, equitable, and inclusive culture starts within its own function. Establishing metrics and monitoring the DEI program are critical actions to ensure the program is meeting strategic objectives. Organizations need new ways to identify and manage DEI risks and examine business processes to expose strengths and deficiencies. Take the first steps on how to address DEI efforts as an assurance provider, trusted advisor, or agent of change. Download the report here
The purpose of this practice guide is to increase the internal auditor's awareness of fraud risk, including the role the internal audit activity can play, and provide guidance on how to perform a fraud risk assessment at an organizational level. The IPPF requires internal auditors to consider the risk of fraud in their work. The internal audit activity must evaluate the potential for fraud and how the organization manages fraud risk, as per Standard 2120.A2. Implentation of this guide is intended to: Increase the internal auditor's awareness and understanding of organizational fraud risk governance and management. Explain the various roles responsible for preventing, detecting, assessing and investigating fraud at the organizational level and how they interact using The IIA's position paper, The Three Lines Model. Describe the purpose and benefits of utilizing a fraud risk management framework, with specific reference to COSO's Fraud Risk Management Guide. Explain the role the internal audit activity may play in the organizational's fraud risk management program. Identify the requirements for the internal audit activity to provide assurance on organizationwide fraud risk governance and management. These include: - Evaluating structures and processes for fraud risk governance. - Performing an organizationwide assessment of fraud risks. - Evaluating the design of the fraud risk management program. - Evaluating operationalization of the fraud risk management program. - Communicating results and assurance to senior management and the board. The second edition practice guide supersedes Practice Guide "Internal Auditing and Fraud" originally issued in 2009. This is for members only. To access it and other valuable resources, become a member today.
The conflict in Ukraine requires greater vigilance in cyber security. ISACA Belgium, the Institute of Internal Auditors Belgium and the Institut Français de l’Audit et du Contrôle Internes (IFACI) decided to issue a short impact briefing for all members. Although it remains silent about concrete actions and attacks, clear indications show in the wake of the Ukrainian conflict an expansion of malicious cyber activity, both inside and outside the conflict area. In a digital world, cyber attacks can have a huge impact on daily operations and business, rendering our private and public companies and organizations more vulnerable. Therefore, they need to prepare proactively a mitigation of the potential impact of such events. Introduction & Context This paper intends to raise awareness and to encourage organizations to reflect on their cyber readiness in the context of the conflict in Ukraine. This changing environment calls for a reassessment of the current cyber risk exposure and an evaluation of the need to implement additional measures. Whether or not cyber risk was considered in the past, the current situation may provide an opportunity to assess what needs to be done or to review the existing measures