Vaktechnische Publicaties

This new report, “Building a Best-In-Class Whistleblower Hotline Program,” by The IIA and ACFE identifies key elements of a best-in-class whistleblower hotline program, especially as it pertains to fraud detection. The report includes practical, data-driven guidance on how internal audit leaders, anti-fraud professionals, and others can most effectively manage and support these programs within their organizations.  The report: Provides benchmarking data for hotline programs at organizations around the world. Evaluates the factors that contribute to the effectiveness of whistleblower hotline programs. Explores the reasons organizations do not have a hotline program, as well as regional differences in hotline programs. Infographic: The ACFE and The IIA collaborated on a study to identify key elements of a best-in-class whistleblower hotline program, especially as it pertains to fraud detection. How does your Whistleblower Program Measure Up? Less than half (44%) of organizations train managers and supervisors on how to avoid, recognize, and respond to potential retaliation against whistleblowers.  Download the infographic now for key study findings.

The Fraud Risk Management Guide: 2nd Edition offers a blueprint for helping organizations establish an overall Fraud Risk Management Program. An update to the original version released in 2016, the 2nd Edition addresses more recent anti-fraud developments, revises terminology, and adds important information related to technology developments - specifically data analytics. It is intended to give organizations of all sizes across all industries the information necessary to design a plan specific to the risks for that entity. There is no “one size fits all approach” to managing fraud risk. But with the right approach, an organization can create a custom-fitted program tailored to its specific needs.????  

This Global Perspectives & Insights examines fraud threats and opportunities in the current risk landscape, from lingering challenges associated with the waning COVID-19 pandemic to threats associated with the cryptosphere to developing new partners in the battle against fraud.  Part 1: Fraud in the Cryptosphere Part 2: Internal Auditors and Fraud Examiners: A Valuable Partnership Part 3: The Hangover: Fraud in the Post-COVID Era

This GTAG helps internal auditors understand insider threats and related risks by providing an overview of common dangers, key risks, and potential impacts. Additionally, the guide defines key terms in the insider threat universe, and presents security frameworks, techniques, considerations, and resources that can help during the planning and execution of audit engagements. By becoming aware of insider threats and the associated risks and by learning about insider threat programs, internal auditors have a tremendous opportunity to add value by helping their organizations strengthen governance, risk management, and control processes. Topics include: How to better understand insider threats and guidance for practical audit considerations. Ways to assess and prioritize insider threats in audit planning. How to increase collaboration with management. Ways to champion the communication of insider threats to management and the board. You can find part 2 here. You can find part 3 here.  This is for members only. To access it and other valuable resources, become a member today.

For the better part of two years, COVID-19 caused disruptions across the board, ranging from the way that people worked, where they worked, how their organizations dealt with suppliers and supply chain issues, and how they handled significant concerns, such as maintaining internal controls and detecting and preventing fraud Today, the world breathes easier as the worst of the pandemic slowly fades into history, but even still, one should not assume that the risks associated with COVID-19 are no longer a concern. Indeed, organizations that make that assumption could be making a grave mistake. This Global Knowledge Brief, the third in a three-part fraud series from The Institute of Internal Auditors (IIA), examines various pandemic-related fraud factors identified in the 2022 ACFE Report to the Nations, how they may impact organizations, and internal audit’s role in organizational efforts to mitigate those fraud risk factors.  You can find part 1 here. You can find part 2 here. This is for members only. To access it and other valuable resources, become a member today.

A premier source of data for internal audit leaders, the 2023 North American Pulse of Internal Audit report provides insights about internal audit budgets, staff, audit plans, risks, and more. This year’s report also features all-new data about audit frequency for key risk areas. Internal audit leaders can use this benchmarking report year-round as they plan and manage their internal audit activities. Learn about how internal audit functions are faring and continuing to evolve in key areas: Around 7 in 10 Pulse respondents say they audit high-risk areas such as cybersecurity and IT annually or continuously. Respondents reported that some areas are audited regularly, but not every year, particularly third-party relationships, ERM, and governance and culture. More than 8 in 10 respondents integrate fraud and IT considerations in audits generally. What’s more between 61% and 66% integrate cybersecurity, governance and culture, and third-part relationships into audits generally. The data reflect how audit leaders are effectively addressing critical risk areas even when they cannot dedicate a significant percentage of audit plans to them. On the staffing side, the post-COVID 19 recovery is showing steady improvements and appears to be on track to match the three-year recovery after the 2008 global financial crisis. The IIA produces the Pulse of Internal Audit report to provide internal audit leaders with a benchmarking tool that they can reference throughout the year as they plan and manage their internal audit functions. The Pulse report is designed to share with peers, audit committees, and executive management. 

Fraud is a serious and pervasive risk for organizations. The consequences can range from disruptive to dire, including financial losses; inefficiencies that damage operations, revenues, or profits; the cancellation of projects; and potentially the failure of the organization. This Global Knowledge Brief, the second in a three-part series on fraud, examines the benefits of building a symbiotic relationship between internal auditors and Certified Fraud Examiners in the battle to detect and deter fraud. You can find part 1 here. You can find part 3 here. This is for members only. To access it and other valuable resources, become a member today.

This guidance fills a gap in the GTAG series by covering objectives, risks, and controls related to an organization’s communications ecosystem. By offering references to controls in widely used frameworks, this GTAG can improve an internal auditor’s familiarity with and use of such tools in their work. “Auditing Network and Communications Management” offers a broad set of related processes that internal auditors should consider when auditing controls over an organization’s communications ecosystem. This is for members only. To access it and other valuable resources, become a member today.

The future demands internal audit services that are timely, relevant, and impactful. This requires standards that are insightful, prescient, clear and direct. To meet that demand, The IIA will release a public comment draft that dramatically changes how the Standards and other elements of the IPPF are presented and explained.  This SPECIAL EDITION of Global Perspectives & Insights provides an overview of the proposed new Global Internal Audit Standards, background on how they were developed, and considerations for how the updated Standards can be applied. It also examines how conformance to the updated Standards will help future generations of internal auditors meet and exceed the demands of our stakeholders and add value to their organizations.

Data Analytics, Parts 1-3 This Global Perspectives & Insights combines three Global Knowledge Briefs that explore the growing use of data analytics in modern business and where internal audit fits in. With proper understanding of the organization's data needs and strategies, internal audit can present a data analytics audit plan that is detailed, clear, and illustrates to the board a tangible return on investment. The three briefs are: PART 1: Literacy, Governance, and Management PART 2: Gathering, Analyzing, and Visualizing Data PART 3: Developing a Resilient Data Analytics Strategy

Fraud in the Cryptosphere The world fixated on the sheer spectacle of the FTX scandal in early 2023, but the event also raised greater questions regarding digital assets. With parallels the Tornado Cash and Bitzlato debacles, FTX’s collapse and the subsequent impact on the industry it represented has led many to question the long-term viability of crypto assets. Part I of this three-part series on fraud examines common fraud schemes seen in the early stages of a crypto-asset world. You can find part 2 here. You can find part 3 here.

During the last years supply chains have faced many challenges, including the corona pandemic, the war in Ukraine and a move to more sustainable business models. The Committee of Professional Practices conducted research on the role of internal auditors in supply chain risks. Overall this research shows a great diversity in how internal audit departments deal with supply chains risks. Throughout the diverse range of companies and topics studied, few communalities were found. Despite that supply chain is identified as a top risk for organizations in 2023 by CAE's, 30% of respondents indicate not being involved with supply chain risks in any way. These 30% consists of IAFs of different sizes (from 0-5 tot 50+ FTE) and different industries (Construction, Finance and non-profit). A surprising finding given the attention the topic of supply chain receives in this day and age. It might explain why the internal audit literature contains few research and guidance on the topic. IAF's that do work on supply chain take different approaches and scopes tailored to the organization, taking into account different topics. Often these include the topics identified in the literature study underlying this survey. Additionally a diverse range of other topics are taken into account, including security and outsourcing. Another example of the diversity between IAFs found in this study. Future research could be performed on the diversity of subjects, and on providing a common analytical framework for operationalizing audits on supply chain management.  Surprisingly, ESG related supply chain topics such as climate impact are not included by most IAFs. Only three IAFs indicate to include ESG topics in supply chain audits. With upcoming sustainability regulations (and broader societal developments) Internal Auditors have an opportunity to be a driver for ESG related supply chain topics in their organizations. A good chance to be a business partner preparing and navigating the organization through uncertain times!

Part 3, Developing a Resilient Data Analytics Strategy Due to a complex global business and political environment, as well as stakeholder expectations, business leaders are increasingly focusing attention on data analytics to montior risk and drive strategic decisions. Internal audit already adds value by offering perspective and insights that can help organizations develop forward-looking strategies. An appropriate and resilient data strategy can support and augment that effort. This Global Knowledge Brief examines how chief audit executives (CAEs) and their teams can craft data analytics strategies that enhance internal audit capabilities, determine what technologies best suit their needs, and enhance assurance on key areas of data protection, regulatory compliance, and effective overall data governance.  This is for members only. To access it and other valuable resources, become a member today. You can find part 1 here. You can find part 2 here.  

This paper, prepared by ecoDa on behalf of Governing Bodies, FERMA representing European Risk Managers and ECIIA representing Internal Auditors, focuses on good governance. Governance models such as the Three Lines foster cooperation among all functions and operations within a company, so that sustainability can be truly embedded in business operations and strategic sustainability-related objectives can be achieved. Risk Management (Second Line) and Internal Audit (Third Line) are key forces to support the Board and Senior Management as essential parts of the Three Lines model, and more broadly. It shows why Directors, Risk Managers and Internal Auditors should act now so their companies can fulfill their sustainability responsibilities and expectations. Embracing the European sustainability challenge will require a comprehensive understanding of the organisation, its strategy, business model and value chain; and the impacts, risks and opportunities that it faces. Cooperation between functions is more important than ever, particularly on ESG as it is a truly transversal topic. ESG embedding: are you ready? Press-release

Part 2: Gathering, Understanding, and Visualizing Data ?As organizations increase their reliance on data to enhance products and services, internal auditors are positioned to leverage this ever-growing resource. Data analytics, robotic process automation (RPA), artificial intelligence (AI), and other tools provide practitioners accessible and valuable avenues to improve efficiency and effectiveness in assurance services and increase internal audit's value to the organization. Areas where data analytics can improve internal audit services include performance reporting, fraud prevention and detection, continuous monitoring, and risk assessment. This Global Knowledge Brief, the second of three that focus on data analytics, explores data in its various forms, data gathering techniques, the importance of data validation, data analysis, and keys to effective storytelling with data.   You can find part 1 here. You can find part 3 here.