Vaktechnische Publicaties

Even the most well-prepared audit plans need to be flexible. The 2018 Global Risk Report outlines the top risks faced by CAEs: Talent Management, Data Analytics, Cyber, Regulations, and Responding to Disruption. Are your audit plans flexible and adequate to address these risks?  Presenting 2018 — a new year, new laws, regulations, opinions, ideas, technology, and risks. Today's business environment is significantly different than it was in the past; it is more complex and more connected. Organizations face new and unknown risks, but also new and untapped opportunities. Considering in the year ahead the new opportunities and number of potential challenges and risks — some of which are expected and some of which are unique to 2018 — audit plans should be viewed as frameworks that will change as events occur, including those that are disruptive. 

This report from the Internal Audit Foundation highlights the increasing importance of implementing a comprehensive anti-bribery program in today’s marketplace to combat corruption. It discusses internal audit’s role in evaluating the design, implementation, and effectiveness of the organization’s anti-bribery program. It supports practitioners’ efforts to take a proactive role in anti-bribery initiatives by outlining the elements of a structured anti-bribery program and providing a “how-to” approach for auditing anti-bribery measures. 

The Basel Committee on Banking Supervision (BCBS) strengthened capital adequacy guidelines following several global financial crises. If observed, banking institutions should be able to absorb the volatility of potential credit, market, and operational risks in the wake of another serious market shift. This new practice guide, developed for financial services auditors but useful to any auditor working with statistical models and capital, focuses on how to provide assurance that an institution is well capitalized to meet the guidelines and prepared for cyclical business changes. This guide will help readers understand, measure, and assess the appropriateness and completeness of an institution’s capital planning process. Topics include: How to evaluate whether capital processes support the institution’s stated risk appetite. Strategies and methods to model credit, market, and operational risk. Audit tools and techniques. This is for members only. To access it and other valuable resources, become a member today.

Potential improvements are presented to the auditee by means of a recommendation mainly based on an audit finding. An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the Internal audit function’s effectiveness. This paper relates specifically to the followup of findings and recommendations issued by internal audit, not those identified by first or second line of defence functions. It can also be applied to actions taken in response to issues identified by regulators or external auditors. Implementation of management actions is a first line or second line of defence responsibility. However, in case of insufficient implementation of management actions, the Internal audit function should investigate and document the reason. Therefore, a well-established follow-up monitoring process is crucial to evaluate an internal audit’s effectiveness.

The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area. This paper sets out the view of the ECIIA Banking Committee (the Committee) on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services.