Topical Requirements
Op 9 januari 2024 zijn de nieuwe standaarden (GIAS) gepubliceerd. Aanvullend zullen er in het IPPF ook Topical Requirements (TR) worden opgenomen. Dat zijn richtlijnen voor het auditen van specifieke topics, die grote impact kunnen hebben op de organisatie en door veel IAF’s worden onderzocht. De TR beogen de consistentie en kwaliteit van dergelijke audits te borgen.
Als eerste TR is nu de TR Cybersecurity in draft verschenen en open gesteld voor consultatie.
Net als voor de GIAS nodigt het IIA het publiek uit om commentaar te leveren op dit concept, gedurende een periode van 90 dagen die loopt tot 3 juli 2024.
Meer informatie over de TR Cybersecurity kunt u vinden op Public Comment Period Now Open (theiia.org). Wij nodigen u uit deel te nemen aan de survey om uw opmerkingen te delen.
Deel deze informatie ook gerust met andere interne auditors en belanghebbenden. Ook als IIA Nederland zullen wij op deze draft reageren. Zodra deze reactie gereed is, zal deze worden geplaatst op de website van IIA Nederland, zodat u hier kennis van kan nemen en indien gewenst nog aanvullend kan reageren.
Global Guidance
Alle informatie m.b.t. de Global Guidance is hier te vinden.
GTAG: Auditing Cyber Incident Response and Recovery,
2nd Edition
Cyberattacks have grown dramatically over time with increasing severity, and cybersecurity risks consistently rank among organizations’ most significant concerns.
This GTAG, updated to align with the Global Internal Audit Standards, covers risks and controls that correspond to the NIST CSF “respond” and “recover” functions and gives an overview of the relevant risks and controls to help an internal audit function plan and scope audit engagements. The guide’s references to external control frameworks can help internal auditors develop insightful testing approaches.
This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide:
Auditing Culture, 2nd Edition
All organizations have a culture, whether intentionally created or not. Likely there are also subcultures within an organization, especially if multiple locations or campuses exist.
This global practice guide will help internal auditors understand risks associated with an organization’s culture, how effective management of those risks supports a successful control environment, and how to approach an assessment of culture, and it’s now aligned with The IIA’s Global Internal Audit StandardsTM.
As an IIA member, you can download the report here.
*This is an update about the new standards.
GTAG: Auditing Mobile Computing, 2nd Edition
Internal auditors must understand common technologies that enable remote work, which has dramatically increased since the COVID-19 pandemic, as well as the risks and consequences that can arise from remote access. Internal auditors should also be equipped to understand standard controls that prevent, detect, or remediate unauthorized access or sharing of information.
This guide, updated to align with The IIA’s Global Internal Audit StandardsTM, explores a range of risks and controls related to a mobile workforce, including specific controls that should be evaluated.
This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide: Auditing Liquidity Risk Management for Banks, 3rd Edition
Liquidity risk management is key to a robust and solvent financial sector. To assure an institution's senior management and board that liquidity risk management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations, as well as The IIA’s Global Internal Audit StandardsTM.
This guidance gives an overview of international standards and best practices of LRM, including the use of an LRM framework.
This guidance supersedes the previous editions published in 2022 and 2017.
As an IIA member, you can download the report here.
Global Practice Guide: Assessing the Risk Management Process, 2nd Edition
Risk management is driven by more than regulations and external forces. All organizations can benefit from implementing a risk management process or improving the effectiveness of their existing processes. The benefits of mature risk management include enhancing the ability to achieve strategic and performance objectives and increasing value to stakeholders.
This second edition guide, updated to align with The IIA’s Global Internal Audit StandardsTM, will help internal auditors develop approaches to review and assess the effectiveness of an organization’s risk management. The guide explores critical aspects of risk management maturity, including risk appetite, culture, governance, and enterprise risk management.
This guidance supersedes the previous edition published in 2019.
As an IIA member, you can download the report here.
Chief Audit Executive’s Domain III Toolkit
In the Global Internal Audit Standards, Domain III: Governing the Internal Audit Function requires a discussion between the chief audit executive, the board, and senior management about not only the CAE’s responsibilities but also conditions of support from the board and senior management. The “Chief Audit Executive’s Guide to Domain III” and accompanying presentations provide CAEs with insights into carrying out the critical dialogue, explaining Domain III’s “essential conditions” to the board and senior management, and achieving the principles and requirements of the Global Internal Audit Standards.
The executive summary below is available for public download. In addition, members can download the “Chief Audit Executives' Guide to Domain III: Governing the Internal Audit Function” and four presentations that facilitate the discussion with the board and senior management about Domain III’s “essential conditions” and the principles and requirements of the Global Internal Audit Standards.
As an IIA member, you can download the files here.
GTAG: Auditing Network and Communications Management
This guidance, updated to align with the Global Internal Audit StandardsTM, fills a gap in the GTAG series by covering objectives, risks, and controls related to an organization’s communications ecosystem. Referencing controls in widely used frameworks, this GTAG can improve an internal auditor’s familiarity with and use of such tools in their work.
“Auditing Network and Communications Management, 2nd Edition” offers a broad set of related processes that internal auditors should consider when auditing controls over an organization’s communications ecosystem.
This guidance supersedes the original edition published in January 2023.
As an IIA member, you can download the guidance here.
Global Practice Guide: Building an Effective Internal Audit Function in the Public Sector, 2nd Edition
Updated to align with the new Global Internal Audit Standards
TM, this guide is intended to serve as a practical, step-by-step approach for CAEs. It summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit function in the public sector.
As an IIA member, you can download the report here.
Global Guidance, Supplemental Guidance of Aanvullende richtlijnen genoemd binnen de huidige Global Internal Audit StandardsTM, omvat Global Practice Guides en Global Technology Audit Guides® (GTAGs®). Deze zullen worden aangepast aan de nieuwe GIAS. De huidige guidance kunt u vinden via deze link.
De nieuwe Global Guidance over ''internal auditing en fraude'' is aangepast aan de nieuwe standaarden en heeft een update gekregen.
Het aanpakken van frauderisico's is een gedeelde verantwoordelijkheid voor iedereen, die begint bij de top en zich uitstrekt over de hele organisatie. Het beperken van het frauderisico kan gevolgen hebben voor het verlies van activa, verminderde efficiëntie, het niet naleven van wet- en regelgeving en een verminderde reputatie.
Het doel van deze Global Guidance, die is bijgewerkt om aan te sluiten bij de Global Internal Audit StandardsTM van het IIA, is om de interne auditor meer bewust te maken van frauderisico's, inclusief de rol die de interne auditfunctie kan spelen, en om richtlijnen te geven voor het uitvoeren van een frauderisicobeoordeling op organisatieniveau.
Als IIA lid kunt u het volledige rapport hier downloaden.
Het Standards Knowledge Center is ontwikkeld om interne auditors te helpen bij het begrijpen en implementeren van de Global Internal Audit Standards. U kunt kiezen uit tools, webinars, cursussen, video's, podcasts en meer. U vindt hier ook hulpmiddelen met betrekking tot thematische vereisten en wereldwijde richtlijnen. Bekijk de mogelijkheden via deze link. Graag lichten we hieronder een aantal dingen voor u uit: