Vaktechnische Publicaties

The insights on leading practices shared by CAEs are by turns familiar and fascinating when these leaders open up about how their internal audit functions work with management and the board to address three specific areas of strategic risk for their organizations: cybersecurity, IT projects, and capital projects. The familiarity stems from the risk-based approach of audit leaders for these strategic risk areas, as well as what they say about the underlying enablers of effective “strategic auditing” – an activity that more board members, CEOs, CFOs, and other C-suite executives are encouraging internal audit to perform. CAEs consistently point to the value of internal audit’s early involvement in strategic initiatives, its risk-based auditing approach, internal audit’s credibility in the eyes of business partners, and the function’s capacity to thrive in an advisory manner. These critical building blocks have existed within top-performing audit functions for some time.

Conformance to the IPPF is essential in meeting the responsibilities of internal auditors and the internal audit activity (IAA). It provides a measure of confidence that the IAA is operating to a strict code of ethics and defined professional standards, and that its staff is trained to specified standards of education and continued professional development.  

The word governance has become a staple of the boardroom and C-suite lexicon, but just what governance is, can sometimes become muddled. At its core, governance simply is the amalgam of processes and structures designed to help the organization achieve its objectives.

Knowledgeable and competent resources within internal audit are needed to ensure assurance and advisory work are performed in alignment with the organization’s expectations and in conformance with widely accepted principles and standards. Careful and thoughtful consideration should be given to partially or fully outsourcing the internal audit activity.  

Deloitte heeft een wereldwijde survey uitgevoerd naar de staat van de IAF, waarbij met name gekeken is naar de functies met de grootste impact en invloed in hun organisatie. Het rapport biedt elke IAF een spiegel om te kijken op welke punten verdere innovatie zou kunnen plaatsvinden. Innovatie van de IAF is een ‘must’ gegeven de veranderingen en innovaties die in de organisaties zelf plaatsvinden. Daarbij blijkt dat IAF’s die een grote impact (menen te) hebben, relatief sterk innoveren. Innovaties die worden besproken betreffen zowel de aard en scope van de audits, de werkmethoden die worden gehanteerd als de sourcing van de functie. Concrete topics zijn bijvoorbeeld het gebruik van data analytics en Robotic Process Automation (RPA), agile werken en het auditen van cyber risico’s en cultuur.

Businesses around the globe recognise that transformation is necessary to survive. Digital transformation brings promise — and uncertainty — to organisations. As companies commit to and make progress with digital transformation, many are looking squarely at their internal audit team to provide guidance and insight along the journey. In Volume XIV of Protiviti’s Internal Auditing Around the World, we take a closer look at internal auditors’ challenges and opportunities as they help to support the business through digital transformation.

Even the most well-prepared audit plans need to be flexible. The 2018 Global Risk Report outlines the top risks faced by CAEs: Talent Management, Data Analytics, Cyber, Regulations, and Responding to Disruption. Are your audit plans flexible and adequate to address these risks?  Presenting 2018 — a new year, new laws, regulations, opinions, ideas, technology, and risks. Today's business environment is significantly different than it was in the past; it is more complex and more connected. Organizations face new and unknown risks, but also new and untapped opportunities. Considering in the year ahead the new opportunities and number of potential challenges and risks — some of which are expected and some of which are unique to 2018 — audit plans should be viewed as frameworks that will change as events occur, including those that are disruptive. 

This report from the Internal Audit Foundation highlights the increasing importance of implementing a comprehensive anti-bribery program in today’s marketplace to combat corruption. It discusses internal audit’s role in evaluating the design, implementation, and effectiveness of the organization’s anti-bribery program. It supports practitioners’ efforts to take a proactive role in anti-bribery initiatives by outlining the elements of a structured anti-bribery program and providing a “how-to” approach for auditing anti-bribery measures. 

The Basel Committee on Banking Supervision (BCBS) strengthened capital adequacy guidelines following several global financial crises. If observed, banking institutions should be able to absorb the volatility of potential credit, market, and operational risks in the wake of another serious market shift. This new practice guide, developed for financial services auditors but useful to any auditor working with statistical models and capital, focuses on how to provide assurance that an institution is well capitalized to meet the guidelines and prepared for cyclical business changes. This guide will help readers understand, measure, and assess the appropriateness and completeness of an institution’s capital planning process. Topics include: How to evaluate whether capital processes support the institution’s stated risk appetite. Strategies and methods to model credit, market, and operational risk. Audit tools and techniques. This is for members only. To access it and other valuable resources, become a member today.

Potential improvements are presented to the auditee by means of a recommendation mainly based on an audit finding. An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the Internal audit function’s effectiveness. This paper relates specifically to the followup of findings and recommendations issued by internal audit, not those identified by first or second line of defence functions. It can also be applied to actions taken in response to issues identified by regulators or external auditors. Implementation of management actions is a first line or second line of defence responsibility. However, in case of insufficient implementation of management actions, the Internal audit function should investigate and document the reason. Therefore, a well-established follow-up monitoring process is crucial to evaluate an internal audit’s effectiveness.

The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area. This paper sets out the view of the ECIIA Banking Committee (the Committee) on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services. 

The objective of this position paper is to provide guidance to the audit departments of banking groups to assist in delivering consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group. The primary principle outlined within this paper is that the group internal audit function is accountable for overseeing audit activity throughout the group. This view is aligned to that expressed in the Basel Committee’s guidance on internal audit (BCBS 223).

To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The internal audit function, as an essential part of the corporate governance framework, provides independent assurance that those risks have been properly managed. As the global business environment and its financial and regulatory requirements have become more complex, users of the audited processes have been calling for more pertinent information for their decision making. The rapidly evolving environment (e.g. digitalisation of services, sustainability, information technology) and a shortening life cycle of products requires organisations to embrace change. Agility and a short response time are critical to survival. This leads to new/enhanced risks which the organisation has to deal with and a new risk appetite. To be able to provide an assurance to senior management in a short time period, it is necessary to focus the audit plan on current and future risks and provide a risk-based approach for audit planning.

Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As risks are more and more complex, there are several functions involved in the implementation and the evaluation of an internal control system. However, it is important to stress the distinctive contribution of internal audit functions. Indeed, as the third line of defence, reporting to senior management and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

Managing the Impact of Models Short of a crystal ball, there is no fool-proof way to predict outcomes in the financial services industry. However, models provide a powerful tool to empower organizations to make important decisions using information from a variety of sources. The IIA’s Practice Guide: Auditing Model Risk Management helps ensure that these models are working as effectively as possible for an organization. This practice guide* provides an overview of key areas related to model risk management including business significance, regulatory requirements and expectations, and model components. It is designed to help chief audit executives and their audit teams understand their roles in assessing model risk management and empower them to implement an audit plan coverage approach and program tailored to the size, scale, and risks facing their organization. *Under Review: This practice guide contains some outdated material and references. It remains available while a review is underway.  This is for members only. To access it and other valuable resources, become a member today.