Vaktechnische Publicaties

Digitization is playing an increasingly important role in our (work) lives. Look inside any company and you will see that there are always ongoing projects to further digitize. Every company has to move with the times or else it will be overtaken by reality. The same also applies to an Internal Audit Function (IAF). There was a need from IAFs and the Chief Audit Executives (CAE) to gain insight into the market for Audit Management Systems (AMS) in the Netherlands and best practices with regard to selection and implementation. This research report helps to form a view of the AMS market in the Netherlands. First, the research team made an inventory of the market, then a survey was sent to 220 CAEs known to the IIA Netherlands to share experiences about the use of AMS, reasons for purchasing, but also best practices and learning points during selection and implementation processes. Subsequently, the research team contacted a number of suppliers, whereby information was shared by them about the latest trends in the field of AMS. Finally, the outcome was with a number of CAEs during two Roundtables. An extensive package comparison was not the aim of this study, but the results can serve as a basis for the selection of an AMS.  

The latest Global Knowledge Brief from The IIA and CaseWare, “Four Steps to Starting Internal Audit’s Data Analytics Journey: Demystifying the world of data analytics,” helps internal auditors walk the data talk. It outlines the experiences of several internal audit leaders, and also provides recommended tools to guide internal audit functions along the way to drive efficiency, enhance coverage, and allow for the consideration of continuous auditing in certain scenarios.

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in 2019 and 2020. A similar analysis was previously performed in 2018. The report has been published in PDF and PowerBI. This PowerBI offers the possibility to make selections per Standard, at main and detail level, and according to the size of the IAF. This makes it even better to look at which points of interest may be of value to the reader. With this report, the IIA provides IAFs with tools for the next step in their quality improvement. In addition, this report is a tool for IAFs in preparing for an external quality assessment.

De continue evaluatie en verbetering van de dienstverlening is een belangrijk kenmerk van professionele organisaties. Dergelijke reflectie en ontwikkeling draagt sterk bij aan het vertrouwen in en de toegevoegde waarde van de dienstverlening. Dit geldt ook voor internal auditfuncties (IAF’s). De beroepsnormen van het Instituut van Internal Auditors (IIA) hebben dan ook een verplicht programma voor kwaliteitsbewaking en -verbetering. Hier hoort tevens een externe, onafhankelijke kwaliteitstoetsing bij, die tenminste eens in de vijf jaar dient plaats te vinden. Dit rapport beschrijft de resultaten van de analyse van de uitgevoerde externe kwaliteitstoetsingen in 2019 en 2020. Een soortgelijke analyse is eerder uitgevoerd in 2018. Naast het rapport zijn de resultaten dit jaar ook te zien in een PowerBI. Met mogelijke selecties per Standaard, op hoofd- en detailniveau, en naar omvang van de IAF, kan daarmee nog beter worden bekeken welke aandachtspunten voor de lezer van waarde kunnen zijn. Het IIA geeft met dit rapport handvatten aan IAF’s voor een volgende stap in hun kwaliteitsverbetering. Daarnaast is dit rapport een hulpmiddel voor IAF’s bij de voorbereiding op een externe kwaliteitstoetsing.   

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in 2019 and 2020. A similar analysis was performed earlier in 2018. In addition to the report, the results this year can also be seen in a PowerBI. With possible selections per Standard, at main and detailed level, and by size of the IAF, it is possible to see even better which points of interest may be of value to the reader. With this report, the IIA provides IAFs with tools for the next step in their quality improvement. In addition, this report is a tool for IAFs in preparing for an external quality assessment.  

The IIA’s new report, “Remote Auditing: Challenges, Risks, Fraud, Technology, and Staff Morale,” outlines the benefits and challenges of remote auditing, as well as the abilities auditors will need to successfully do their jobs in the post-pandemic environment — emotional intelligence, communications skills, business acumen, flexibility, agility, as well as imagination and curiosity. Next to this GPI there is a second publication on remote auditing released by ECIIA. Click here for the publication.  This is for members only. To access it and other valuable resources, become a member today.

Auditing, just like technology, is evolving. Once an exclusively on-site exercise, be it a face-to-face meeting with an auditee, having a coffee in the boardroom with a senior manager and discussing context and leadership, or having a site tour of the facilities with a member of the operational team, audits can now be carried out remotely using information communication technology. Due to the travel restrictions and obligation to work from home related to the COVID-19 pandemic remote auditing was not an option anymore but became a necessity. The purpose of this guidance is to describe what remote auditing is, how to assess whether or not an audit is suitable to be conducted remotely, the tools that are available for remote auditing and how to approach remote auditing in the organization. It describes a number of practices not yet commonly used in the organization, learned during the Covid 19 pandemic, which the auditors should consider when performing a remote audit. Next to this guidance there is a second publication on remote auditing released by IIA Global. Click here for the publication.  

Digitalisering speelt eens steeds grotere rol in ons (werk)leven. Kijk bij een gemiddeld bedrijf naar binnen en je ziet dat er altijd wel projecten gaande zijn om verder te digitaliseren. Elk bedrijf moet met de tijd meegaan anders wordt het ingehaald door de werkelijkheid. Datzelfde speelt ook voor een Interne Audit Functie (IAF).  Vanuit IAF’s en de Chief Audit Executive (CAE) bestond de behoefte om inzicht te krijgen in de markt van Audit Management Systemen (AMS) in Nederland en best practices wat betreft selectie en implementatie. Dit onderzoeksrapport helpt om een beeld te vormen van de markt AMS in Nederland. Als eerste heeft het onderzoeksteam een inventarisatie van de markt gemaakt, daarna is er een enquête gestuurd naar 220 CAE bekend bij het IIA om ervaringen te delen omtrent het gebruik van AMS, beweegredenen voor aanschaf, maar ook tips en leerpunten bij selectie- en implementatietrajecten. Vervolgens is er contact geweest met een aantal leveranciers waarbij informatie opgehaald is rondom de laatste trends op het gebied van AMS. Tot slot heeft er een validatieslag plaatsgevonden met een aantal CAE’s tijdens twee Roundtables. Een uitgebreide pakketvergelijking is niet het doel geweest van dit onderzoek, de resultaten kunnen wel als basis dienen voor de selectie van een AMS.   

Global Technology Audit Guide: Auditing Business Applications Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. This GTAG helps auditors understand why it is important to provide assurance over business applications and how to identify and assess the relevant risks and standardized and system-specific controls when performing audit engagements. This guidance will enable internal auditors to: Understand relevant risks and opportunities related to business applications. Gain a working knowledge of the full life cycle of a business application, from planning and development to support and management reporting, along with the relevant risks and controls. Become familiar with relevant guidance from three widely used control frameworks. Plan and perform engagements to provide assurance over business applications. This is for members only. To access it and other valuable resources, become a member today.

Organisaties en hun internal auditfuncties zien zich geconfronteerd met een hoog tempo van veranderingen en ongekende onzekerheid. De pandemie heeft de bedrijfsvoering en wijze van werken ingrijpend veranderd, de verhouding tussen vraag en aanbod verstoord en heeft voorheen gezonde bedrijfsmodellen geraakt in een mate die weinigen voor mogelijk hielden. Inmiddels dreigt klimaatverandering dezelfde effecten te hebben. Ieder jaar werken de Europese instituten voor Internal Auditors samen om de belangrijkste risico’s te inventariseren voor het komende kalenderjaar. De resultaten zijn bedoeld als hulpmiddel voor het opstellen van de auditplannen voor 2022 én geven de bestuursorganen goed zicht op welke uitdagingen hen komend jaar te wachten staan.  Op de jaarlijks terugkerende enquête kwam het record aantal van 738 reacties. De instituten namen ook 50 kwalitatieve interviews af, onder 35 CAE’s, twaalf voorzitters van auditcommissies en drie CEO’s om dieper inzicht te krijgen in hoe deze risico's zich manifesteren en ontwikkelen.  Belangrijke bevindingen onderzoek Risk in Focus De belangrijkste bevinding is het toenemend belang van Climate change and environmental sustainability op de agenda. Het aantal CAE’s dat dit als een top5-risico ziet, is met 41% gestegen in vergelijking met vorig jaar, en is nu opgelopen tot 31%. Geen ander risicogebied heeft een grotere stijging; daarbij is het de voortzetting van een trend: in 2020 hadden slechts 14% van de respondenten Climate change in hun top vijf risico's. Het is nu tijd om te handelen, ook voor internal auditors! Een aantal risicogebieden met een ‘menselijke’ component in zich stijgt in belang, zoals Human capital, diversity and talent management, Organisational culture, and Health, safety and security. Organisaties maken zich zorgen over de gevolgen die de pandemie en de langdurige thuiswerkperiode hebben op de personele bezetting en de motivatie en mentale vermoeidheid van de medewerkers. Cybersecurity blijft het hoogste risicogebied: vier op de vijf (82%) bedrijven noemen het een van de belangrijkste risico's waarmee ze worden geconfronteerd, mede versterkt door het thuiswerken en de operationele verstoringen door de pandemie. Nog meer dan op preventie, liggen er grote uitdagingen op het gebied van ‘respons and recovery’  Organisational culture heeft, in het verlengde van voorgaande, een substantiële stijging van het belang gezien van 35%. In plaats van 20% vindt nu 27% van de CAE’s dit een top5-risico voor de organisatie. De cultuur dreigt aangetast te worden door het voorgaande punt hetgeen grote domino-effecten kan hebben. 

How does digitalization change the role and way of working of internal audit: an exploratory overview The current humanitarian crisis has made it clear that we are living in a digital environment and this trend will increase during the following years. Most probably, working in a digital environment will be the new normal.  IIA Netherlands in collaboration with EY have conducted a study on how the Internal Audit Function (IAF) is using digitalization technologies as Robotic Process Automation (RPA), Predictive Analytics (PA) and Artificial Intelligence (AI)  and how digital theory and methodology can be imbedded best into the business practice of the IAF.  The study findings suggest the RPA, PA and AI have not profoundly found their way into the Internal Audit activities of Dutch IAF’s yet. However this paper gives the Internal Auditor directions and points off attention to implement further digitalization to improve efficient and effectiveness of the IAF.   

Climate Change and Environmental Risk is a very relevant and important subject for most organisations. For many organisations this is a reason to reconsider and adjust their future course. In view of the strategic importance for the organisation, there is also a role for the internal auditor here. Risk in Focus (RiF), the annual survey of auditors in Europe (ECIIA) confirms this. Climate change is in the top 10 of current risks and is increasing in importance. However, we see that the time spent on climate risk is still limited. This seems to be the right moment to look at how the Internal Audit Function (IAF) can properly support the organisation on this theme. The aim of the research conducted by IIA Netherlands is therefore to provide IAF’s with tools to do so. The report answers questions such as: What role could the IAF play? What 'products' can it offer? Which tools can be used for this? What expertise is needed (extra) for this? And how do you implement this within the IAF?

Climate Change and Environmental Risk is een zeer actueel en ingrijpend onderwerp voor vrijwel alle organisaties. Het is voor veel organisaties aanleiding voor een heroverweging en aanpassing van de koers. Met het oog op het strategisch belang voor de organisatie ligt hier ook een rol voor de internal auditor.  Risk in Focus (RiF), het jaarlijks onderzoek van auditors in Europa (ECIIA) bevestigd dit. Klimaatverandering staat in de top 10 van actuele risico’s en stijgt in belang. We zien echter dat de tijdsbesteding op het gebied van klimaatrisico nog gering is. Dit lijkt hét moment om te kijken hoe de Internal Audit Functie (IAF) de organisatie goed kan ondersteunen op dit thema.  Het doel van het door IIA Nederland uitgevoerde onderzoek is dan ook Internal Audit Functies (IAF’s) daartoe handvatten te bieden. Het rapport geeft antwoord op vragen als: Welke rol zou de IAF kunnen spelen? Welke ‘producten’ kan zij bieden? Welke hulpmiddelen zijn daarvoor te gebruiken? Welke deskundigheid is daarvoor (extra) nodig? En hoe implementeer je dit binnen de IAF? 

Internal audit’s role in ESG reporting Conversations and focus on sustainability, typically grouped into environmental, social and governance (ESG) issues, are quickly evolving — from activist investor groups and inquisitive regulators pushing for change to governing bodies and C-suite executives struggling to understand and embrace the concept. At the forefront of this new risk area is pressure for organizations to make public commitments to sustainability and provide routine updates to ESG-related strategies, goals, and metrics that are accurate and relevant. However, ESG reporting is still immature, and there is not a lot of definitive guidance for organizations in this space. For example, there is no single standard for what should be reported. What is clear is that strong governance over ESG — as with effective governance overall — requires alignment among the principal players as outlined in The IIA Three Lines Model. As with any risk area, internal audit should be well-positioned to support the governing body and management with objective assurance, insights, and advice on ESG matters. The following provides an overview of risks related to ESG reporting along with context on the growing sustainability movement. It also outlines internal audit’s role in ESG reporting and how internal audit can support ESG objectives and add value.

A pivot is a change in strategy without a change in vision. Internal auditors, by nature, like order and certainty. But the global health crisis has allowed for none of that. Its disruption thrust internal auditors into the uncomfortable position of having to completely abandon or revise their well-thought-out plans and familiar checklists and processes — fast. They had to pivot — often, multiple times — to ensure they did not falter in providing independent assurance that their organization’s risk management, governance and internal control processes were operating effectively. But many internal audit functions needed to be more agile and flexible than ever before for another critical reason: The business needed their help to survive. The internal audit organizations most successful at pivoting, and helping the business to do the same, are those that had already embraced next-generation internal audit practices before the COVID-19 pandemic. These functions, which are more agile and technology-enabled, were well-positioned to support the business in new, innovative ways driven by the crisis. For this edition of Internal Auditing Around the World®, we thought it would be appropriate to focus on the topic of resilience, given everything internal audit teams and their companies have been through lately. More specifically, we asked chief audit executives (CAEs) and their colleagues: “What is internal audit’s role in business resilience?” To summarize their responses: It’s pivotal. Featured Companies The organizations profiled in the latest edition represent a cross section of countries and industries, including Booking Holdings, Centene Corporation, DBS Bank, FIS, GlobalFoundries, Grupo Bepensa, Inchcape plc, Knowles Corporation, Masonite International Corporation, stc (Saudi Telecom Company) and Standard Chartered. The new edition of Internal Auditing Around the World addresses how internal audit functions early into the evolution process have found that changes they’ve made so far — whether it was automating a critical process, expanding analytics capabilities, learning about agile auditing or encouraging an innovative mindset — allowed them to be more adaptable and resilient amid unprecedented disruption. Eleven organizations were interviewed and their experiences dealing with this transformation are presented as case studies in the book.