Vaktechnische Publicaties

Literacy, Governance, and Management Today, data analytics — the formal term for examining data sets to find trends and draw conclusions — is a key component of virtually all business strategies impacting all levels, from executive management decisions down to frontline workers. This means it must be a fundamental part of the internal audit universe as well, both as a tool and as a focus (directly or indirectly) of audits. In this Global Knowledge Brief, the first in a three-part series on data analytics, we provide an overview of the forms data takes in today's business landscape, as well as how this data must be accounted for in an effective data governance and management strategy. Without a foundational understanding of these topics, internal audit will find providing independent assurance over this critical area next to impossible.  You can find part 2 here. You can find part 3 here.  

Applying Key Governance Tools and Frameworks Organizations of all sizes and from all sectors are experiencing growing pressure to demonstrate how they manage sustainability risks and opportunities and report them publicly.  The focus of this paper is to show how integrated thinking and reporting, effective internal control, enterprise risk management (ERM), and independent assurance provided by internal audit functions align to help organizations achieve their objectives and meet stakeholder expectations. It is critical to long-term value creation to apply ERM broadly, including to environmental, social, and governance (ESG)-related risks, to understand their impacts and interdependencies throughout the value creation process, and to embrace the value of independent assurance. The paper's objectives are to: Increase understanding and awareness of integrated thinking and reporting. Demonstrate parallels among the COSO frameworks (Internal Control and ERM), The Institute of Internal Auditors' (IIA's) Three Lines Model, and the International Integrated Reporting Framework, in terms of: Informing the content, preparation, and presentation of an integrated report. Reinforcing the role internal audit plays in ensuring the integrity of information underpinning integrated thinking and reporting by providing independent assurance over that information. Helping organizations embed integrated thinking into their approach to ERM.

This release shows the alignment of governance structures in the public sector to The IIA’s Three Lines Model. This paper, created in collaboration with INTOSAI, applies the principles of the model to the public sector, with specific emphasis on the role of internal audit activities, supreme audit institutions, and other external audit providers. Additionally, IIA members may access the Global Knowledge Brief, The IIA's Three Lines Model: An update of the Three Lines of Defense, for further information. 

In deze Internal Audit Monitor 2021 schetsen we opnieuw de belangrijkste ontwikkelingen van IAF’s bij in Nederland beursgenoteerde vennootschappen. We staan, evenals afgelopen jaren, stil bij de ontwikkeling in het aantal en de verschillende verschijningsvormen (intern, uitbesteed, gecombineerd) van internal audit functies over de boekjaren 2016 – 2020.

Organisaties moeten zich razendsnel en frequent aanpassen aan drastisch veranderde omstandigheden waarin zich nieuwe risico’s manifesteren en nieuwe kansen voordoen. Traditionele benaderingen volstaan niet meer; de nieuwe werkelijkheid vereist een nieuwe kijk op die werkelijkheid. Internal auditors spelen hierin volop mee en zijn meer dan ooit een waardevolle bron van informatie, een zintuig zo u wilt, voor het bestuur van de onderneming en hun toezichthouders. Zij moeten antwoord kunnen en durven geven op die ene vraag: is onze organisatie in staat te floreren in deze turbulente wereld? En ook zij zullen zichzelf steeds opnieuw moeten uitvinden, de ontwikkelingen een stap voor moeten blijven. De bijdragen in dit themanummer beslaan twee invalshoeken. Enerzijds nieuwe blikken vanuit andere, misschien verrassende disciplines. Anderzijds ontwikkelingen binnen en buiten onze organisaties, en de nieuwe blikken die internal auditors daarop moeten werpen om hun rol goed te kunnen blijven spelen. De rode draad in deze bijdragen blijkt die allesbepalende factor, de oorzaak van veel problemen en ook de sleutel tot succes: wijzelf, onze waarden, ons gedrag. Wie goed leest, ziet in dit eerst schijnbaar gefragmenteerde geheel vanzelf een samenhang ontstaan: verandering en vernieuwing door diversiteit en een open mind.  

Liquidity is key to a robust and solvent financial sector. Supervisory principles hold boards accountable for an organization's liquidity adequacy assessment and advocate a relevant and active internal audit role in assessing an organization's liquidity risk management (LRM) process. To assure an institution's senior management and board that liquidity management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations. This guidance, updated from the 2017 edition, gives an overview of international standards and best practices of LRM, including the use of an LRM framework. This is for members only. To access it and other valuable resources, become a member today. Nonmembers may purchase ($ 25,-) the practice guide, “Auditing Liquidity Risk Management for Banks, 2nd Edition."

Every year, the European Institutes for Internal Auditors work together to identify the most important risks for the coming calendar year. The results are intended as a tool for drawing up the audit plans for 2023 and give the governing bodies a good idea of what challenges they can expect in the coming year. Key findings Risk in Focus research The war in Ukraine has taken many organizations by surprise. Macroeconomic and geopolitical risk rose to third place this year (compared to seventh place in 2022). Due to the war and the pandemic, this theme has been given a lot of weight. For example, due to the pandemic, hybrid working has become more and more common, with consequences for Cyber ??security and data security and the war in Ukraine has made it clear that companies in a supply chain are increasingly at risk. In addition, companies run compliance risks in connection with the sanctions against Russia. Cyber security and data security retains the number one position of greatest risk. 82% of respondents consider it a top five risk. It is the area where internal auditors say they spend the most time. An example of why Cyber security and data security is number one is ransomware attacks. These have increased by 80%, as you can read in the report. Human capital, diversity and talent management rose to second place. This has to do with various aspects that now play a role in society. Think of scarcity on the labor market, diversity and inclusion. Climate change and environmental sustainability is becoming an increasingly important theme and has again risen in the top five risks. 37% of internal auditors named this theme a top five risk compared to 31% in 2021. Respondents themselves expect the risk to rise to third place in 2026. The risk of digital disruption and new technology has fallen from second to fifth place. It is expected that the importance of this will increase again in three years' time. During the pandemic, digitization efforts have moved to third place. The structure of the Risk in Focus 2023 report differs from previous years. Rather than a similar description of all top ten risks, the report focuses on those areas that are now of greatest importance to internal audit and its stakeholders. A Board Briefing is also available this year.    

Grootschalige complexe risico's zetten organisaties onder ongekende druk. De hoop was dat 2022 een geleidelijke terugkeer naar de normaliteit zou laten zien, maar het conflict in Oekranie heeft die veronderstelling op zijn kop gezet. Sinds februari 2022 zijn de prijzen explosief gestegen en is de onzekerheid sterk toegenomen. De wereld lijkt af te stevenen op een recessie, hoge consumentenschulden, historisch hoge rentetarieven en voedseltekorten met de verdere politieke onrust die die trends met zich mee kunnen brengen. Belangrijke bevindingen onderzoek Risk in Focus De oorlog in Oekraïne heeft veel organisaties verrast. Macroeconomic and geopolitical risk steeg dit jaar naar de derde plaats (ten opzichte van de zevende plek in 2022). Door de oorlog en de pandemie heeft dit thema veel gewicht gekregen. Door de pandemie is bijvoorbeeld hybride werken steeds normaler geworden, met gevolgen voor Cyber security and data security en heeft de oorlog in Oekraïne duidelijk gemaakt dat bedrijven in een supply chain steeds meer risico lopen. Daarnaast lopen bedrijven in verband met de sancties tegen Rusland compliance risico’s.  Cyber security and data security behoudt de nummer één positie van grootste risico. 82% van de respondenten vindt het een top vijf risico. Het is het gebied waar internal auditors naar eigen zeggen de meeste tijd aan besteden. Een voorbeeld waarom Cyber security and data security op de nummer één positie staat is ransomware-aanvallen. Deze zijn met 80% toegenomen, zoals u in het rapport kunt lezen. Human capital, diversity and talent management steeg naar de tweede plaats. Dit heeft te maken met diverse aspecten die nu in de maatschappij spelen. Denk hierbij aan schaarste op de arbeidsmarkt, diversiteit en inclusie.  Climate change and environmental sustainability wordt een steeds belangrijker thema en is wederom gestegen in de top vijf risico’s. 37% van de internal auditors noemde dit thema een top vijf risico vergeleken met 31% in 2021. Respondenten verwachten zelf dat het risico naar de derde plek zal stijgen in 2026. Het risico digital disruption and new technology is gedaald van de tweede naar de vijfde plaats. Verwacht wordt dat het belang hiervan over drie jaar weer toeneemt. Tijdens de pandemie zijn de digitaliseringsinspanningen naar de derde plaats gegaan.  De opzet van het Risk in Focus rapport wijkt af van voorgaande jaren. In plaats van een soortgelijke beschrijving van alle top tien-risico's, gaat het rapport dieper in op die gebieden die nu van het grootste belang zijn voor internal audit en haar stakeholders. Er is dit jaar ook een Board Briefing beschikbaar.     

In 2022, a ‘perfect storm’ of high-impact, interlocking risks threw many businesses into a permanent state of crisis. Following an ongoing pandemic, the war in Ukraine intensified supply chain failures, fuelled inflation and energy price increases. Boards must rapidly adapt to the new reality of heightened geopolitical instability, climate-related natural disasters, looming recession, an accelerating cost of living catastrophe in Europe, food shortages, employee welfare and skills deficits, and a rapidly industrialising cyberattack landscape. This briefing summarises insights from the latest edition of our annual report, Risk in Focus 2023, which this year is a collaborative project between ten institutes of internal auditors from across Europe. The complete report Risk in Focus 2023 can be found as well on the IIA website.  

Internal Audit in a Post-COVID World Part 3: Redefining the Resilient Organization This Global Knowledge Brief, the last in a series of three that examine risks in a post-COVID 19 environment, offers a careful review of lessons learned that may help internal auditors prepare for the next major disruption. Looking closely at three broad areas of consideration, in particular, yields practical insight: What are the attributes of a resilient organization? How can internal auditors help lead their organizations toward greater resilience? How can internal audit increase the resilience of the audit function itself? With the benefit of actionable steps distilled from each of these areas, auditors can better equip themselves to help address potential challenges. Understanding how to enhance resilience is essential as organizations confront large-scale disruptions that seem to occur at an increasing cadence. You can find part 1 here. You can find part 2 here.

Cybersecurity in 2022, Parts 1-3 This collection of Global Knowledge Briefs provides information and analysis on changes to the evolving cybersecurity landscape in 2022. Collectively, it provides practical information to help internal auditors: Anticipate and prepare for new cyber reporting regulations, Strengthen key relationships within the organization to boost ybersecurity effectiveness, and Respond to and recover from cyber incidents.  PART 1: How the new SEC proposals could change the game PART 2: Critical Partners — Internal Audit and the CISO PART 3: Cyber Incident Response and Recovery

Internal Audit in a Post-COVID World Part 2: Supply Chain While the global supply chain has yet to recover fully from the pandemic, the internal audit community now has enough available hindsight to analyze what went right in the responses to the global supply chain crisis, what went wrong, and what actions organizations can take to help address any vulnerabilities the pandemic exposed.  You can find part 1 here. You can find part 3 here. 

Internal Audit in a Post-COVID World Part 1: Talent Management This Global Knowledge Brief  looks at talent management in a post-COVID environment. What emerges is a picture of employers struggling to define a new equilibrium that embraces work-life flexibility to attract and retain top talent while maintaining productivity, resilience, and innovation in a rapidly changing world. This will invariably impact internal auditors, both in maintaining effective internal audit functions and delivering high-quality assurance and advisory services over this evolving risk area. You can find part 2 here. You can find part 3 here.

The Internal Audit Foundation and The IIA conducted a global survey to inform the new report, Internal Audit: A Global View, to gain a clearer perspective of our profession and its professionals. The report captures the breadth and depth of internal auditing and the nuances of industries, sectors, and regions with feedback from more than 3,600 auditors in 159 locations. The results reveal regional differences within a vibrant and diverse profession that’s not only broadly involved in traditional activities like compliance, risk, and fraud but also adding value for stakeholders through governance, sustainability, and IT/cybersecurity engagements. The report examines how internal audit functions are positioned differently within entities, explores how a function’s reporting line correlates with its funding and dives deeper into other regional differences. Within the report are 12 action items outlining opportunities for improvement and continued growth.  

Hoe ziet de toekomst eruit voor het internal auditberoep? In de jaarlijkse ‘Internal Auditing around the World’ publicatie van Protiviti delen tal van leiders binnen het vak hun visie over de belangrijkste trends en ontwikkelingen. Het is alweer de achttiende keer dat Protiviti (een adviesbureau gespecialiseerd in onder meer risk, governance, finance en compliance) zijn jaarlijkse publicatie uitbrengt. Centrale onderzoeksvraag: hoe kan internal audit zich doorontwikkelen en blijven inspelen op de veranderende behoeftes binnen- en buiten de organisatie. Na gesprekken te hebben gevoerd met tien leiders in audit en internal audit, komen de onderzoekers tot een heldere conclusie: internal audit heeft een “belangrijke rol” gespeeld bij het helpen van organisaties tijdens de coronacrisis en bij het beperken van de financiële en operationele risico’s.