Vaktechnische Publicaties

For four years now the Risk in Focus report has sought to shed light on key business risks as identified by Chief Audit Executives (CAEs) across Europe. This latest edition is the result of a working partnership between no fewer than eight European institutes of internal auditors and draws upon qualitative interviews with 46 CAEs in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK & Ireland working in a range of industries. In the previous edition we introduced a quantitative survey to the report for the first time. The report is becoming a more data-rich offering, with a full 528 responses to this year's CAE survey compared with 311 for Risk in Focus 2019. This is a resounding endorsement of our engagement with CAEs in the field, providing vital day-to-day assurance, advice and insight to their organisations.  Risk in Focus is an annual barometer of what CAEs perceive as their organisations’ risk priorities and what is preoccupying their thinking as they prepare their forthcoming audit plans. We see Risk in Focus as a vital point of reference for the internal audit profession Not just in Europe where the annual surveys and interviews are carried out, but worldwide. Risk is not solely the domain of internal audit, of course. Therefore, while the report may serve as a valuable document for CAEs and internal auditors in helping to shape and challenge their own audit plans for 2020, we hope it serves as an important benchmarking and consultation tool for a wide stakeholder group. Indeed, this report is as relevant for boards and audit committees as it is for risk managers and other assurance providers. Inevitably risk assurance is an idiosyncratic exercise that meets the specific needs of an organisation. There is also a board briefing available. 

Why Risk in Focus 2020 matters for you As a board member, it is imperative that you understand the key risks (and opportunities) your organisation faces and assure yourself that internal audit is addressing them. Some of these risks will no doubt be specific to your company, its unique operations and senior management’s growth strategy; others, however, are pervasive issues that are relevant for all businesses, big or small. With this in mind, we are briefing you on a newly published report, Risk in Focus 2020 (RiF20), a collaboration between eight institutes of internal auditors and available at iia.org.uk/riskinfocus.  RiF20, the fourth instalment of this annual report, highlights salient risks that have been identified by Chief Audit Executives (CAEs) and which you should be aware of in your discussions with senior management, audit committees and CAEs. RiF20 is the product of 46 qualitative interviews in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK & Ireland, and a quantitative survey that this year received 528 responses, a 70% annual increase in engagement.  The complete report Risk in Focus 2020 can be downloaded as well on the IIA website.

The IIA’s Core Principles for the Professional Practice of Internal Auditing are part of the Mandatory Guidance of the International Professional Practices Framework (IPPF). Demonstrating the Core Principles validates the effectiveness, credibility, and value of the internal audit activity within the organization's governance structure. By achieving the Core Principles, the internal audit activity also achieves the Mission of Internal Audit: “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” This practice guide explains the concepts embodied in the Core Principles and describes enablers, or specific ways to enable and demonstrate them. The guide also identifies measurable key indicators that enable the internal audit activity to define, measure, assess, and monitor demonstration of the Core Principles. The chief audit executive (CAE) should use these enablers and key indicators to customize an approach to demonstrating the Core Principles that is most applicable to its internal audit team. This customized approach may be used as the basis for a selfassessment tool that may supplement the internal audit activity’s quality assurance and improvement program (QAIP), as well as providing an easy-to-understand, high-level communication of the internal audit activity’s value and effectiveness to key stakeholders, such as senior management and the board. The eBook Practice Guide: Demonstrating the Core Principles for the Professional Practice of Internal Auditing costs $25.00

Fraude kan de bedrijfsactiviteiten verstoren, zorgen voor compliance risico’s, de naam van een organisatie in diskrediet brengen en aanzienlijke kosten voor een organisatie en haar stakeholders opleveren. Al heeft het management, onder toezicht van het bestuur, de primaire verantwoordelijkheid voor het vaststellen en bewaken van effectieve beheersingsmaatregelen om fraude tegen te gaan en op te sporen, het is de plicht van de internal auditfunctie om het risico op fraude te beoordelen volgens de internationale standaarden voor de beroepsuitoefening van internal auditing. In deze praktijkgids worden de kenmerken van fraude beschreven, evenals het proces van het tijdens de planning van de opdracht vaststellen en beoordelen van frauderisico’s. Hoe de frauderisicobeoordeling precies moet worden opgenomen in de planning van de opdracht, kan variëren al naargelang de behoeften van de individuele organisatie, de internal auditfunctie en de opdracht. Over het algemeen omvat het proces echter de volgende stappen: • het verzamelen van informatie om inzicht te krijgen in het doel en de context van de opdracht, alsook in de governance, het risicomanagement en de beheersingsmaatregelen die van belang zijn voor het te beoordelen domein of proces; • het brainstormen over fraudescenario’s om potentiële frauderisico’s te identificeren; • het beoordelen van de geïdentificeerde frauderisico’s om te bepalen welke risico’s tijdens de opdracht verder moeten worden geëvalueerd.

There is a gap in internal audit-specific guidance supporting the education and training of financial services auditors. The industry requires its practitioners to have specific knowledge that addresses functions in a unique atmosphere, such as requirements and expectations of regulators, complexity of products, and the role of internal auditors. The demand for internal auditors with financial services knowledge and experience is growing rapidly, propelled by regulatory pressures to appropriately staff internal audit programs with the right volume and caliber of resources. This has led many internal audit activities within the highly regulated financial services industry to increase their staff in accordance with the new global operating environment and in terms of quality and quantity. This guidance will enable internal auditors to: Understand the financial sector environment, including key objectives, business areas, and related risks as well as the impact of globally accepted principles that provide the foundation for laws and regulations within the industry. Identify industry-specific risks relevant for the jurisdiction in which a company operates and commonly used frameworks. Identify the roles and assurance activities of the second line of defense functions within financial services that provide coverage of sector-specific risks. Understand the relationship internal audit has with its external regulator/supervisor and how to effectively manage expectations of the regulator while maintaining a reporting relationship to the board. Understand how the second-line functions can integrate activities such as risk assessment, planning, leveraging engagement work and conclusions, and reporting results. The eBook Practice Guide: Foundations of Internal Auditing in Financial Services Firms $25.00  

Before you can determine where to go and how to get there, you must figure out where you are. The concept of data analytics has become a mandate for internal audit functions. The question isn’t 'if'; it isn’t even 'when.' The time is now; the question is how? If you have not yet started or have only dabbled in the world of data analytics, it is time to learn about it and recognize the potential value you can contribute to your organization by implementing even a basic foundation and building on it as you appreciate the full value and power of information. Is it a daunting proposition? It can be, and there is a learning curve, but even small audit functions can take advantage of the power that data analytics can provide. It can further your reach into and visibility within your organization, allowing you to stay relevant and contribute to your organization’s betterment by providing greater value. “Analytics Refresher,” published almost five years ago in Internal Auditor magazine, is still on target today. “Internal audit can be a catalyst for expanding the use of analytics through the company to provide greater, more holistic business insights,” states the article’s author, Neil White. Those who are not fully engaging in data analytics can enhance their organizational profile and usefulness by making it a priority to introduce data analytics into the audit plan. You can find part 2 here.

Data analytics has become a strategic imperative Embracing data analytics is by no means a new idea for internal auditors, but judging by the number of “how to get started” articles that continue to be published, adoption is still in its infancy — particularly when it comes to smaller audit functions that may be resource constrained. Today’s world is overwhelmed with readily available data, and chances are your various departments or business units already are collecting bits of valuable information. If aggregated and analyzed with the aim of enabling your organization to achieve its objectives, this data may present myriad opportunities from which to boost profits, reduce expenses or waste, and grow.  One barrier to embracing the power of data analytics may be obtaining buy-in from your organization’s leaders. This is where internal auditors have an opportunity to make the case. Not only is data analytics the way of the future, but organizations of all shapes and sizes across all industries cannot afford to ignore a tool with the capacity to yield an irresistible bounty. The key for internal auditors is to win the hearts and minds of decisionmakers who can pave the way for adoption of a solid data analytics strategy. As noted in “Data Analytics Mandate, Part 1: Where do we go from here?,” this paper will review strategies and tactics for those in the early stages of data analytics adoption or those who have yet to begin. This is for members only. To access it and other valuable resources, become a member today.

The growing popularity of blockchain networks, coupled with blockchain’s potential to fundamentally transform the way many business processes are handled, raises an important question for internal auditors: What steps, if any, should the profession be taking in response to this transformational technology? Blockchain’s initial prominence arose from its use as the underlying technology for powering digital currencies such as bitcoin. But the technology has numerous other applications in a variety of business processes and entities beyond cryptocurrencies. As these applications become more widespread and commonplace, internal audit’s role as the third line of defense in risk management will be directly affected. Certain attributes and features of blockchain technology open up the possibility of numerous new and promising applications in a broad range of industries. Yet, in many ways, enterprisewide blockchain applications are still emerging. Evidence suggests that while some internal audit departments are responding to blockchain adoption by their companies, the profession as a whole has not yet taken a leading role in this area.

The IIA’s Global Perspectives and Insights: 5G and the 4th Industrial Revolution looks at keys issues that are bound to arise once 5G is a reality. From implementation challenges, legal issues, and regulatory tests to disruptive technologies, data management, and cybersecurity concerns, the report seeks to prepare organizations for the potential impacts of 5G so they can proactively address the issues. This is for members only. To access it and other valuable resources, become a member today. You can find part 1 here.

De laatste jaren is de aandacht voor de positie van de internal auditor toegenomen. Dit hangt vooral samen met de toegenomen aandacht voor governance in het algemeen. In de Corporate Governance Code 2016 wordt veel dieper ingegaan op zowel de rol alsook op enige werkzaamheden van de internal auditor en eveneens op benoeming, beoordeling en ontslag. Tevens wordt voor het eerst de Raad van Commissarissen direct in relatie met de internal auditor gebracht. Het internal auditvak en -aandachtsgebieden zijn echter niet in steen gebeiteld. Uit dit onderzoek blijkt dat er meer mogelijk is. Op grond van dit onderzoek menen we te mogen stellen dat de internal auditor en de RvC en Raad van Bestuur (RvB) eens fundamenteel na moeten denken of de aandachtsgebieden van de internal auditor niet breder mogen/moeten zijn dan thans gebruikelijk. En ook in hoeverre de bestaande relaties vanuit internal auditor naar de verschillende governance gremia wat creatiever mogen worden ingevuld. Het aandachtsgebied van de internal auditor moet zich misschien ook wel uitbreiden tot een kritische analyse van RvB en RvC. We zijn er toch voor het belang van de organisatie? Bekijk hier de cartoons. De volledige versie vindt u hier.

De laatste jaren is de aandacht voor de positie van de internal auditor toegenomen. Dit hangt vooral samen met de toegenomen aandacht voor governance in het algemeen. In de Corporate Governance Code 2016 wordt veel dieper ingegaan op zowel de rol alsook op enige werkzaamheden van de internal auditor en eveneens op benoeming, beoordeling en ontslag. Tevens wordt voor het eerst de Raad van Commissarissen direct in relatie met de internal auditor gebracht. Het internal auditvak en -aandachtsgebieden zijn echter niet in steen gebeiteld. Uit dit onderzoek blijkt dat er meer mogelijk is. Op grond van dit onderzoek menen we te mogen stellen dat de internal auditor en de RvC en Raad van Bestuur (RvB) eens fundamenteel na moeten denken of de aandachtsgebieden van de internal auditor niet breder mogen/moeten zijn dan thans gebruikelijk. En ook in hoeverre de bestaande relaties vanuit internal auditor naar de verschillende governance gremia wat creatiever mogen worden ingevuld. Het aandachtsgebied van de internal auditor moet zich misschien ook wel uitbreiden tot een kritische analyse van RvB en RvC. We zijn er toch voor het belang van de organisatie? Bekijk hier de cartoons. De verkorte versie vindt u hier.

In the Global Knowledge Brief 'Innovative Approach to Audit Reports' you learn about an innovative approach to developing audit reports for operational and implementation audits. This Brief details the link between findings, maturity, and overall report ratings, and offers best practice examples for organizing and presenting content within audit reports. Neil Frieser, Senior Vice President of Frontier Communications, decided to use a 'ten-year challenge' to look back at 10-year-old internal audit reports produced by Frontier Communication’s audit team, as well as historical audit report formats. Frieser’s core team found much they could improve to add value to future reports for management, the audit committee, and by extension its organization.  The purpose of this Knowledge Brief is to document the steps Frieser’s team took on its journey to bring more user-friendly, communications-focused ideas to the traditional audit report format, as well as highlight some key takeaways other audit shops can use to bring a new level of readability, persuasiveness, and impact to their own reports. This is for members only. To access it and other valuable resources, become a member today.

De continue evaluatie en verbetering van de dienstverlening is een belangrijk kenmerk van professionele organisaties. Dergelijke reflectie en ontwikkeling draagt sterk bij aan het vertrouwen in en de toegevoegde waarde van de dienstverlening. Dit geldt ook voor internal auditfuncties (IAF’s). De beroepsnormen van het Instituut van Internal Auditors (IIA) hebben dan ook een verplicht programma voor kwaliteitsbewaking en -verbetering. Hier hoort tevens een externe, onafhankelijke kwaliteitstoetsing bij, die tenminste eens in de vijf jaar dient plaats te vinden. Dit rapport beschrijft de resultaten van de analyse van de uitgevoerde externe kwaliteitstoetsingen in 2018. Het verschaft inzicht in de conclusies en aanbevolen verbeterpunten die frequent voorkomen. Hiermee beoogt IIA Nederland IAF’s handvatten te geven voor een volgende stap in hun kwaliteitsverbetering. Tevens is dit rapport een hulpmiddel voor IAF’s bij de voorbereiding op een externe kwaliteitstoetsing.

Continuous evaluation and improvement of the service provision is a key feature of professional organisations. Such reflection and development strongly contribute to the confidence in and added value of the services. This also holds true for internal audit functions (IAFs). The professional standards of the Institute of Internal Auditors (IIA) therefore include a mandatory programme for quality assurance and improvement. This includes an external, independent quality assessment, which must take place at least once every five years. This report describes the results of the analysis of the external quality assessments performed in the Netherlands in 2018. It provides insight into the conclusions and recommended points for improvement that surface frequently. With this report IIA Netherlands intends to provide IAFs with points of reference for the next step in their quality improvement. The report is also an aid for IAFs in preparations for external quality reviews.

The IIA’s Global Perspectives and Insights: 5G and the 4th Industrial Revolution, part one of a two-part series, looks at keys issues that are bound to arise once 5G is a reality. From implementation challenges, legal issues, and regulatory tests to disruptive technologies, data management, and cybersecurity concerns, the report seeks to prepare organizations for the potential impacts of 5G so they can proactively address the issues. This is for members only. To access it and other valuable resources, become a member today. You can find part 2 here.