Vaktechnische Publicaties

Hier een teaser in te vullen

Regional Reflections: Africa is a customized research report that provides an African perspective on the findings from CBOK 2015, the largest ongoing study of internal audit professionals in the world. Building on the 10 imperatives for internal audit that were presented at The IIA’s 2015 International Conference, this report highlights unique concerns for Africa and provides insights from internal audit leaders in the region. Ongoing changes in African economies and governance systems have created notable differences between regions within Africa, which will be described throughout this report. See appendix A for key demographic information about each of the regions analyzed. South Africa clearly leads the way in building a strong foundation in corporate governance, risk management, and internal audit processes. One of the key drivers is the King Report on Corporate Governance (King III), which has encouraged organizations to strengthen their boards and helped push the relevance and importance of internal audit up the agenda. These reforms have had a ripple effect across much of the continent. Good governance is now often seen as key to strengthening the competitive performance of African business and a crucial tool in the fight against corruption in some government departments and in the private sector. Africa’s internal auditors are well placed to support better governance and are playing a leading role within their organizations. They generally have good reporting lines to the board and involve their stakeholders in the audit process—crucially seeking feedback about their activities against agreed objectives to maintain the relevance of internal audit’s work. But many improvements are a work in progress. Risk management systems, for example, are not always formalized and reporting lines can be confused or not independent from executive management in some organizations. That has put too many chief audit executives (CAEs) under pressure from their chief executives to alter audit findings. These issues echo concerns shared by auditors in other parts of the globe. Africa’s CAEs are making the case for extra resources but need to continue to secure significant increases in expenditure on automated auditing tools. CAEs need to be seen playing a lead role in their organizations—and in their ambition for their departments, its skills, and training. But every auditor can join the fight. Investing in training and development—particularly those crucial, intangible communication and leadership skills, and technology-related skills—is going to be key if the region’s auditors are to fulfill their potential. 

Mitigating operational risk is becoming a priority for banks that want to avoid penalties, reduce the likelihood of regulatory investigations and rebuild tarnished reputations. That’s prompting a step-change in the way operational risk is viewed and managed – moving away from a siloed, backward-looking approach, and towards a culture in which operational risk is managed proactively, strategically and on an organization-wide basis.

The most effective chief audit executives (CAEs) position their internal audit departments to add value and inspire business improvement by maximizing the productivity and contribution of their internal audit cohort. But how do they: Set goals that inspire auditors to deliver insights that matter? Boost productivity with appropriate rewards? Address differences between generations? This report provides GREAT insights on how CAEs and other audit leaders can improve their practices for evaluating and motivating internal auditors. You will learn strategies for: Goal Setting: Align personal goals of internal auditors to internal audit department goals and the organization’s strategies. Retaining Talent: Retain talent amidst changing needs of internal audit and the business.  Equipping Employees: Build capability and capacity for internal audit overall and individually. Assessing Performance: Evaluate internal auditors against overall internal audit department performance. Treating Success: Provide incentives and recognition to motivate internal auditors. Plus, you will also learn the implications of generational differences among Baby Boomers, Generation X, and Millennials in the internal audit workforce. Finally, insights are shared from the CBOK 2015 Global Internal Audit Practitioner Survey, the largest ongoing study of internal auditors in the world.

As the leader of the internal audit function, the chief audit executive (CAE) is responsible for its effective and efficient management. Although these traditional advisor/internal watchdog responsibilities are still the CAE’s primary priorities, that role is increasingly being called on to provide the services of a business partner or consultant as well.* This expanded sphere of responsibility requires the CAE to acquire and augment certain soft skills in addition to the technical audit skills that are needed to perform the traditional CAE role. What are those skills? What sort of education, experience, and certifications tend to lead to the CAE position? Organizations want to know so they can identify and groom their next internal audit leaders. Internal auditors who aspire to be CAEs also want to know so they can carefully shape their career paths with the desired target in mind. The CBOK 2015 Global Internal Audit Practitioner Survey addresses many of these questions. Data was gathered on the demographic characteristics of CAEs worldwide and interviews were conducted with global CAEs to identify the types of skills that tend to facilitate a move into the CAE position. The data shows that the CAEs surveyed are predominantly males between the ages of 40 and 49. They have obtained at least a bachelor’s degree, most likely with a major in accounting. They have spent about 13 years in internal audit, seven of them in the CAE position. Most have an internal audit certification, likely a Certified Internal Auditor (CIA) credential. Of course, those characteristics vary based on geographic region and organization type and size. For example, CAEs in North America tend to be older than CAEs from other regions and more likely to have obtained the CIA certification. In addition to examining current demographic differences, this report takes a look back in time, comparing data from prior CBOK surveys to the 2015 results to uncover meaningful trends. For example, the percentage of CAEs with an internal audit certification has increased significantly from the 41% reported in 2006 to 53% in 2015. While education, experience, and certifications are important, they alone are not sufficient to propel someone to the CAE ranks. Personal skills and attributes are also evaluated by organizations seeking to appoint a CAE. This report discusses those soft skills by relaying insights gathered through interviews with a number of global CAEs. These leaders share some of the characteristics and skills they believe are must-haves for aspiring CAEs. 

How well are internal audit departments meeting the needs of the audit committee, and is the internal audit department receiving the proper support and oversight from the audit committee? The overall answer to these two questions is that both groups are doing better, but there are many opportunities for improvement. Key insights in this report include: Although the numbers are increasing, there are still too many organizations without effective audit committees (or their equivalent). The frequency of audit committee meetings varies dramatically between regions—sometimes related to the nature of governance in a country, other times related to the maturity of the governance function. The opportunity for internal audit to meet with the board or audit committee in executive sessions without management present is quite low in some regions and needs to be improved. Governmental (and some private) organizations are lagging in developing effective audit committees (or their equivalent). Author Larry Rittenberg, professor emeritus at the University of Wisconsin-Madison, served as chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) from 2004 to 2009. Current information about the interaction between audit committees and internal auditors was obtained from the CBOK 2015 Global Internal Audit Practitioner Survey, the largest ongoing survey of internal auditors in the world. 

Anyone who was in the business world some 15 years ago remembers the debacles associated with organizations such as Enron, WorldCom, and Adelphia. (While all United States-based examples, similar debacles have played out globally.) People watched astonished, dismayed, and disgusted as the stories unfolded, revealing a world of alleged corporate misdeeds and misconduct that rocked global financial markets and saddled innocent employees and stockholders with irreparable financial damage. Financial pundits wondered how the controls designed to make this sort of malfeasance impossible could have failed so completely. Cynics nodded their heads knowingly and suggested that perhaps this would awaken naïve consumers to the ugly realities of corporate life and underscore the negative aspects of capitalism run amok. Surely, a decade and a half removed, we can breathe a sigh of relief and feel confident that this sort of corporate malfeasance is behind us. Sadly, given current events that are ever-present through every media channel, that is not the case. There appears to be no shortage of corporate misbehavior and other manifestations of unsavory corporate culture, which begs the question of not only, “Where were the board and executive management?” but quite frankly, “Where is internal audit?” Perhaps more than ever, internal audit is faced with both a challenge and an opportunity. It is uniquely positioned to bring value to the organization by doing the hard work on the soft stuff — auditing culture.Anyone who was in the business world some 15 years ago remembers the debacles associated with organizations such as Enron, WorldCom, and Adelphia. (While all United States-based examples, similar debacles have played out globally.) People watched astonished, dismayed, and disgusted as the stories unfolded, revealing a world of alleged corporate misdeeds and misconduct that rocked global financial markets and saddled innocent employees and stockholders with irreparable financial damage. Financial pundits wondered how the controls designed to make this sort of malfeasance impossible could have failed so completely. Cynics nodded their heads knowingly and suggested that perhaps this would awaken naïve consumers to the ugly realities of corporate life and underscore the negative aspects of capitalism run amok. Surely, a decade and a half removed, we can breathe a sigh of relief and feel confident that this sort of corporate malfeasance is behind us. Sadly, given current events that are ever-present through every media channel, that is not the case. There appears to be no shortage of corporate misbehavior and other manifestations of unsavory corporate culture, which begs the question of not only, “Where were the board and executive management?” but quite frankly, “Where is internal audit?” Perhaps more than ever, internal audit is faced with both a challenge and an opportunity. It is uniquely positioned to bring value to the organization by doing the hard work on the soft stuff — auditing culture.

As governance and monitoring functions collaborate more closely to avoid duplication of effort, internal audit may be asked to take on responsibilities for risk management, compliance, regulatory oversight, and other governance activities. The chief audit executive (CAE) plays a critical role in navigating between internal audit’s traditional role and assuming responsibilities for risk management, compliance, and other governance functions. The CAE should be held accountable for preserving independence and objectivity, communicating with management and the board, and confirming management’s acceptance of risk to internal audit’s independence and/or auditor objectivity. To navigate through these competing challenges, internal auditors can look to The IIA’s guidance on effective risk management and control, and promulgated standards related to independence and objectivity.  

What do board members and C-suite executives view to be the top risks for their organizations this year? Not surprisingly, according to an annual survey from North Carolina State University’s ERM Initiative and Protiviti, regulatory changes, the economy and cyberthreats top their lists of concerns.

In last year’s Pulse of Internal Audit report, The IIA challenged the profession to address emerging risks by realigning audit coverage continuously — to audit “at the speed of risk.” Today, the challenge remains to move beyond annual planning and typical audit areas. The consequences of a toxic culture, the destructive impact of a cyberattack, the exponential growth in the collection and reliance upon data — these represent just a sampling of today’s risks that increasingly fall outside of the traditional comfort zone in which many auditors operate. As risks change, as new risks emerge, and as stakeholder expectations continue to evolve, internal auditors must move out of their comfort zone to audit at the speed of risk. This year’s IIA Pulse of Internal Audit survey focused on areas where changes in the business environment, changes in technologies, and changes in people are affecting the risk environment for organizations. How are internal auditors keeping up with these changes? In a bygone era, audit professionals carved out a comfort zone focused on financial and operational risks. The results from the survey highlight opportunities for internal audit to move out of the comfort zone. High-profile scandals and organizational failures that have littered the landscape over the past year point to the critical role of culture in the governance of organizations. Unfortunately, only 42 percent of survey respondents are addressing the culture in their organizations. Lack of management and board support for internal audit’s involvement in culture, and lack of internal audit’s ability to identify and measure organizational culture, are closely associated with internal auditors avoiding this risk. The issue of cybersecurity continues to present itself as a major topic of concern for organizations. Most survey respondents believe prevention is the most important response to this risk. While not ignoring the critical role of preventing cyberattacks, it has proven to be naive for many organizations to assume they can prevent a successful attack. Organizations must be prepared to respond to cyber risks, and the survey results indicate they may not be as prepared as they should be. In addition, while internal auditors recognize this risk, the majority (52 percent) acknowledge lack of expertise among internal audit as an obstacle to addressing cybersecurity risk as they should. Increasingly, organizations are using more data — and in more sophisticated way — to drive decisions. Internal auditors are not as involved in all aspects of data use and only 29 percent are very or extremely confident in the strategic decisions their organizations make based on the data it collects and analyzes. Interpersonal skills have never been more important for internal auditors. Most CAEs are not satisfied with the level of these skills in their teams. Less than half of survey respondents reported their teams have more than a moderate level of proficiency in soft skills. The data suggests significant room for growth. Risks keep evolving and growing and there are areas where internal audit has to move out of its traditional comfort zone and catch up to the risks. Shifts in mindset and sense of urgency are necessary for internal audit to meet and exceed the needs of their organizations — and to become trusted advisers.  

Regional Relections: Latin America is a customized research report that provides a Latin American perspective on the indings from CBOK 2015, the largest ongoing study ofinternal audit professionals in the world. Building on the 10 imperatives for internal audit that were presented at he IIA’s 2015 International Conference, this report highlights unique concerns for Latin America and provides insights from several internal audit leaders in the region. In addition, an appendix at the end of this report gives key demographics about survey respondents from Latin America. In many ways, internal auditors in Latin America perform well in comparison with their colleagues around the world. hey have strong relationships with stakeholders, often align well with the strategic objectives of their organizations, and have high levels of expertise in automated audit technologies. Having their performance pegged to the expectations of stakeholders, they are well placed to satisfy their customers and create real value to the businesses in which they work. However, there are improvements to be made. Too few chief audit executives (CAEs) primarily report functionally to the boards of their organizations, a situation that can compromise their departments’ performance. Management stakeholders can have excessive inluence over the annual audit plan and how the work of internal audit is perceived. A strong relationship with these stakeholders can be a double-edged sword, causing some auditors to focus too much on compliance and not enough on mission-critical projects. It is perhaps not surprising that 1 out of 3 CAEs say they have had pressure put on them to alter valid audit indings, and the source of the pressure is usually the CEO. Latin America needs a larger number of boards, and those boards also need to be efective and supportive of internal audit.  If conformance to he IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) is relatively low when compared to global averages, and the proportion of people who hold IIA certiications is equally low, change is on the way. IIA ailiate bodies are working with the region’s governments to reduce the constraints on internal audit exerted by out-of-date regulations. CAEs are educating their boards and management about the value of the Standards, and individuals spend more hours in training than almost anywhere else in the world. he region’s internal auditors are moving forward.

Effectively Leverage Your Most Valuable Asset Regardless of organization size, sector, or industry, people are an organization’s most valuable asset. Ensuring the internal audit activity is adequately staffed is just one piece of the puzzle. It must comprise the right people, who have the right skill sets, and who are afforded the right opportunities for growth and development if internal auditing is to add real value and meet stakeholder expectations. Talent Management: Recruiting, Developing, Motivating, and Retaining Great Team Members outlines best practice recommendations for the various elements — everything from assessing competencies and selecting candidates to training and succession planning — that make up an organization’s talent management strategy. This is for members only. To access it and other valuable resources, become a member today. Non members: Purchase ($ 25,-) the practice guide, “Talent Management"

Beyond the Numbers: Internal Audit’s Role in Nonfinancial Reporting Internal auditors are familiar with annual reports — crisp recitations of organizational activities, a few words from the CEO, eye-catching graphics, pages of financial outcomes, and, for publicly traded companies, a long list of required disclosures relating a vast array of sometimes confusing and mind-numbing detail. The reports encompass everything the reader needs to know about the company, especially if that reader is contemplating investing in the organization. Right? Maybe not. Increasingly, investors and other stakeholders want more from company reporting. They want to know if the organization is operating sustainably, if it monitors its impacts on the environment, if it is mindful of social issues such as diversity and equal opportunity. When making decisions about supporting a company, stakeholders increasingly expect a more comprehensive report — one that goes beyond financial health. Many organizations also want stakeholders to have improved insight into activities they perform that benefit the greater public good or serve a public interest. Nonfinancial reporting fills the void by reporting quantitative and qualitative information that falls outside the scope of mainstream financial statements. Though not an exhaustive list, related terms include corporate social responsibility (CSR) reporting; sustainability reporting; integrated reporting; holistic reporting; enhanced reporting; service efforts and accomplishments reporting; and environmental, social, and governance (ESG) reporting.1 This is not a passing trend — the European Union has required nonfinancial reports for some 6,000 organizations across member countries;2 global frameworks and standardized approaches to nonfinancial reporting are gaining recognition;and globally, organizations are expected to increase spending on sustainability assurance by 20 percent over the next five years.3 In 2013, KPMG et al published the results of a survey on corporate reporting in 45 countries.4 It found 134 mandatory policies and 53 voluntary policies related to at least some aspects of nonfinancial reporting, among countries such as Australia, Brazil, China, France, India, Indonesia, Japan, Mexico, Singapore, and South Africa.

It can be a daunting task for internal auditors to grapple with how geopolitics impacts their organizations. After all, geopolitics includes broad and complex interrelated topics such as climate change, the outbreak of disease, political instability, economics, war, and conflict, all of which can present risks to the organization with little or no notice. Geopolitical risks cannot be considered in isolation; these risks are quite interrelated. This paper briefly describes the impact of economics, war, and conflict on one particular topic that has pervaded global business news headlines — the price of oil. The authors consider the impact of the price of oil on multiple industries. Finally, they explore the key considerations for internal audit in addressing geopolitical risks to the organization. 

The word ‘strategy’ can nowadays be found in almost every internal audit activity plan. But what does it actually mean? There are many different manners in which organizations and internal audit functions deal with organizational strategy. This discussion paper ‘Strategy-related auditing’ explores the role of Internal Audit Functions (IAFs) in the strategic management process of an organization. It is based on documentation and desk research, a questionnaire-based survey amongst Chief Audit Executives (CAEs), personal interviews with CAEs and board members (both executive and non-executive), and several round table discussions with CAEs (in charge of both large and small IAFs). The objective of this research was to assess the degree to which IAFs are currently considering organizational strategy and the organization’s strategic management process in their audit assignments and annual audit plans. Based on this discussion paper we encourage the profession to further explore the topic and for the Institute of Internal Auditors to provide more guidance. Our exploratory research reveals that there is a wide variety in how IAFs deal with strategic risks and organizational strategy. We found nine appearances of strategy-related auditing during our research. These can be divided into two distinct categories: strategic risk audits and strategy process audits. Strategic risk audits focus on risks that are the result of pursuing certain strategically important organizational goals. Strategy process audits, on the other hand, assess formulation, implementation, evaluation and control of the strategic management process or (the content of) the formulated strategy itself. Four out of nine identified appearances we categorize as strategic risk audits, five we categorize as strategy process audits.