Vaktechnische Publicaties

Smart devices, such as cell phones and tablets, offer truly mobile and convenient options for working remotely. Like any new or expanding technology, smart devices also introduce additional risks for organizations. Internal auditing’s approach to assessing risks and controls related to smart devices is evolving as new technologies emerge and the variety of devices increases. To meet these challenges, internal auditors are tasked with: Understanding the organization’s smart device strategy. Evaluating the effect of smart device technology on the organization. Providing assurance over the smart device environment by: - Identifying and assessing risks to the organization arising from the use of such devices. - Determining the adequacy of applicable governance, risk management, and controls related to such devices. - Reviewing the design and effectiveness of related controls. Chief audit executives (CAEs) should have a thorough understanding of the opportunities and threats that smart devices present to the organization and the internal audit activity. The internal audit activity can support management’s efforts to mitigate risks associated with the use of smart devices. This guidance should help internal auditors better understand the technology, risks, and controls associated with smart devices. Appendix C provides an engagement work program, including a risk assessment, designed specifically to evaluate risk management and controls related to smart devices.

Hier een teaser in te vullen

This report provides an overview of results from the 2015 Global Internal Audit Practitioner Survey regarding The Institute of Internal Auditors’ (IIA’s) International Standards for the Professional Practice of Internal Auditing. The Standards represent minimum expected requirements that normally should be found in all internal audit functions. They provide a foundation for performing efficiently and effectively, and are intended for use wherever internal auditing is practiced. Yet despite the fact that conformance to the Standards is mandatory for all members of The IIA and for all Certified Internal Auditors (CIAs), the survey found significant levels of nonconformance. Almost half of surveyed chief audit executives (CAEs) report that they do not use all the Standards, and fewer still say that they are in conformance with the Standards. An underlying objective of the Standards is to ensure that internal audit is effective, of high value, and of high and consistent quality. Nonconformance undermines this objective, and significant levels of nonconformance are detrimental to the image and reputation of the internal audit profession. Fortunately, the CBOK survey also found that significant progress is being made toward more consistent conformance. The CBOK 2015 Global Internal Audit Practitioner Survey found: While use of the Standards is increasing, almost half of CAEs still report that they do not use all of the Standards. Auditors holding internal audit-related professional certifications use the Standards more often than auditors without such certifications. Members of The IIA use the Standards more often than nonmembers. Standards use is more likely in highly regulated industries than in less-regulated industries, and more likely in publicly traded organizations than in privately owned organizations.] Use of all of the Standards is higher in the regions of North America, Europe, and SubSaharan Africa than in other parts of the world. More work may be needed in learning to apply the Standards and other elements of The IIA’s International Professional Practices Framework (IPPF) effectively. Almost a quarter of internal auditors evaluate themselves as being below the competent level in applying the IPPF to their work. Use of the Standards may be particularly challenging for internal auditors working at smaller internal audit departments. Auditors in one- to three-person departments use all of the Standards at a rate of 6% to 18% below the global average. Other reasons given for nonconformance include lack of board/management support, lack of perceived benefit compared to cost, and impacts on conformance caused by government regulations or standards.

The board of directors—whether it is the board in a unitary or single-tier structure or the supervisory board in a dual or two-tiered structure—is a key stakeholder of internal audit with needs that internal auditors are= uniquely positioned to provide. Most often, the board’s primary interface with internal audit is through its audit committee.* The CBOK 2015 stakeholder study offers insights as to the expectations of audit committees of internal audit. For audit committees, the insights provide a catalyst for taking stock of committee members’ interactions with and use of the internal audit function. For any progressive chief audit executive (CAE), these expectations offer opportunities to take the initiative to advance relationships with this vitally important stakeholder group by improving internal audit’s value proposition. Thus, the insights offer a pathway to continuous improvements that benefit all. Three broad themes emerged from the study. Audit committees should: Enable internal auditors to think more broadly and strategically as they plan for, execute, and report on their work. Encourage internal audit to move beyond assurance to enhance its value proposition. Take steps to ensure CAEs and the internal audit function are effectively positioned to deliver to expectations.  The survey responses from directors serving on audit committees surfaced six imperatives of interest to audit committees that support these three themes. Following is a brief discussion on each of the six imperatives. 

How mature is your internal audit department (or how mature can it be)? This subject is explored using responses from more than 2,500 chief audit executives (CAEs) in The IIA’s CBOK (Common Body of Knowledge) database. The findings were further supplemented through interviews with a small sample of CAEs from different regions in the world who commented on internal audit department maturity. Assessment of the internal audit department maturity is important because it helps build strategies to bridge the gaps between expected and realized internal audit quality. Maturity indicators are introduced to support principal stakeholders in deciding whether and how they can rely on internal audit departments’ services and guide CAEs in developing more mature internal audit departments. This report spans various industries in several global regions. It also reports on the influences of internal audit departments’ age and size, organization size, and degree of conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), among others. The report is organized in seven sections. Data was available to measure internal audit departmental maturity on the following indicators: Is almost fully aligned with the strategic plan of the organization Demonstrates agility and flexibility to adapt the internal audit planning and priorities to important changes in the strategic objectives of an organization Relies on a holistic risk assessment to build sufficient knowledge and understanding of the organization’s business at micro and macro levels Has an internal audit staff with a mixed background of traditional auditing skills and industry knowledge complemented with general business competence, critical thinking, and leadership skills Provides structured, documented, and diversified training programs for the internal audit staff Documents and continuously monitors the audit procedures to adapt them to the evolving environment Makes the internal audit strategy explicit and translates the strategy into key performance indicators (KPIs), which allow continuous monitoring of the achievement of the internal audit strategy Uses leading technology (like data mining, data analytics, and continuous/ real-time auditing) across the entire audit process to increase internal audit’s efficiency and effectiveness Has a Quality Assurance and Improvement Program (QAIP) for the internal audit department, which is aligned with the internal audit strategy and supported by a culture around continuous quality assurance and improvement In addition to these main findings, key action items are included in each section to help establish guidance in improving internal audit department maturity.