Vaktechnische Publicaties

Why Risk in Focus 2020 matters for you As a board member, it is imperative that you understand the key risks (and opportunities) your organisation faces and assure yourself that internal audit is addressing them. Some of these risks will no doubt be specific to your company, its unique operations and senior management’s growth strategy; others, however, are pervasive issues that are relevant for all businesses, big or small. With this in mind, we are briefing you on a newly published report, Risk in Focus 2020 (RiF20), a collaboration between eight institutes of internal auditors and available at iia.org.uk/riskinfocus.  RiF20, the fourth instalment of this annual report, highlights salient risks that have been identified by Chief Audit Executives (CAEs) and which you should be aware of in your discussions with senior management, audit committees and CAEs. RiF20 is the product of 46 qualitative interviews in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK & Ireland, and a quantitative survey that this year received 528 responses, a 70% annual increase in engagement.  The complete report Risk in Focus 2020 can be downloaded as well on the IIA website.

The IIA’s Core Principles for the Professional Practice of Internal Auditing are part of the Mandatory Guidance of the International Professional Practices Framework (IPPF). Demonstrating the Core Principles validates the effectiveness, credibility, and value of the internal audit activity within the organization's governance structure. By achieving the Core Principles, the internal audit activity also achieves the Mission of Internal Audit: “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” This practice guide explains the concepts embodied in the Core Principles and describes enablers, or specific ways to enable and demonstrate them. The guide also identifies measurable key indicators that enable the internal audit activity to define, measure, assess, and monitor demonstration of the Core Principles. The chief audit executive (CAE) should use these enablers and key indicators to customize an approach to demonstrating the Core Principles that is most applicable to its internal audit team. This customized approach may be used as the basis for a selfassessment tool that may supplement the internal audit activity’s quality assurance and improvement program (QAIP), as well as providing an easy-to-understand, high-level communication of the internal audit activity’s value and effectiveness to key stakeholders, such as senior management and the board. The eBook Practice Guide: Demonstrating the Core Principles for the Professional Practice of Internal Auditing costs $25.00

Fraude kan de bedrijfsactiviteiten verstoren, zorgen voor compliance risico’s, de naam van een organisatie in diskrediet brengen en aanzienlijke kosten voor een organisatie en haar stakeholders opleveren. Al heeft het management, onder toezicht van het bestuur, de primaire verantwoordelijkheid voor het vaststellen en bewaken van effectieve beheersingsmaatregelen om fraude tegen te gaan en op te sporen, het is de plicht van de internal auditfunctie om het risico op fraude te beoordelen volgens de internationale standaarden voor de beroepsuitoefening van internal auditing. In deze praktijkgids worden de kenmerken van fraude beschreven, evenals het proces van het tijdens de planning van de opdracht vaststellen en beoordelen van frauderisico’s. Hoe de frauderisicobeoordeling precies moet worden opgenomen in de planning van de opdracht, kan variëren al naargelang de behoeften van de individuele organisatie, de internal auditfunctie en de opdracht. Over het algemeen omvat het proces echter de volgende stappen: • het verzamelen van informatie om inzicht te krijgen in het doel en de context van de opdracht, alsook in de governance, het risicomanagement en de beheersingsmaatregelen die van belang zijn voor het te beoordelen domein of proces; • het brainstormen over fraudescenario’s om potentiële frauderisico’s te identificeren; • het beoordelen van de geïdentificeerde frauderisico’s om te bepalen welke risico’s tijdens de opdracht verder moeten worden geëvalueerd.

There is a gap in internal audit-specific guidance supporting the education and training of financial services auditors. The industry requires its practitioners to have specific knowledge that addresses functions in a unique atmosphere, such as requirements and expectations of regulators, complexity of products, and the role of internal auditors. The demand for internal auditors with financial services knowledge and experience is growing rapidly, propelled by regulatory pressures to appropriately staff internal audit programs with the right volume and caliber of resources. This has led many internal audit activities within the highly regulated financial services industry to increase their staff in accordance with the new global operating environment and in terms of quality and quantity. This guidance will enable internal auditors to: Understand the financial sector environment, including key objectives, business areas, and related risks as well as the impact of globally accepted principles that provide the foundation for laws and regulations within the industry. Identify industry-specific risks relevant for the jurisdiction in which a company operates and commonly used frameworks. Identify the roles and assurance activities of the second line of defense functions within financial services that provide coverage of sector-specific risks. Understand the relationship internal audit has with its external regulator/supervisor and how to effectively manage expectations of the regulator while maintaining a reporting relationship to the board. Understand how the second-line functions can integrate activities such as risk assessment, planning, leveraging engagement work and conclusions, and reporting results. The eBook Practice Guide: Foundations of Internal Auditing in Financial Services Firms $25.00  

Before you can determine where to go and how to get there, you must figure out where you are. The concept of data analytics has become a mandate for internal audit functions. The question isn’t 'if'; it isn’t even 'when.' The time is now; the question is how? If you have not yet started or have only dabbled in the world of data analytics, it is time to learn about it and recognize the potential value you can contribute to your organization by implementing even a basic foundation and building on it as you appreciate the full value and power of information. Is it a daunting proposition? It can be, and there is a learning curve, but even small audit functions can take advantage of the power that data analytics can provide. It can further your reach into and visibility within your organization, allowing you to stay relevant and contribute to your organization’s betterment by providing greater value. “Analytics Refresher,” published almost five years ago in Internal Auditor magazine, is still on target today. “Internal audit can be a catalyst for expanding the use of analytics through the company to provide greater, more holistic business insights,” states the article’s author, Neil White. Those who are not fully engaging in data analytics can enhance their organizational profile and usefulness by making it a priority to introduce data analytics into the audit plan. You can find part 2 here.