Vaktechnische Publicaties

De huidige economische onzekerheid lijkt een voortzetting van de crisistoestand die startte met de pandemie. Terwijl de Europese economieën kwetsbaar zijn, worden organisaties geconfronteerd met de toegenomen klimaat gerelateerde druk, grote geopolitieke onzekerheden en blijvend evoluerende cyberrisico’s. Daarbij hebben veel organisaties uitdagingen in het aantrekken en behouden van talent en de vaardigheden die nodig zijn om met de onzekerheden om te gaan. Vooruit kijken en veerkracht zijn kritieke succes factoren. Elk jaar werken de Europese Instituten van Interne Auditors samen om de belangrijkste risico’s voor het komende kalenderjaar in kaart te brengen. De resultaten zijn bedoeld als hulpmiddel bij het opstellen van de auditplannen voor 2024 en geven de bestuursorganen een goed beeld van welke uitdagingen zij het komende jaar kunnen verwachten.  De resultaten van Risk in Focus 2024 zijn samengevat in vijf ‘hot topics’: Macro-economische en geopolitieke onzekerheid: focus op strategische verandering Cyber- en databeveiliging: versterken van het digitale zenuwstelsel Human capital, diversiteit, talentmanagement en -behoud: aanpassen van de cultuur  Klimaatverandering, biodiversiteit en ecologische duurzaamheid: omarmen in de missie Supply chain: versterken van kritieke partnerschappen  Belangrijke bevindingen uit het rapport: Cyber- en databeveiliging behoudt de nummer één positie als grootste risico. 84% vindt dit een top 5-risico voor hun organisatie. Logischerwijs is dit dan ook het risico waar internal auditors de meeste tijd besteden. Eerder werd dit risico verder vergroot door de pandemie, nu door de snelle ontwikkelingen in Artificial Intelligence (AI). Human capital, diversiteit en talent management blijft in belang stijgen; 58% van de respondenten ziet dit als top 5-risico, tegen 50% resp. 44% in voorgaande jaren. Macro-economische en geopolitieke onzekerheden komen op de derde plaats; 33% ziet dit zelfs als belangrijkste risico voor de organisatie. Onder invloed van de hoge(re) inflatie en rentetarieven heeft dit invloed op een groot aantal financiële en operationele gebieden. Klimaatverandering wordt gezien als grootste stijger in de komende jaren en zal in 2027 het derde belangrijkste risico zijn. Nieuwe rapportage-eisen moeten worden geïmplementeerd. Duurzaamheid is niet alleen een kwestie van regelgeving, maar ook van strategische heroriëntatie, zo wordt aangegeven.  Er is dit jaar ook een Board Briefing beschikbaar. 

Grootschalige complexe risico’s zetten organisaties onder druk. De huidige economische onzekerheid lijkt een voortzetting van de crisistoestand die startte met de pandemie. Terwijl de Europese economieën kwetsbaar zijn, worden organisaties geconfronteerd met de toegenomen klimaat gerelateerde druk, grote geopolitieke onzekerheden en blijvend evoluerende cyberrisico’s. Daarbij hebben veel organisaties uitdagingen in het aantrekken en behouden van talent en de vaardigheden die nodig zijn om met de onzekerheden om te gaan. Vooruit kijken en veerkracht zijn kritieke succes factoren. Dat maakt een gedegen evaluatie van deze risico’s voor uw organisatie des te belangrijker. Dat maakt een gedegen evaluatie van deze risico’s voor de organisatie des te belangrijker.  IIA Nederland heeft hiertoe wederom, dit keer samen met 15 andere Europese Instituten voor Internal Auditors, de meest impactvolle risico’s voor het komende kalenderjaar in kaart gebracht. Het rapport, ‘Risk in Focus 2024, hot topics for internal auditors’ beschrijft de belangrijkste ontwikkelingen en risicogebieden waar organisaties volgend jaar mee te maken (kunnen) krijgen. Het helpt besturen, commissarissen en internal auditors om risico's te evalueren die ze misschien (nog) niet hebben overwogen, of om deze risico's vanuit een nieuw perspectief te bekijken. Risk in Focus geeft internal auditors gerichte handvatten om hun jaarplan op te stellen en de specifieke risico’s in de eigen organisatie te evalueren. Klik hier voor de verkorte Board Briefing of het volledige rapport.

The current economic uncertainty appears to be a continuation of the crisis state that started with the pandemic. While European economies are fragile, organizations face increased climate-related pressures, major geopolitical uncertainties and ever-evolving cyber risks. In doing so, many organizations have challenges in attracting and retaining talent and the skills needed to deal with the uncertainties. Looking ahead and resilience are critical success factors. Each year, the European Institutes of Internal Auditors work together to identify key risks for the coming calendar year. The results are intended to help create audit plans for 2024 and give governing bodies a good idea of what challenges to expect in the coming year.  The results of Risk in Focus 2024 are summarized in five hot topics: Macroeconomic and geopolitical uncertainty: focus on strategic change Cyber and data security: strengthening the digital nervous system Human capital, diversity, talent management and retention: adapting culture  Climate change, biodiversity and environmental sustainability: embrace in the mission Supply chain: strengthen critical partnerships  Key findings from the report: Cyber and data security maintains the number one position as the biggest risk. 84% consider this a top 5 risk for their organization. Logically, then, this is also the risk where internal auditors spend the most time. Earlier this risk was further magnified by the pandemic, now by the rapid developments in Artificial Intelligence (AI). Human capital, diversity and talent management continues to rise in importance; 58% of respondents see this as a top 5 risk, up from 50% and 44% respectively in previous years. Macroeconomic and geopolitical uncertainties come in third place; 33% even see this as the most important risk for the organization. Influenced by high(er) inflation and interest rates, this affects a wide range of financial and operational areas. Climate change is seen as the biggest riser in the coming years and will be the third most important risk by 2027. New reporting requirements must be implemented. Sustainability is not only a matter of regulation, but also of strategic reorientation, it is indicated.  A Board Briefing is also available this year.  

Large-scale complex risks are putting pressure on organizations. Current economic uncertainty appears to be a continuation of the crisis state that started with the pandemic. While European economies are vulnerable, organizations are facing increased climate-related pressures, major geopolitical uncertainties and ever-evolving cyber risks. In doing so, many organizations have challenges in attracting and retaining talent and the skills needed to deal with the uncertainties. Looking ahead and resilience are critical success factors. That makes a thorough assessment of these risks all the more important for your organization. That makes a thorough evaluation of these risks for your organization all the more important.  To this end, IIA Netherlands has once again, this time together with 15 other European Institutes for Internal Auditors, identified the most impactful risks for the coming calendar year. The report, 'Risk in Focus 2024, hot topics for internal auditors' describes the most important developments and risk areas that organizations will (or may) have to deal with next year. It helps boards, commissioners and internal auditors to evaluate risks they may not (yet) have considered, or to look at these risks from a new perspective. Risk in Focus gives internal auditors targeted tools to create their annual plan and evaluate the specific risks in their own organization. Click here for the abridged Board Briefing or the full report.  

The Artificial Intelligence Revolution Part 2: Revisiting The IIA's Artificial Intelligence Framework In 2017, The Institute of Internal Auditors (IIA) set forth a framework of issues to be considered in addressing Artificial Intelligence (AI). Despite tremendous advancement in AI during the ensuing six years, the framework remains largely relevant and useful in most internal audit areas. This brief reviews key elements of the framework and their continuing applicability, explores other issues to consider, and examines the internal auditor’s role in AI going forward.   As a member of the IIA, you can download the report here. 

IIA Netherlands' latest guide ''Text analysis, just do it!'' describes the main possibilities and points of attention in applying text analysis in audits. Text analysis is a collection of automated techniques that leads to the extraction of new information and useful insights from textual data. There are also a variety of issues in audit practice for which text analysis adds value.  In early 2022, a survey was sent out to IIA members as a prelude to this handbook. This showed that they foresee both opportunities and challenges in the use of text analysis. This guide from IIA's Professional Practices Committee helps auditors to realize this.

Part I: Understanding, Adopting, and Adapting to AI When ChatGPT was released in November 2022, it was considered a significant leap forward in artificial intelligence (AI). Many compared it to the internet in terms of its potential to change and disrupt current business practices, regulations, and social norms. Given the broad and rapid growth of AI use, it’s important that internal auditors quickly develop a deep understanding of how it works, its practical applications in business and government, and the risks and opportunities it presents to organizations. This brief will examine these areas in depth and provide best practices and insights for keeping pace. This is for members only. To access it and other valuable resources, become a member today.

The big picture: Consistency, persistence and a strong belief in the value that a highly relevant internal audit function can deliver for the organization are key characteristics we observed in the CAEs profiled and serve as a good lesson for others making the journey. Why it matters: A strong embrace of new and emerging technologies and related skill sets is vital to advancing the relevance journey for many internal audit functions. To deliver relevant, actionable recommendations to the business, internal audit functions need teams of people with diverse backgrounds, perspectives and expertise. One of the best indicators of whether an internal audit function is considered relevant is the business proactively reaching out to the organization for guidance. The bottom line: Relevance is a destination and an ongoing journey — with multiple viable paths — for internal audit. 

From the mailroom to the boardroom, the workplace is changing in profound ways. Likewise, so is internal audit’s role, which has already broadened to encompass emerging areas such as environmental, social, and governance (ESG) reporting and culture risk—of which diversity, equity, and inclusion (DEI) is an important element. To help internal auditors add value by bringing their insights and expertise to the evaluation of corporate culture, Deloitte, the Internal Audit Foundation, and the Institute of Internal Auditors developed a three-part series on internal audit’s opportunity and obligation to help foster a diverse, equitable, and inclusive culture by starting within its own function. The first paper, Diversity, Equity, and, Inclusion 101: Internal Audit’s Invaluable Role in Creating a Sense of Belonging at Work, focused on how internal audit can help shape corporate culture and accelerate the movement toward greater diversity, equity, and inclusivity throughout the organization, from top to bottom. By embedding DEI concepts into its roles and responsibilities, internal audit can support management in meeting their DEI objectives by providing assurance, serving as a trusted advisor, and acting as a change agent. The paper also presents some risks internal auditors should consider when performing DEI reviews, such as the risk of using an incomplete methodology, focusing too narrowly, relying solely on a top-down approach, and seeking a quick fix. The second piece in the series, Driving an Inclusive Culture: Internal Audit’s Role in Recruiting, Retaining, and Developing Diverse Talent, explained how internal audit can help foster inclusion in DEI recruitment, retention, and development by working across the four As—Assure, Advise, Anticipate, and Accelerate. It also presented leading practices for obtaining a mix of traits and acquired factors, such as skills, experiences, and backgrounds, and emphasized the importance of allyship in promoting inclusion. As the third and final piece in the series, this paper details how internal audit can practically apply audit techniques within its own function, at the enterprise level, and among stakeholders to support management in achieving its DEI objectives. This generally can be accomplished by providing insight into cultural risks, assessing DEI initiatives, and leading by example.

Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program During the pandemic, the US government provided economic relief to many organizations and their employees through the Paycheck Protection Program (PPP), which helped businesses continue to compensate their staff. The program dispensed more than $800 billion with few requirements to ensure recipients were entitled to those funds. This Fraud and Emerging Tech publication, written by The IIA's David Petrisky and produced in partnership with the Anti-Fraud Collaboration of which The IIA is a member, uncovers which controls and technology should have been implemented to mitigate the risk of fraud.

Covid, ‘me too’, ESG zijn ontwikkelingen die vragen om (nog) meer aandacht voor cultuur, van het bestuur én van de auditor. Cultuur is veelomvattend, dynamisch en complex en leent zich niet voor één blauwdruk van hoe de organisatiecultuur eruit zou moeten zien. Het ontbreken van een dergelijke norm én de ‘’zachtheid’’, oftewel de moeilijke meetbaarheid van het begrip, maken het voor de internal auditor een uitdaging om cultuur mee te nemen in de werkzaamheden. Tegelijkertijd kan de internal auditor, als relatieve buitenstaander, bestuurders onafhankelijk informeren, ook over de mate waarin houding en gedrag ondersteunend zijn aan de strategie.  Het rapport ‘Cultiveer een gezonde cultuur’, een samenwerking tussen IIA Nederland en KPMG biedt een groot aantal handvatten om te reflecteren op je eigen ambitie en aanpak als internal auditor, en waar nodig bij te dragen aan de doorontwikkeling van cultuuraudits. Centraal in het rapport staat de vraag hoe internal auditors op dit moment cultuur en gedrag meenemen in hun audits, gegeven de hiervoor geschetste ontwikkelingen.  Het rapport is tot stand gekomen middels een combinatie van kwalitatieve en kwantitatieve onderzoekstechnieken. Er is gebruik gemaakt van een enquête, groepsinterview en verdiepende gesprekken.    

This final installment of The IIA’s Global Knowledge Brief series on GRC addresses how GRC systems are evolving from the incorporation of new technologies as well as what inherent risks are involved in embracing digital transformation. This brief also addresses where internal audit fits into this conversation and how it might best aid organizations as they continue this critical journey. You can find part 1 here. You can find part 2 here.  This is for members only. To access it and other valuable resources, become a member today.

De nieuwste handreiking van IIA Nederland ‘’Tekstanalyse, gewoon doen!’’ beschrijft de belangrijkste mogelijkheden en aandachtspunten in het toepassen van tekstanalyse in audits. Tekstanalyse is een verzameling geautomatiseerde technieken die leidt tot het extraheren van nieuwe informatie en bruikbare inzichten uit tekstuele gegevens. Ook in de auditpraktijk zijn er allerhande vraagstukken waarvoor tekstanalyse een toegevoegde waarde is.  Begin 2022 is er een enquête uitgestuurd onder de leden van het IIA als opmaat naar deze handreiking. Hieruit bleek dat zij zowel kansen als uitdagingen voorzien bij het gebruik van tekstanalyse. Deze handreiking van de Commissie Professional Practices van het IIA, helpt auditors daarbij.

The market context in which insurance companies operate is fundamentally changing. The use of data and Artificial Intelligence (AI) algorithms is growing significantly and is expected to be a key currency of future success. With the huge quantities of data created across the insurance value chain, AI provides tremendous opportunities for further automation of processes, development of new, more customer-centric products and the assessment of insurance risks. With these new possibilities, processes are becoming more complex and risks need to be handled. AI algorithms may have a direct impact on people and therefore ethical and privacy questions arise, which in turn brings regulators and industry bodies to the discussion to avoid adverse effects, without stifling the innovation and potential of AI. Insurance companies must achieve the right balance between improving their operations with the new solutions which AI will make possible and managing the corresponding risks. This requires rigorous risk assessment and management of the development, implementation and use of AI. The importance is reflected by various legislation currently under development across the world, including the European Union’s AI Act, which includes penalties of up to 6% of total worldwide annual turnover. With these regulatory requirements and the potential reputational implications, AI risk management cannot be completely diversified or assessed proportionally. No matter the size of the insurance company, it can be catastrophic for reputation and business if customers are harmed by AI. That’s why Internal Audit should play a role in providing assurance and advice on mitigating risks arising from implementing AI. The Internal Audit function can, according to its mandate, help organizations with the balancing act between risk mitigation and business innovation. This could include developing strategies for assurance to govern AI, data privacy and security, reviewing processes for potential bias and ensuring compliance with relevant laws and regulations. In addition, internal auditors can provide insights and advice for companies in understanding and mitigating the risks associated with AI adoption and use. Internal Audit should be involved from the start of new AI implementations to provide advice on how to implement AI securely, according to policies and regulation. Following a top down approach is wise, starting with auditing the AI strategy, governance and test individual instances, algorithms and models, starting with high risk AI. This will ensure that the development is being conducted in an efficient and effective manner and that controls are in place tailored to the risks related to the specific AI implementation. Internal Audit should not only provide assurance over the process of developing AI, but also perform risk-based deep dives to ensure AI implementation is compliant and working effectively. Auditing AI includes technical aspects, data governance and quality, ethical themes and business application. Therefore, a multidisciplinary audit team should be formed. The team should have representatives from IT audit, data science, business audit and specific technical expertise such as actuaries, as well as ethics, to ensure each aspect is thoroughly assessed. Hence, Internal Audit departments should upskill their staff where needed, to stay ahead of key new developments, and be able to independently assess the risks, plan and execute audits as required. Our research has shown that most Internal Audit departments are at an early state of establishing the required skills and processes, and often not keeping up with the rapid development in use of AI in the Insurance industry. For these reasons, this paper contains a proposal of an AI Audit Program, where the most important AI related risks, possible root causes and testing strategies are identified.

Management guru Peter Drucker once said, “[only] what gets measured, gets managed.” So, how are organizations quantifying non-financial risk? Internal audit can play a key role in helping organizations develop strategies that tackle this issue.  This Global Knowledge Brief, the second in a three-part series on governance, risk, and control (GRC), examines the challenges of quantifying non-financial risks and how companies are addressing them, as well as the important role that internal audit can play in advancing understanding in this area.  You can find part 1 here. You can find part 3 here.  This is for members only. To access it and other valuable resources, become a member today.