Vaktechnische Publicaties

AI can be a daunting topic for an internal auditor, especially as organizations’ AI adoption and use continue to grow. Now more than ever, organizations are looking to internal audit for increased guidance on AI.  The IIA has updated its AI Auditing Framework to reflect this ever-evolving world of AI. In four parts, it will help you understand risks and identify best practices and internal controls for AI. If you are an IIA member, you can download the report here.   

Part of The IIA’s new Artificial Intelligence 101 series, this guide provides internal auditors with use cases, sample prompts, and key considerations when using natural language processing (NLP) tools. If you are an IIA member, you can download the report here.   

Interne auditfuncties moeten wendbaar blijven bij het ontwikkelen van hun auditplannen voor 2024, aangezien hun organisaties met steeds veranderende uitdagingen worden geconfronteerd. De onzekerheid en ontwrichting die vorig jaar in het mondiale zakenlandschap te zien was, blijft de druk op de risico- en controleomgeving vergroten. De meeste organisaties blijven kampen met onzekerheden in de toeleveringsketen, de gevolgen van inflatie en geopolitieke onzekerheden. Om de hoofden van Internal Audit te ondersteunen, hebben we de belangrijkste thematische gebieden en gerelateerde risico’s geïdentificeerd en samengesteld waarmee Internal Audit-functies rekening moeten houden bij het ontwikkelen van hun Internal Audit-plannen voor 2024. De onderstaande thematische gebieden omvatten zowel opkomende als gevestigde risico’s waarmee Internal Audit rekening moet houden wanneer het voorbereiden van zijn agile jaarlijkse Internal Audit-plan. Hoewel het onderstaande geen uitputtende lijst van thematische gebieden is, kunnen deze als uitgangspunt dienen waar de Internal Audit-functie gebruik van kan maken bij het beoordelen van het risicoprofiel en de controleomgeving van de organisatie in 2024. We hebben verdere informatie over elk thematisch gebied aan de ommezijde gegeven. Download de KPMG paper hier. (ENG)

Artificial Intelligence – Cybersecurity Friend and Foe Cybersecurity is the top risk consideration for internal auditors, and that will remain the case for the foreseeable future. Indeed, it is the singular risk consuming their greatest time and effort, according to Risk In Focus 2024. This brief, the second in a three-part series on cybersecurity sponsored by AuditBoard, examines how artificial intelligence (AI) contributes to cybersecurity challenges and opportunities, and what internal auditors need to know about this emerging and evolving risk area as a cybersecurity consideration. This article is for IIA members only and can be downloaded here.

Staffing and Development for the Next Generation Cybersecurity poses a significant threat for organizations of any size. Internal audit is well-suited to play a key role in helping to manage cyber risks, but it must have the resources it needs to fulfill that role. This brief, the first in a three-part series on cybersecurity in collaboration with AuditBoard, looks at the options and strategies internal audit leaders can follow to ensure they have the talent they need to address ongoing cyber risks. As a member of the IIA, you can download the report here. 

When ChatGPT was released in November 2022, it was considered a significant leap forward in artificial intelligence (AI). Many compared it to the internet in terms of its potential to disrupt business practices, regulations, and social norms. While this specific system has received a tremendous amount of attention, it is only one example of the many tools that fall under the AI umbrella. AI is at the heart of every smart device that we use, and it also drives far more sophisticated applications that are transforming businesses. It is being put to work in business, government, health care, and many other fields to replicate human analysis and even decision making. While this evolving marvel holds great promise to revolutionize business, internal auditors should learn the technology, understand its usage within their organizations, and examine related ethical considerations. This series looks at: Understanding, Adopting, and Adapting to AI Revisiting The IIA's Artificial Intelligence Framework Internal Audit's Role in AI Ethics You can download the report here.  This is part of the 3 GKB's about the Artificial Intelligence Revolution, which we have publicated before. You can find part 1, 2 and 3 here. 

Companies’ stakeholders from investors to citizens increasingly demand better sustainability performance and disclosures from businesses. Policymakers and regulators are also introducing new legislation on companies’ sustainability obligations and value chains. Company boards need to prepare for their enhanced sustainability obligations. This document, issued by Accountancy Europe, ecoDa and ECIIA, aims to help boards with embedding sustainability – and specifically environmental, social and governance (ESG) factors – into company strategy and business models, and to ensure that proper governance supports this. It is based on exchanges with specialists from the 3 organisations and interviews. This document is innovative in that it proposes a whole set of questions that structure the thinking of board members around sustainability and turns it from a buzzword to a concrete reality. It sets out practical questions to consider in their efforts on ESG, sustainability transition planning, delivery on sustainability objectives and limiting greenwashing risks. ESG governance: questions boards should ask to lead the sustainability transition– publication and summary.

Internal auditors and industrial/commercial companies are still looking for best practices in dealing with the risks and benefits associated with ESG. The regulation is evolving quickly and it is not just about compliance but about the business, strategy, culture, and operations that must evolve. This position paper is a clear call for Board Members and Top Management to move towards a more sustainable business with Internal Audit as a valuable partner in this journey; leveraging on the experience, the business knowledge and the role Internal Audit plays in Governance, Risk Management and Internal Controls. In industrial and commercial companies, the support of Internal Audit can vary depending on the maturity of the organisation with opportunities also for less mature companies to invest and get ready. The various roles are described and the question  “if” Internal Audit could play a fundamental role over ESG” is no longer a question Boards and Top Management should ask but rather it is more of “how” they can best benefit from this privileged view. You can download the report here. 

The Digital Operational Resilience Act (DORA) is the European Union’s (EU) strategic approach to managing systemic risk within the financial system. DORA is designed to improve the cybersecurity and operational resilience of the financial services sector (as of 2025). The paper explains the role internal auditors should play, specifically regarding third-party outsourcing. Press release You can download the full publication here.

Part 3: Internal Audit's Role in AI Ethics Amid rapid advancements in artificial intelligence (AI), concerns about ethics and related issues have prompted some to recommend a hiatus or slowdown in further development. But despite calls for temporary halts, many organizations are ramping up AI use or planning to do so. Internal auditors will clearly have an important assurance and advisory role as organizations wrestle with AI choices and their implications.  This brief, the final in a three-part AI series, addresses the ethical issues surrounding this multifaceted technology and what those issues mean to organizations and internal auditors. This brief also includes recommendations and insights from management and internal auditors already working on the frontlines of AI use. You can find part 1 here. You can find part 2 here. As a member of the IIA, you can download part 3 report here. 

De huidige economische onzekerheid lijkt een voortzetting van de crisistoestand die startte met de pandemie. Terwijl de Europese economieën kwetsbaar zijn, worden organisaties geconfronteerd met de toegenomen klimaat gerelateerde druk, grote geopolitieke onzekerheden en blijvend evoluerende cyberrisico’s. Daarbij hebben veel organisaties uitdagingen in het aantrekken en behouden van talent en de vaardigheden die nodig zijn om met de onzekerheden om te gaan. Vooruit kijken en veerkracht zijn kritieke succes factoren. Elk jaar werken de Europese Instituten van Interne Auditors samen om de belangrijkste risico’s voor het komende kalenderjaar in kaart te brengen. De resultaten zijn bedoeld als hulpmiddel bij het opstellen van de auditplannen voor 2024 en geven de bestuursorganen een goed beeld van welke uitdagingen zij het komende jaar kunnen verwachten.  De resultaten van Risk in Focus 2024 zijn samengevat in vijf ‘hot topics’: Macro-economische en geopolitieke onzekerheid: focus op strategische verandering Cyber- en databeveiliging: versterken van het digitale zenuwstelsel Human capital, diversiteit, talentmanagement en -behoud: aanpassen van de cultuur  Klimaatverandering, biodiversiteit en ecologische duurzaamheid: omarmen in de missie Supply chain: versterken van kritieke partnerschappen  Belangrijke bevindingen uit het rapport: Cyber- en databeveiliging behoudt de nummer één positie als grootste risico. 84% vindt dit een top 5-risico voor hun organisatie. Logischerwijs is dit dan ook het risico waar internal auditors de meeste tijd besteden. Eerder werd dit risico verder vergroot door de pandemie, nu door de snelle ontwikkelingen in Artificial Intelligence (AI). Human capital, diversiteit en talent management blijft in belang stijgen; 58% van de respondenten ziet dit als top 5-risico, tegen 50% resp. 44% in voorgaande jaren. Macro-economische en geopolitieke onzekerheden komen op de derde plaats; 33% ziet dit zelfs als belangrijkste risico voor de organisatie. Onder invloed van de hoge(re) inflatie en rentetarieven heeft dit invloed op een groot aantal financiële en operationele gebieden. Klimaatverandering wordt gezien als grootste stijger in de komende jaren en zal in 2027 het derde belangrijkste risico zijn. Nieuwe rapportage-eisen moeten worden geïmplementeerd. Duurzaamheid is niet alleen een kwestie van regelgeving, maar ook van strategische heroriëntatie, zo wordt aangegeven.  Er is dit jaar ook een Board Briefing beschikbaar. 

Large-scale complex risks are putting pressure on organizations. Current economic uncertainty appears to be a continuation of the crisis state that started with the pandemic. While European economies are vulnerable, organizations are facing increased climate-related pressures, major geopolitical uncertainties and ever-evolving cyber risks. In doing so, many organizations have challenges in attracting and retaining talent and the skills needed to deal with the uncertainties. Looking ahead and resilience are critical success factors. That makes a thorough assessment of these risks all the more important for your organization. That makes a thorough evaluation of these risks for your organization all the more important.  To this end, IIA Netherlands has once again, this time together with 15 other European Institutes for Internal Auditors, identified the most impactful risks for the coming calendar year. The report, 'Risk in Focus 2024, hot topics for internal auditors' describes the most important developments and risk areas that organizations will (or may) have to deal with next year. It helps boards, commissioners and internal auditors to evaluate risks they may not (yet) have considered, or to look at these risks from a new perspective. Risk in Focus gives internal auditors targeted tools to create their annual plan and evaluate the specific risks in their own organization. Click here for the abridged Board Briefing or the full report.  

The current economic uncertainty appears to be a continuation of the crisis state that started with the pandemic. While European economies are fragile, organizations face increased climate-related pressures, major geopolitical uncertainties and ever-evolving cyber risks. In doing so, many organizations have challenges in attracting and retaining talent and the skills needed to deal with the uncertainties. Looking ahead and resilience are critical success factors. Each year, the European Institutes of Internal Auditors work together to identify key risks for the coming calendar year. The results are intended to help create audit plans for 2024 and give governing bodies a good idea of what challenges to expect in the coming year.  The results of Risk in Focus 2024 are summarized in five hot topics: Macroeconomic and geopolitical uncertainty: focus on strategic change Cyber and data security: strengthening the digital nervous system Human capital, diversity, talent management and retention: adapting culture  Climate change, biodiversity and environmental sustainability: embrace in the mission Supply chain: strengthen critical partnerships  Key findings from the report: Cyber and data security maintains the number one position as the biggest risk. 84% consider this a top 5 risk for their organization. Logically, then, this is also the risk where internal auditors spend the most time. Earlier this risk was further magnified by the pandemic, now by the rapid developments in Artificial Intelligence (AI). Human capital, diversity and talent management continues to rise in importance; 58% of respondents see this as a top 5 risk, up from 50% and 44% respectively in previous years. Macroeconomic and geopolitical uncertainties come in third place; 33% even see this as the most important risk for the organization. Influenced by high(er) inflation and interest rates, this affects a wide range of financial and operational areas. Climate change is seen as the biggest riser in the coming years and will be the third most important risk by 2027. New reporting requirements must be implemented. Sustainability is not only a matter of regulation, but also of strategic reorientation, it is indicated.  A Board Briefing is also available this year.  

Grootschalige complexe risico’s zetten organisaties onder druk. De huidige economische onzekerheid lijkt een voortzetting van de crisistoestand die startte met de pandemie. Terwijl de Europese economieën kwetsbaar zijn, worden organisaties geconfronteerd met de toegenomen klimaat gerelateerde druk, grote geopolitieke onzekerheden en blijvend evoluerende cyberrisico’s. Daarbij hebben veel organisaties uitdagingen in het aantrekken en behouden van talent en de vaardigheden die nodig zijn om met de onzekerheden om te gaan. Vooruit kijken en veerkracht zijn kritieke succes factoren. Dat maakt een gedegen evaluatie van deze risico’s voor uw organisatie des te belangrijker. Dat maakt een gedegen evaluatie van deze risico’s voor de organisatie des te belangrijker.  IIA Nederland heeft hiertoe wederom, dit keer samen met 15 andere Europese Instituten voor Internal Auditors, de meest impactvolle risico’s voor het komende kalenderjaar in kaart gebracht. Het rapport, ‘Risk in Focus 2024, hot topics for internal auditors’ beschrijft de belangrijkste ontwikkelingen en risicogebieden waar organisaties volgend jaar mee te maken (kunnen) krijgen. Het helpt besturen, commissarissen en internal auditors om risico's te evalueren die ze misschien (nog) niet hebben overwogen, of om deze risico's vanuit een nieuw perspectief te bekijken. Risk in Focus geeft internal auditors gerichte handvatten om hun jaarplan op te stellen en de specifieke risico’s in de eigen organisatie te evalueren. Klik hier voor de verkorte Board Briefing of het volledige rapport.

IIA Netherlands' latest guide ''Text analysis, just do it!'' describes the main possibilities and points of attention in applying text analysis in audits. Text analysis is a collection of automated techniques that leads to the extraction of new information and useful insights from textual data. There are also a variety of issues in audit practice for which text analysis adds value.  In early 2022, a survey was sent out to IIA members as a prelude to this handbook. This showed that they foresee both opportunities and challenges in the use of text analysis. This guide from IIA's Professional Practices Committee helps auditors to realize this.