Vaktechnische Publicaties

This is the second of a three-part series on the evolving ESG risk arena and internal audit's roles and responsibilities. The ESG Risk Landscape Part 2: Implementation, Reporting, and Internal Audit's Role The need for independent assurance on the design and efficacy of ESG-related processes and controls will soon be essential to the work of internal audit. As such, internal auditors should be prepared to act confidently and authoritatively in support of their organizations' ESG efforts. In Part 2 of this series we examine implementation, reporting and internal audit's role. You can find part 1 here. You can find part 3 here. This is for members only. To access it and other valuable resources, become a member today.

The Internal Audit Foundation has released a new report in collaboration with Crowe: Privacy and Data Protection, Part 2: Internal Auditors’ Views on Risks, Responsibilities, and Opportunities. This second report in a three-part series reveals a number of potentially valuable opportunities for internal auditors to take an earlier, proactive role in helping to recognize, manage, and mitigate these risks, while still fulfilling their role as defined by the International Professional Practices Framework. Detailed examination of the results provided a number of insights that internal audit professionals can use to reflect on their own organizations’ preparedness and effectiveness in managing risks associated with privacy and data protection. Key takeaways include: Data privacy roles and responsibilities Data privacy as a material risk Internal auditors’ views of program effectiveness Internal auditors’ most critical concerns How internal auditors can add value

Understanding ESG Reporting Standards in 2022 and Beyond This knowledge brief discusses the major frameworks being used to manage ESG risk, along with regulatory concerns and reporting initiatives. The intent is to offer practitioners perspective on the eSG landscape and provide a roadmap for internal auditors as they solidify their role in their organizations' ESG journeys. You can find part 2 here. You can find part 3 here. This is for members only. To access it and other valuable resources, become a member today.

This new report, "Prioritizing ESG: Exploring Internal Audit's Role as a Critical Collaborator," by the Internal Audit Foundation, The IIA, and Ernst & Young LLP (EY) reveals how internal audit functions are currently involved in their organization's ESG efforts, current barriers within their organization that may hinder this involvement, and ways to move forward given impending regulations.

Internal auditors need to understand common technologies that enable remote work, the significant risks arising from remote access, and standard controls that prevent, detect, or remediate unauthorized access or sharing of information. The COVID-19 pandemic prompted a significant increase in those working from home and the resultant risks relating to a mobile or remote workforce. This guide supersedes the Global Technology Audit Guide (GTAG), "Auditing Smart Devices," and broadens the scope to focus on a wider range of risks and controls related to a mobile workforce. This guidance will enable internal auditors to: Define mobile computing hardware, software, and communication tools. Understand risks and opportunities associated with mobile computing. Understand components of remote access processes and related security controls. Understand the basics of auditing mobile computing, including specific controls that should be evaluated. This is for members only. To access it and other valuable resources, become a member today.

The IIA’s new Global Perspectives & Insights, “Internal audit and compliance: Clarity and collaboration for stronger governance,” explains why a clear understanding of roles is critical to effective compliance and independent assurance. The report includes analysis on applying the Three Lines Model’s Six Principles and practical illustrations from practitioners. Download now to review the top four key takeaways.  

The Institute of Internal Auditors’ (IIA’s) Internal Audit Foundation (IAF), in collaboration with AuditBoard, has released a new research report, “The Remote Auditor: Challenges, Opportunities, and New Ways of Working,” which assesses the impact of remote work in the profession, explores the importance of technology in addressing remote work challenges, and shares best practices for remote working and sustaining a positive virtual work environment. As we approach the third year of the pandemic, the question “when do we return to normal?” has largely been replaced with “how do we capitalize on the lessons learned over the past two years to further empower and support the hybrid workforce moving forward?” The report presents poll and survey results that help assess the impact of remote work on the profession as a means to answer this critical question. The report cites findings from The IIA’s 2021 North American Pulse of Internal Audit survey, where 58% of chief audit executives (CAEs) indicated their teams were doing all or most of their work remotely and a further 22% said their teams were utilizing a hybrid approach of roughly equal remote and in-person work. This shift to remote and hybrid audit functions has spurred investments in technology. New survey data collected for the report reveals that since the start of the pandemic, more than half of the respondents’ organizations have acquired cloud-based technology to help with remote collaboration and risk management. “As fully remote and hybrid work models continue to become more common, an increasing number of audit teams are discovering that modern audit technology can help them better collaborate on their work, more rapidly surface risks, and drastically improve alignment and communication with business stakeholders," explained John Reese, chief marketing officer at AuditBoard. "In today's broad and dynamic risk environment it’s imperative for internal audit departments to move in this direction." One notable challenge of remote working is the ability to build and maintain relationships with colleagues and audit stakeholders. Leaders must make a conscious effort to schedule formal and informal meetings to ensure connectivity and strong relationships across all levels of the organization. “Audit functions that had done a couple of things before the pandemic started — including establishing very strong relationships, making good investments in technology, and applying the technology as part of their working methodologies — really had a big advantage when the pandemic hit,” says Harold Silverman, The IIA’s director of executive membership. “What we have seen is that a lot of less mature internal audit functions that learned the lessons from their peers are starting to make some of the same investments, especially with the expectation that remote work will continue.” Cultivating an adaptive and intentional mindset will enable auditors to take advantage of lessons learned from the shift to remote work. One company noted in the report did just that, reevaluating their processes and refocusing on the highest risks, and the result was a decrease in travel time from 50% to 25% for their auditors, which saved the company time and money. Going forward, communication skills and analytical and critical thinking are likely to be vital in order to successfully transition from in-person to hybrid or remote auditing.

Within the public sector, procurement is a huge expense funded with taxpayer dollars. Internal audit can provide assurance on the effectiveness of an organization’s plans and programs to procure goods and services with efficient practices. This practice guide will help auditors understand public procurement, improve existing procurement processes, and offer advisory services that help organizations plan new procurements. This practice guide helps auditors: Compare differing methods of public sector procurement. Examine several approaches and their benefits to auditing procurement. Identify contemporary, relevant procurement tools and techniques. Understand the impact of poor procurement on the entity/agency. This is for members only. To access it and other valuable resources, become a member today.

This report helps readers understand business resilience versus business continuity, and how stakeholder and board expectations have changed with recent disruption. Are We Ready? It’s Time for Internal Audit to Focus on Resilience Amid Extreme Change The Internal Audit Foundation, in collaboration with Protiviti, released a new report, “Are We Ready? It’s Time for Internal Audit to Focus on Resilience Amid Extreme Change,” to explain business continuity versus resilience. Addressing business resilience is a challenge. But it is necessary to meet stakeholder expectations for deeper and broader strategic insights and to gain a sharper understanding of enterprise changes and priorities. Now is the time for internal auditors to think and act boldly about the activities needed to help their organizations manage known and unknown risks.

Digitization is playing an increasingly important role in our (work) lives. Look inside any company and you will see that there are always ongoing projects to further digitize. Every company has to move with the times or else it will be overtaken by reality. The same also applies to an Internal Audit Function (IAF). There was a need from IAFs and the Chief Audit Executives (CAE) to gain insight into the market for Audit Management Systems (AMS) in the Netherlands and best practices with regard to selection and implementation. This research report helps to form a view of the AMS market in the Netherlands. First, the research team made an inventory of the market, then a survey was sent to 220 CAEs known to the IIA Netherlands to share experiences about the use of AMS, reasons for purchasing, but also best practices and learning points during selection and implementation processes. Subsequently, the research team contacted a number of suppliers, whereby information was shared by them about the latest trends in the field of AMS. Finally, the outcome was with a number of CAEs during two Roundtables. An extensive package comparison was not the aim of this study, but the results can serve as a basis for the selection of an AMS.  

The latest Global Knowledge Brief from The IIA and CaseWare, “Four Steps to Starting Internal Audit’s Data Analytics Journey: Demystifying the world of data analytics,” helps internal auditors walk the data talk. It outlines the experiences of several internal audit leaders, and also provides recommended tools to guide internal audit functions along the way to drive efficiency, enhance coverage, and allow for the consideration of continuous auditing in certain scenarios.

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in 2019 and 2020. A similar analysis was previously performed in 2018. The report has been published in PDF and PowerBI. This PowerBI offers the possibility to make selections per Standard, at main and detail level, and according to the size of the IAF. This makes it even better to look at which points of interest may be of value to the reader. With this report, the IIA provides IAFs with tools for the next step in their quality improvement. In addition, this report is a tool for IAFs in preparing for an external quality assessment.

De continue evaluatie en verbetering van de dienstverlening is een belangrijk kenmerk van professionele organisaties. Dergelijke reflectie en ontwikkeling draagt sterk bij aan het vertrouwen in en de toegevoegde waarde van de dienstverlening. Dit geldt ook voor internal auditfuncties (IAF’s). De beroepsnormen van het Instituut van Internal Auditors (IIA) hebben dan ook een verplicht programma voor kwaliteitsbewaking en -verbetering. Hier hoort tevens een externe, onafhankelijke kwaliteitstoetsing bij, die tenminste eens in de vijf jaar dient plaats te vinden. Dit rapport beschrijft de resultaten van de analyse van de uitgevoerde externe kwaliteitstoetsingen in 2019 en 2020. Een soortgelijke analyse is eerder uitgevoerd in 2018. Naast het rapport zijn de resultaten dit jaar ook te zien in een PowerBI. Met mogelijke selecties per Standaard, op hoofd- en detailniveau, en naar omvang van de IAF, kan daarmee nog beter worden bekeken welke aandachtspunten voor de lezer van waarde kunnen zijn. Het IIA geeft met dit rapport handvatten aan IAF’s voor een volgende stap in hun kwaliteitsverbetering. Daarnaast is dit rapport een hulpmiddel voor IAF’s bij de voorbereiding op een externe kwaliteitstoetsing.   

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in 2019 and 2020. A similar analysis was performed earlier in 2018. In addition to the report, the results this year can also be seen in a PowerBI. With possible selections per Standard, at main and detailed level, and by size of the IAF, it is possible to see even better which points of interest may be of value to the reader. With this report, the IIA provides IAFs with tools for the next step in their quality improvement. In addition, this report is a tool for IAFs in preparing for an external quality assessment.  

The IIA’s new report, “Remote Auditing: Challenges, Risks, Fraud, Technology, and Staff Morale,” outlines the benefits and challenges of remote auditing, as well as the abilities auditors will need to successfully do their jobs in the post-pandemic environment — emotional intelligence, communications skills, business acumen, flexibility, agility, as well as imagination and curiosity. Next to this GPI there is a second publication on remote auditing released by ECIIA. Click here for the publication.  This is for members only. To access it and other valuable resources, become a member today.