Topical Requirements
Op 9 januari 2024 zijn de nieuwe standaarden (GIAS) gepubliceerd. Aanvullend worden er in het IPPF ook Topical Requirements (TR) opgenomen. Dat zijn richtlijnen voor het auditen van specifieke topics, die grote impact kunnen hebben op de organisatie en door veel IAF’s worden onderzocht. De TR beogen de consistentie en kwaliteit van dergelijke audits te borgen.
Als eerste TR is nu de TR Cybersecurity verschenen; deze zal een jaar na publicatie, op 5 februari 2026 effectief zijn.
Meer informatie over de TR’s in het algemeen en de TR Cybersecurity in het bijzonder kunt u vinden op de website van IIA Global.
Daar kunt u ook de Engelse versies downloaden.
De Nederlandse vertalingen zijn hieronder beschikbaar.
Public Consultation Drafts
Third-Party Topical Requirement
Cybersecurity Topical Requirement
Global Guidance
Alle informatie m.b.t. de Global Guidance is hier te vinden.
This Global Guidance, aligned with the Global Internal Audit StandardsTM, describe an approach for the chief audit executive to align risk assessments and coordinate with other assurance providers. Such coordination includes documenting the level of assurance each one provides over the organization’s risk areas. The guide also describes an approach to assessing the level of reliance that the internal audit function may place on their work.
Two IIA Audit Tools are available to IIA members with this practice guide.
- Assurance Mapping
- Reliance Assessment
The guidance incorporates content from and replaces “Coordination and Reliance: Developing an Assurance Map,” published in 2018; “Coordinating Risk Management and Assurance,” published in 2012; and “Reliance by Internal Audit on Other Assurance Providers, published in 2011, thus superseding those guides.
As a member you can download the rapport here
Stability within the banking sector is crucial to preserving the trust that underpins a well-functioning economy, including during periods of global financial volatility.
This Global Guidance, aligned with the Global Internal Audit StandardsTM, explains capital adequacy and how to plan and perform internal audit engagements to provide assurance on the capital planning and management process as well as associated oversight activities.
This guidance supersedes the previous editions published in 2022 and 2018.
As a member you can download the rapport here
This GTAG, aligned with the Global Internal Audit Standards
TM, helps practitioners gain a better understanding of high-level cybersecurity control objectives, allowing them to maximize the value they provide to organizations and stakeholders during audit engagements.
The guide directs practitioners to widely used control frameworks to help identify components of cybersecurity operations, including contributions to system planning and development, as well as controls to prevent or detect cyber incidents.
As a member you can download the rapport here
Global Technology Audit Guide: Auditing Identity and Access Management, 2nd Edition
Identity and access management controls safeguard the confidentiality and integrity of systems and data by restricting users to only the rights needed to fulfill authorized actions.
This guide, now updated to align with the Global Internal Audit StandardsTM, helps internal auditors understand key terms and how to approach an audit engagement to ensure their organization’s IAM protocols mitigate potential security risks. Internal auditors will be able to provide assurance that controls for managing access to IT resources are well designed and effectively implemented.
As an IIA member, you can download the guide here.
GTAG: Auditing Cyber Incident Response and Recovery,
2nd Edition
Cyberattacks have grown dramatically over time with increasing severity, and cybersecurity risks consistently rank among organizations’ most significant concerns.
This GTAG, updated to align with the Global Internal Audit Standards, covers risks and controls that correspond to the NIST CSF “respond” and “recover” functions and gives an overview of the relevant risks and controls to help an internal audit function plan and scope audit engagements. The guide’s references to external control frameworks can help internal auditors develop insightful testing approaches.
This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide:
Auditing Culture, 2nd Edition
All organizations have a culture, whether intentionally created or not. Likely there are also subcultures within an organization, especially if multiple locations or campuses exist.
This global practice guide will help internal auditors understand risks associated with an organization’s culture, how effective management of those risks supports a successful control environment, and how to approach an assessment of culture, and it’s now aligned with The IIA’s Global Internal Audit StandardsTM.
As an IIA member, you can download the report here.
*This is an update about the new standards.
GTAG: Auditing Mobile Computing, 2nd Edition
Internal auditors must understand common technologies that enable remote work, which has dramatically increased since the COVID-19 pandemic, as well as the risks and consequences that can arise from remote access. Internal auditors should also be equipped to understand standard controls that prevent, detect, or remediate unauthorized access or sharing of information.
This guide, updated to align with The IIA’s Global Internal Audit StandardsTM, explores a range of risks and controls related to a mobile workforce, including specific controls that should be evaluated.
This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide: Auditing Liquidity Risk Management for Banks, 3rd Edition
Liquidity risk management is key to a robust and solvent financial sector. To assure an institution's senior management and board that liquidity risk management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations, as well as The IIA’s Global Internal Audit StandardsTM.
This guidance gives an overview of international standards and best practices of LRM, including the use of an LRM framework.
This guidance supersedes the previous editions published in 2022 and 2017.
As an IIA member, you can download the report here.
Global Practice Guide: Assessing the Risk Management Process, 2nd Edition
Risk management is driven by more than regulations and external forces. All organizations can benefit from implementing a risk management process or improving the effectiveness of their existing processes. The benefits of mature risk management include enhancing the ability to achieve strategic and performance objectives and increasing value to stakeholders.
This second edition guide, updated to align with The IIA’s Global Internal Audit StandardsTM, will help internal auditors develop approaches to review and assess the effectiveness of an organization’s risk management. The guide explores critical aspects of risk management maturity, including risk appetite, culture, governance, and enterprise risk management.
This guidance supersedes the previous edition published in 2019.
As an IIA member, you can download the report here.
Chief Audit Executive’s Domain III Toolkit
In the Global Internal Audit Standards, Domain III: Governing the Internal Audit Function requires a discussion between the chief audit executive, the board, and senior management about not only the CAE’s responsibilities but also conditions of support from the board and senior management. The “Chief Audit Executive’s Guide to Domain III” and accompanying presentations provide CAEs with insights into carrying out the critical dialogue, explaining Domain III’s “essential conditions” to the board and senior management, and achieving the principles and requirements of the Global Internal Audit Standards.
The executive summary below is available for public download. In addition, members can download the “Chief Audit Executives' Guide to Domain III: Governing the Internal Audit Function” and four presentations that facilitate the discussion with the board and senior management about Domain III’s “essential conditions” and the principles and requirements of the Global Internal Audit Standards.
As an IIA member, you can download the files here.
GTAG: Auditing Network and Communications Management
This guidance, updated to align with the Global Internal Audit StandardsTM, fills a gap in the GTAG series by covering objectives, risks, and controls related to an organization’s communications ecosystem. Referencing controls in widely used frameworks, this GTAG can improve an internal auditor’s familiarity with and use of such tools in their work.
“Auditing Network and Communications Management, 2nd Edition” offers a broad set of related processes that internal auditors should consider when auditing controls over an organization’s communications ecosystem.
This guidance supersedes the original edition published in January 2023.
As an IIA member, you can download the guidance here.
Global Practice Guide: Building an Effective Internal Audit Function in the Public Sector, 2nd Edition
Updated to align with the new Global Internal Audit Standards
TM, this guide is intended to serve as a practical, step-by-step approach for CAEs. It summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit function in the public sector.
As an IIA member, you can download the report here.
Global Guidance, Supplemental Guidance of Aanvullende richtlijnen genoemd binnen de huidige Global Internal Audit StandardsTM, omvat Global Practice Guides en Global Technology Audit Guides® (GTAGs®). Deze zullen worden aangepast aan de nieuwe GIAS. De huidige guidance kunt u vinden via deze link.
De nieuwe Global Guidance over ''internal auditing en fraude'' is aangepast aan de nieuwe standaarden en heeft een update gekregen.
Het aanpakken van frauderisico's is een gedeelde verantwoordelijkheid voor iedereen, die begint bij de top en zich uitstrekt over de hele organisatie. Het beperken van het frauderisico kan gevolgen hebben voor het verlies van activa, verminderde efficiëntie, het niet naleven van wet- en regelgeving en een verminderde reputatie.
Het doel van deze Global Guidance, die is bijgewerkt om aan te sluiten bij de Global Internal Audit StandardsTM van het IIA, is om de interne auditor meer bewust te maken van frauderisico's, inclusief de rol die de interne auditfunctie kan spelen, en om richtlijnen te geven voor het uitvoeren van een frauderisicobeoordeling op organisatieniveau.
Als IIA lid kunt u het volledige rapport hier downloaden.
Het Standards Knowledge Center is ontwikkeld om interne auditors te helpen bij het begrijpen en implementeren van de Global Internal Audit Standards. U kunt kiezen uit tools, webinars, cursussen, video's, podcasts en meer. U vindt hier ook hulpmiddelen met betrekking tot thematische vereisten en wereldwijde richtlijnen. Bekijk de mogelijkheden via deze link. Graag lichten we hieronder een aantal dingen voor u uit:
.png)
%20.png)
.png)
