Vaktechnische Publicaties

Hier een teaser in te vullen

This report provides an overview of results from the 2015 Global Internal Audit Practitioner Survey regarding The Institute of Internal Auditors’ (IIA’s) International Standards for the Professional Practice of Internal Auditing. The Standards represent minimum expected requirements that normally should be found in all internal audit functions. They provide a foundation for performing efficiently and effectively, and are intended for use wherever internal auditing is practiced. Yet despite the fact that conformance to the Standards is mandatory for all members of The IIA and for all Certified Internal Auditors (CIAs), the survey found significant levels of nonconformance. Almost half of surveyed chief audit executives (CAEs) report that they do not use all the Standards, and fewer still say that they are in conformance with the Standards. An underlying objective of the Standards is to ensure that internal audit is effective, of high value, and of high and consistent quality. Nonconformance undermines this objective, and significant levels of nonconformance are detrimental to the image and reputation of the internal audit profession. Fortunately, the CBOK survey also found that significant progress is being made toward more consistent conformance. The CBOK 2015 Global Internal Audit Practitioner Survey found: While use of the Standards is increasing, almost half of CAEs still report that they do not use all of the Standards. Auditors holding internal audit-related professional certifications use the Standards more often than auditors without such certifications. Members of The IIA use the Standards more often than nonmembers. Standards use is more likely in highly regulated industries than in less-regulated industries, and more likely in publicly traded organizations than in privately owned organizations.] Use of all of the Standards is higher in the regions of North America, Europe, and SubSaharan Africa than in other parts of the world. More work may be needed in learning to apply the Standards and other elements of The IIA’s International Professional Practices Framework (IPPF) effectively. Almost a quarter of internal auditors evaluate themselves as being below the competent level in applying the IPPF to their work. Use of the Standards may be particularly challenging for internal auditors working at smaller internal audit departments. Auditors in one- to three-person departments use all of the Standards at a rate of 6% to 18% below the global average. Other reasons given for nonconformance include lack of board/management support, lack of perceived benefit compared to cost, and impacts on conformance caused by government regulations or standards.

The board of directors—whether it is the board in a unitary or single-tier structure or the supervisory board in a dual or two-tiered structure—is a key stakeholder of internal audit with needs that internal auditors are= uniquely positioned to provide. Most often, the board’s primary interface with internal audit is through its audit committee.* The CBOK 2015 stakeholder study offers insights as to the expectations of audit committees of internal audit. For audit committees, the insights provide a catalyst for taking stock of committee members’ interactions with and use of the internal audit function. For any progressive chief audit executive (CAE), these expectations offer opportunities to take the initiative to advance relationships with this vitally important stakeholder group by improving internal audit’s value proposition. Thus, the insights offer a pathway to continuous improvements that benefit all. Three broad themes emerged from the study. Audit committees should: Enable internal auditors to think more broadly and strategically as they plan for, execute, and report on their work. Encourage internal audit to move beyond assurance to enhance its value proposition. Take steps to ensure CAEs and the internal audit function are effectively positioned to deliver to expectations.  The survey responses from directors serving on audit committees surfaced six imperatives of interest to audit committees that support these three themes. Following is a brief discussion on each of the six imperatives. 

How mature is your internal audit department (or how mature can it be)? This subject is explored using responses from more than 2,500 chief audit executives (CAEs) in The IIA’s CBOK (Common Body of Knowledge) database. The findings were further supplemented through interviews with a small sample of CAEs from different regions in the world who commented on internal audit department maturity. Assessment of the internal audit department maturity is important because it helps build strategies to bridge the gaps between expected and realized internal audit quality. Maturity indicators are introduced to support principal stakeholders in deciding whether and how they can rely on internal audit departments’ services and guide CAEs in developing more mature internal audit departments. This report spans various industries in several global regions. It also reports on the influences of internal audit departments’ age and size, organization size, and degree of conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), among others. The report is organized in seven sections. Data was available to measure internal audit departmental maturity on the following indicators: Is almost fully aligned with the strategic plan of the organization Demonstrates agility and flexibility to adapt the internal audit planning and priorities to important changes in the strategic objectives of an organization Relies on a holistic risk assessment to build sufficient knowledge and understanding of the organization’s business at micro and macro levels Has an internal audit staff with a mixed background of traditional auditing skills and industry knowledge complemented with general business competence, critical thinking, and leadership skills Provides structured, documented, and diversified training programs for the internal audit staff Documents and continuously monitors the audit procedures to adapt them to the evolving environment Makes the internal audit strategy explicit and translates the strategy into key performance indicators (KPIs), which allow continuous monitoring of the achievement of the internal audit strategy Uses leading technology (like data mining, data analytics, and continuous/ real-time auditing) across the entire audit process to increase internal audit’s efficiency and effectiveness Has a Quality Assurance and Improvement Program (QAIP) for the internal audit department, which is aligned with the internal audit strategy and supported by a culture around continuous quality assurance and improvement In addition to these main findings, key action items are included in each section to help establish guidance in improving internal audit department maturity. 

Hier een teaser in te vullen

When an internal auditor elects to pursue certification, he or she takes a big step toward establishing a professional reputation that speaks loudly of integrity, dedication, and commitment to both the profession and his or her organization. This commitment is reflected in findings from the CBOK 2015 Global Internal Audit Practitioner Survey. For example: Forty-three percent of respondents worldwide say they hold at least one internal audit certification or qualification. The primary certification held globally is the Certified Internal Auditor (CIA) (held by 30% of respondents worldwide). The most popular internal audit specialty certification is the Certification in Risk Management Assurance (CRMA) (held by 9% of respondents worldwide). Non-internal audit certifications are held by 60% of respondents worldwide. Forty or more hours per year of internal audit training is achieved by 61% of respondentsworldwide.  Survey results also reveal which certifications are most popular in different parts of the world, providing valuable information for internal audit practitioners, aspiring internal auditors, and chief audit executives (CAEs). Other stakeholders such as regulators, executive management, audit committees, and executive recruiters will also find the information useful for purposes related to standards setting, benchmarking, and hiring. CBOK is the largest ongoing study of internal auditors in the world, with participation from 14,518 practitioners from 166 countries.

The evolution of the internal audit profession toward a more value-added risk assurance function continues to move forward. While technical skills are needed for day-to-day work, analytical/critical thinking and communication are personal skills that continue to be at the top of any chief audit executive’s (CAE’s) wish list. Practitioners with these skills have a higher probability of overcoming any technical deficiencies and stepping up to meet stakeholders’ value-added expectations. To find practitioners with these skills, CAEs need to have a deliberate talent management plan. They should prioritize identifying those candidates with key personal skills through behavioral assessments, looking at diverse academic backgrounds. When it is not feasible to hire staff for particular skills or needs, they can consider using resources in other areas of the organization (co-sourcing) or obtaining support from outside the organization (outsourcing). Finally, CAEs should establish development programs that further improve on personal skills while augmenting industry-specific knowledge and other technical skills. This report supports its conclusions with results from the CBOK 2015 Global Practitioner Survey, the largest ongoing study of internal auditors in the world. 

In 1941, when The Institute of Internal Auditors (The IIA) was founded, there was no internet, personal computers did not exist and open global communication among private citizens was a dream. Fast-forward to 2016: Technological innovation is rapid and disruptive, and touches almost every aspect of our lives. People and machines are becoming increasingly interconnected, accelerating digitization and shaping the Internet of Things. And almost every business today is, at its core, a technology business − one that relies on IT not only to operate, but also to innovate and enable future success. Another dramatic change that has occurred since The IIA’s founding: the number of companies across industries, and the globe, that are positioning women in board-level and leadership positions in increasing numbers. This is why, as The IIA celebrates its 75th anniversary, we chose to interview only female internal audit leaders for the latest edition of our Internal Auditing Around the World series. These women represent positive change in the business world and in the internal audit profession. Therefore, we believed they could offer a unique perspective on how technology is transforming internal audit functions for the better.

The requirements placed on the Internal Audit function (IAF) by internal and external stakeholders seem to be constantly increasing. As a result of the financial crisis, new laws and regulations have been introduced in the financial sector and supervisory bodies have tightened up and expanded their supervision. In addition, increasing critical attention is paid in the public domain to the design and operating effectiveness of companies’ governance and their reporting of non-financial information. As the IAF plays an important role in the governance framework, there has been a corresponding increase in the requirements placed on the IAF. Various stakeholders quite regularly publish interesting documents that introduce additional requirements regarding the quality of the IAF. Recently, the Monitoring Committee for the Dutch Corporate Governance Code presented its proposals for revising this Code. These proposals envisage a prominent position for the IAF, which is considered “complementary to the external auditor.” According to the Monitoring Committee: “It is important to have a good interplay between the Executive Board, the Supervisory Board and the Audit Committee, as well as a good communication with the internal audit function and the external auditor.” An important element in the proposals in relation to the effectiveness of the IAF is also included in guidance 1.5.1, which states that the Audit Committee should supervise “the relationship with - and compliance with the recommendations of and followup given to comments of - the internal auditor and external auditor”.  

In 2013 voerde De Nederlandsche Bank (DNB) een onderzoek uit naar de internal audit functie (IAF) bij de Nederlandse banken. Daarbij kwam op een bepaald punt de uitdagende vraag naar voren: “Wanneer is een IAF eigenlijk als effectief te beschouwen?”. In de gesprekken die we als IIA-bestuur met DNB daarover hadden, worstelden we aan beide kanten met deze vraag. Duidelijk was toen al wel dat er vele facetten zijn die in het antwoord op deze vraag een rol spelen. Ongeveer anderhalf jaar geleden startte een aantal internal auditors, afkomstig uit de financiële industrie, met een discussie over dit onderwerp. Nationaal en internationaal werd geïnventariseerd wat er beschikbaar was aan normenkaders, best practices en performance-indicatoren. Veel gesprekken en veel discussies vonden plaats om te duiden wat in welke mate kon bijdragen aan de zojuist weergegeven uitdagende vraag. Een dankwoord is dan ook verschuldigd aan eenieder die vanuit zijn of haar eigen achtergrond input heeft geleverd om tot dit resultaat te komen. Omdat die groep nogal wisselend is geweest, laat ik naamvermelding achterwege. Een naam die echter wel genoemd moet en mag worden, is die van Dennis Webbers. Hij was namelijk degene die zich onvermoeibaar toonde op de momenten dat het onderwerp even te diffuus leek om af te ronden. ‘When the going gets tough, the tough get going’. Zijn we erin geslaagd om een antwoord te geven op de vraag wanneer een IAF effectief is? Ik durf het niet met zekerheid te zeggen, omdat het antwoord op deze vraag van vele factoren afhankelijk is, bijvoorbeeld: in welke industrie opereer je, hoe is je missie verwoord, en hoe werk je samen met bestuur, commissarissen en de externe accountant? Hoe dan ook kan iedereen die kennis neemt van dit boekwerk, daarna voor zichzelf een aantal relevante indicatoren selecteren en komen tot een volwassen performance-meting en rapportage daarover. En dat is een enorme winst!

The profession of internal auditing has been making great advancements in performance, positioning, and perception. The CBOK 2015 stakeholder study confirms these advancements but also highlights opportunities for internal audit to push even harder, moving to the next higher level of value for organizations. This report focuses on providing initial findings specifically from North America. While there is much to be explored in the survey responses, at a high level, a clear picture emerges regarding the importance of risk and relationships. Specifically, in the eyes of stakeholders: Internal audit does many things well that could be considered foundational elements of the assurance work of internal auditing. There are opportunities for internal audit to add value to their organizations by spending more time focusing on risk identification and management in addition to assurance work. Internal audit should focus more on strategic risks, but exactly what the stakeholders mean by that is less than clear or consistent. Increased demands on internal audit will require chief audit executives (CAEs) to prioritize competing demands. Managing these conflicts requires strong relationship and communication skills. A brief discussion is provided for each of these topics. Future CBOK stakeholder reports will delve deeper into the feedback from internal audit stakeholders and the implications.

Conflicthantering en onderhandelen is een belangrijke competentie voor internal auditors. Deze scriptie heeft als doel het vaststellen van effectieve stijlen van conflicthantering. Het tweede doel is het leggen van de relatie tussen persoonlijkheid en conflicthantering en het in kaart brengen van de samenstelling van de beroepsgroep internal auditors op het gebied van hun persoonlijkheid. Er is literatuuronderzoek gedaan naar de effectiviteit van de stijlen van conflicthantering in relatie tot persoonlijkheidsdimensies. Daarnaast is gebruik gemaakt van de survey, Personality for Professionals Inventory (PfPI) om de samenstelling van de beroepsgroep internal auditors op persoonlijkheidsdimensies in kaart te brengen. De PfPI is gebaseerd op het Five Factor Model, dat vijf dimensies van persoonlijkheid beschrijft. Deze vijf dimensies zijn Emotionele Stabiliteit, Extraversie, Openheid voor ervaringen, Altruïsme en Consciëntieusheid. De resultaten van het literatuuronderzoek laten zien dat de conflictstijl Collaboratie voor internal auditors de meest effectieve stijl van conflicthantering en onderhandelen is. In deze stijl van conflicthantering staat de balans tussen de inhoud en de relatie centraal. Het is belangrijk om zowel oog te hebben voor de jezelf (inhoud) als de ander (relatie). Soms moeten auditors, als gevolg van regelgeving, een Competitieve stijl hanteren, omdat zij hiertoe verplicht zijn. Op basis van de survey is naar voren gekomen dat internal auditors op vier van de vijf dimensies significant verschillen van de normgroep en dat zij gelijk scoren op de dimensie Altruïsme. Op basis van deze resultaten kan geconcludeerd worden dat Nederlandse internal auditors meer dan gemiddeld in staat moeten kunnen zijn tot het vertonen van effectief gedrag in conflicten en onderhandelingen. Tenslotte worden beperkingen van onderzoek besproken en aanbevelingen gedaan voor de praktijk.

Hier een teaser in te vullen

Regional Reflections: Africa is a customized research report that provides an African perspective on the findings from CBOK 2015, the largest ongoing study of internal audit professionals in the world. Building on the 10 imperatives for internal audit that were presented at The IIA’s 2015 International Conference, this report highlights unique concerns for Africa and provides insights from internal audit leaders in the region. Ongoing changes in African economies and governance systems have created notable differences between regions within Africa, which will be described throughout this report. See appendix A for key demographic information about each of the regions analyzed. South Africa clearly leads the way in building a strong foundation in corporate governance, risk management, and internal audit processes. One of the key drivers is the King Report on Corporate Governance (King III), which has encouraged organizations to strengthen their boards and helped push the relevance and importance of internal audit up the agenda. These reforms have had a ripple effect across much of the continent. Good governance is now often seen as key to strengthening the competitive performance of African business and a crucial tool in the fight against corruption in some government departments and in the private sector. Africa’s internal auditors are well placed to support better governance and are playing a leading role within their organizations. They generally have good reporting lines to the board and involve their stakeholders in the audit process—crucially seeking feedback about their activities against agreed objectives to maintain the relevance of internal audit’s work. But many improvements are a work in progress. Risk management systems, for example, are not always formalized and reporting lines can be confused or not independent from executive management in some organizations. That has put too many chief audit executives (CAEs) under pressure from their chief executives to alter audit findings. These issues echo concerns shared by auditors in other parts of the globe. Africa’s CAEs are making the case for extra resources but need to continue to secure significant increases in expenditure on automated auditing tools. CAEs need to be seen playing a lead role in their organizations—and in their ambition for their departments, its skills, and training. But every auditor can join the fight. Investing in training and development—particularly those crucial, intangible communication and leadership skills, and technology-related skills—is going to be key if the region’s auditors are to fulfill their potential. 

Mitigating operational risk is becoming a priority for banks that want to avoid penalties, reduce the likelihood of regulatory investigations and rebuild tarnished reputations. That’s prompting a step-change in the way operational risk is viewed and managed – moving away from a siloed, backward-looking approach, and towards a culture in which operational risk is managed proactively, strategically and on an organization-wide basis.