Vaktechnische Publicaties

Now is the time to commit to the journey to evolve into a next-generation internal audit function. While this journey will be prolonged and marked with steep challenges, it is absolutely imperative given the intensifying nature of the digital transformation underway in the rest of the organization and the overall market. The results of the 2019 Internal Audit Capabilities and Needs Survey, in which Protiviti takes an in-depth look at the adoption of next-generation internal audit competencies such as agile auditing, artificial intelligence (AI), machine learning (ML), robotic process automation (RPA) and continuous monitoring, among many others, provide a detailed assessment of how internal audit groups are progressing on their next-generation journeys. 

Risk management is driven by more than regulations and external forces. Implementing efficient and effective risk management benefits organizations of any type and size by helping them to achieve operational and strategic objectives and to increase value and sustainability, ultimately better safeguarding their stakeholders. Internal auditors must evaluate the effectiveness and contribute to the improvement of risk management process (Standard 2120 – Risk Management). Benchmarking the current state of the organization’s risk management against a risk management maturity model is a good place to start this type of assessment. Benchmarking may help the internal audit activity communicate with senior management and the board about the organization’s level of risk management maturity and about aspiring to improve the process and advance in maturity. This information also enables internal auditors to appropriately tailor each engagement, taking into account the maturity of the area or process under review. This guidance provides examples of risk management maturity models and a basic methodology internal auditors may use to provide independent assurance that the organization’s risk management process is effective. Applying the guidance will help internal auditors protect and enhance organizational value and fulfill the expectations of the board and senior management.

Leaders of organizations in virtually every industry, size of organization and geographic location are reminded all too frequently that they operate in what appears to many to be an increasingly risky global landscape. Protiviti and North Carolina State University's ERM Initiative provided this report focusing on the top risks currently on the minds of global boards of directors and executives. The report contains results from the seventh annual risk survey of directors and executives to obtain their views on the extent to which a broad collection of risks is likely to affect their organizations over the next year. The respondent group provided their perspectives about the potential impact in 2019 of 30 specific risk across three dimensions: Macroeconomic risks likely to affect their organization's growth opportunities Strategic risks the organization faces that may affect the validity of its strategy for pursuing growth opportunities Operational risks that might affect key operations or the organizaion in executing its strategy

ESG, ofwel Environmental, Social en Governance gerelateerde risico’s, kunnen een grote invloed hebben op het succes en zelfs de continuïteit van een organisatie. COSO en de World Business Council for Sustainable Development (WBCSD) hebben guidance ontwikkeld om deze risico’s in kaart te brengen en effectief te managen: Enterprise Risk Management. Daartoe wordt het (nieuwe) COSO ERM-model toegespitst op de ESG-risico’s: "Applying enterprise risk management to environmental, social and governance-related risks." This guidance is designed to help risk management and sustainability practitioners apply enterprise risk management (ERM) concepts and processes to ESG-related risks. The purpose of this guidance is to help an entity achieve: Enhanced resilience: An entity’s medium- and long-term viability and resilience will depend on the ability to anticipate and respond to a complex and interconnected array of risks that threaten the strategy and objectives. A common language for articulating ESG-related risks: ERM identifies and assesses risks for potential impact to the strategy and business objectives. Articulating ESG-related risks in these terms brings ESG issues into mainstream processes and evaluations. Improved resource deployment: Obtaining robust information on ESG-related risks enables management to assess overall resource needs and helps optimize resource allocation. Enhanced pursuit of ESG-related opportunities: By considering both positive and negative aspects of ESG-related risks, management can identify ESG trends that lead to new opportunities. Realized efficiencies of scale: Managing ESG-related risks centrally and alongside other entity-level risks helps to eliminate redundancies and better allocate resources to address the entity’s top risks.

IIA Global heeft een nieuwe Practice Guide uitgebracht over het auditen van het risicomanagement van het uitbesteden van activiteiten (Auditing third party risk management). De timing daarvan is heel passend, nu samenwerkingsverbanden steeds meer toenemen en het rapport Risk in Focus juist third parties als belangrijk aandachtsgebied voor cybersecurity benoemt.  Uit onderzoek blijkt namelijk dat 63% van de cybersecurity-inbreuken is terug te herleiden naar derde partijen aan wie taken zijn uitbesteed. Dat maakt third party management een belangrijk onderwerp voor auditors. Deze praktijkgids biedt daar de handvatten voor. The Practice Guide: Auditing Third Party Risk Management is a useful tool to become better informed on risks related to third-party provider management. Risks across the full vendor life cycle are considered, including the appropriate sourcing, ongoing management, and termination of vendors. Further exploration into risks resulting from the types of services being provided and the sensitivity of data being shared is covered. Sample audit guidance is offered, making this a robust resource with tangible tools. The eBook Practice Guide: Practice Guide: Auditing Third-party Risk Management costs $25.00