Vaktechnische Publicaties

Diversity is a broad and extremely timely topic in today’s environment. A conversation regarding diversity within an organization is worth having because significant research shows that it has a tangible impact on both workplace productivity and organizational value. In contrast, a lack of diversity is an organizational risk as relevant as any other risk worth being recognized by an internal audit activity. According to the International Professional Practices Framework (IPPF), it is internal audit’s mission “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” This edition of Global Perspectives and Insights sheds lights on how diversity impacts the workplace and affects productivity and organizational value. It will also explain why internal audit should be an advocate for diversity in all its forms within both its own activity and the organization as a whole.   This is for members only. To access it and other valuable resources, become a member today.

Over the past few decades, enterprise risk management (“ERM”) has been receiving increased attention by boards and executives and has undergone a continuing evolution in its development and uses. Along the way, lessons have been learned and ERM has been better understood regarding its benefits, objectives, and role in the organization. This COSO thought paper takes advantage of lessons learned and new guidance on enterprise risk management published by COSO to provide directors and executives with a better understanding of the role of enterprise risk management in creating and preserving value and its relationship to the key strategies of the organization. While not a detailed implementation guide, this paper includes overall guidance and an outline of succinct tangible steps that can used to implement an effective ERM program.  This thought paper outlines and provides clarity on the role and value of enterprise risk management to help directors and executives answer several key questions including: “What is the real value of enterprise risk management?” “What is its role and objectives? “What are the practical steps that can be taken to implement enterprise risk management?  The approach and steps contained in this thought paper are based on successful practices that organizations have used to take an incremental, step-by-step approach to implement enterprise risk management. While this is not the only way to implement ERM, this incremental approach is designed to be very adaptable and flexible. The approach provides practical steps that can help take conceptual ideas of strategy and risk and actualize them through a series of basic steps.    

Credit risk has always been considered a key risk for financial services organizations and, for a good number of organizations, maybe the most critical risk. This guidance provides internal auditors with a baseline skill set that allows them to test and evaluate the effectiveness of their organization’s credit risk management framework and processes. This guidance will enable internal auditors to: Understand the importance of credit risk in a financial services context. Understand the regulatory environment and requirements related to credit risk. Understand the risk governance and risk management processes surrounding credit risk. Describe the nature and basis of measurement of the probability of default. Design an audit engagement that assesses the appropriateness and effectiveness of the credit risk management framework and the adequacy of the institution’s credit profile. Be able to apply IPPF and risk-based internal audit techniques to assess and audit credit risk in their organization. The eBook Practice Guide: Auditing Credit Risk Management costs $25.00

Change management in the IT environment is, as the guide’s title states, critical for organizational success. Organizations are bombarded with change requests ? not only to improve or update existing application functionality, but also to implement necessary patches to help secure those applications, and in some cases to comply with relevant regulatory requirements. Managing the flow of requests should be handled efficiently and effectively to avoid mishaps, rework, unintended consequences, or even system failure. The updated third edition of this topic will help internal auditors understand the risks and controls associated with IT change management and how to assess the operational efficiency of processes involving change management. This guide provides tools to help internal auditors obtain and evaluate evidence that management’s assertions are accurate, and explains how to provide assurance over this critical area. This guidance will enable internal auditors to: Have a working knowledge of IT change management processes. Distinguish effective change management processes from ineffective ones. Recognize red flags and indicators that IT environments are having control issues related to change management. Understand that effective change management hinges on implementing appropriate preventive, detective, and corrective controls to ensure adequate management supervision. Recommend best practices for addressing issues, both for assurance of risks and increasing effectiveness and efficiency. This is for members only. To access it and other valuable resources, become a member today.

Even as companies become more digital savvy, they continue to confront new and emerging data risks that pressure financial and reputational vulnerabilities. To help address these challenges, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with Deloitte Risk & Financial Advisory, is releasing new guidance, “Managing Cyber Risk in a Digital Age.” Written to boards of directors, audit committee members, executive management, and cyber practitioners, the new guidance addresses how companies can apply COSO’s Enterprise Risk Management–Integrating with Strategy and Performance (ERM Framework), one of the most widely recognized and applied risk management frameworks in the world, to protect against cyberattacks. The guidance provides insight into how organizations can leverage the five components and 20 principles of the ERM Framework to identify and manage cyber risks. This guidance provides context related to the fundamental concepts of cyber risk management techniques but is not intended to be a comprehensive guide to develop and implement technical strategies.