Global Perspectives and Insights: Emerging Trends – Powered by the Global Pulse of Internal Audit
The latest issue cites data from a recent global survey of practitioners explores two emerging issues – auditing culture and keeping up with technology (cybersecurity and big data). The report also explores how internal audit can, and arguably must, rise to the level of trusted adviser. Download your copy
IAF, PWC Report: Audit Committees Must Focus on Culture
Audit committees should aggressively assess corporate culture to detect and deter unethical behavior in their organizations, according to a new paper released by the Internal Audit Foundation and PwC US. The report, "Banking on Change: How to Respond to New Expectations for Audit Committees" examines the challenges that audit committees in the banking and capital markets (BCM) sector face in overseeing growing threats to their organizations, including the critical role culture plays in preventing unethical and fraudulent behavior. Download the report.
Internal Audit as Trusted Cyber Adviser
Internal Audit as Trusted Cyber Adviser is the latest release in The IIA’s Global Perspectives and Insights series. Explore how a team effort, support from the top, and enhanced cybersecurity knowledge can position internal audit as the trusted adviser. Download your copy
Voice of the Customer: Stakeholders’ Messages for Internal Audit
This report focuses on the recommendations from stakeholders on the best practices internal auditors should consider in their quest to continually improve performance and bring value to their organizations.
Download your FREE copy of Voice of the Customer: Stakeholders’ Messages for Internal Audit
Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference
This report offers insights on the expectations boards of directors and audit committee members have of internal auditors.
Download FREE copy of Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference.
New Cybersecurity GTAG Released
The IIA’s newest Global Technology Audit Guide: Assessing Cybersecurity Risk: Roles of the Three Lines of Defense offers guidance to internal auditors on how to update their approach to provide assurance over cybersecurity risks. It also empowers CAEs to put forth a clear audit approach to assess cybersecurity risk and management’s response capabilities, with a focus on shortening response time.
IIA Launches New Specialty Center for EHS Auditors
The IIA has launched a new specialty center designed to meet the needs of professionals in one of the fastest-growing audit areas. The Environmental, Health & Safety Audit Center taps into the increasingly important role EHS auditors play in corporate governance as their scope of work expands beyond regulatory compliance to encompass risk mitigation, sustainability and other areas.
For more information, read the news release and visit the Center’s website.
New Global Perspectives and Insights Focuses on Auditing Culture
High-profile business scandals across the globe in 2015, from alleged corruption within FIFA to Volkswagen’s much reported emission’s scheme, have put a spotlight on how wayward corporate cultures can contribute to tangible negative outcomes. The new issue of Global Perspectives and Insights, Auditing Culture — A Hard Look at the Soft Stuff, makes the case that internal audit can enhance its value to an organization by auditing culture and provides a comprehensive look how it can be accomplished.
2016 North American Pulse of Internal Audit Released
The evolution of risk in the marketplace has become as rapid as it is complex, with diverse factors coalescing in varied ways to create new business challenges. As a result, the demands on internal audit are evolving dramatically.
The 2016 North American Pulse of Internal Audit raises serious questions about how practitioners are coping with these new demands. Based on data collected in the annual survey of CAEs and directors, the Pulse focuses on four areas — cybersecurity, data analytics, auditing culture, and developing soft skills —where practitioners must branch out and urges practitioners to step out of their comfort zones.
Download the Pulse.
Practice Guide: Internal Audit and the Second Line of Defense
Many organizations are restructuring responsibilities, ensuring governance and monitoring functions collaborate more closely to avoid duplication. With this change comes an additional weight for the chief audit executive; they may be asked to assume responsibilities for risk management, compliance, and other governance functions. Navigating through this process can be challenging; as a result, this guidance was developed to assist practitioners in making effective decisions regarding roles and responsibilities to assume related governance of risk management and controls. Learn more and download.
Who Owns Risk? A Look at Internal Audit’s Changing Role
Who owns risk? The literal answer is “not internal audit.” However, there is no question that internal audit has helped organizations better understand and manage risk in the past and will undoubtedly play a valuable role in the future.
This report provides insights into the status of risk management and the role of internal audit around the world and lays out 13 key actions that can help chief audit executives (CAEs) and internal auditors ensure that their internal audit function is properly positioned to address risk challenges in an ever-changing world.
||Responding to Fraud Risk: Exploring Where Internal Auditing Stands|
Recent high profile cases of fraud have captured media attention and the scrutiny of regulators worldwide. This report offers current global analysis of the importance of fraud risk to internal audit and stakeholders.
||Combined Assurance: One Language, One Voice, One View|
In increasingly complex organizations, where more and more players are involved in providing different measures of assurance, how can we prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue”? This report assists internal audit functions and their organizations to embark on the combined assurance journey. Internal audit has a key role to play in both the implementation and the coordination of activities as well as ongoing improvement.
||Internal Audit Must Adapt to Tech Risks|
A new report from the Internal Audit Foundation, Staying a Step Ahead, Internal Audit’s Use of Technology, reflects how internal audit is embracing technology. Based on data from the 2015 Common Body of Knowledge Practitioners Survey, the report provides insight for where the profession needs to go to help organizations keep up with ever-evolving technology and the risks it creates.
||Navigating Top 10 Technology Risks|
A new report from the Internal Audit Foundation ranks the biggest tech risks and outlines internal audit’s role in managing them. The authors of Navigating Technology’s Top 10 Risks developed the ranking based on data from the CBOK 2015 Global Internal Audit Practitioners survey as well as interviews with chief audit executives (CAEs) from around the world.
||IIA–South Africa: Corporate Governance Index – An Internal Audit Perspective|
IIA–South Africa has released the third edition of its Corporate Governance Index – An Internal Audit Perspective, a result of a survey completed by Chief Audit Executives (CAEs). It details the current state of corporate governance in South African organizations as perceived by its CAEs.
||Kendallville Bank Case Study from the Anti-Fraud Collaboration|
The latest installment from the Anti-Fraud Collaboration case study series offers insights to help build awareness of financial fraud deterrence and detection.
||Leveraging COSO Across the Three Lines of Defense|
In Leveraging COSO Across the Three Lines of Defense, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.
||Driving Success in a Changing World: 10 Imperatives for Internal Audit |
Driving Success in a Changing World: 10 Imperatives for Internal Audit, developed from data gleaned from The IIA’s Global Internal Audit Common Body of Knowledge (CBOK) practitioners’ survey, offers direction to help internal audit professionals expand their skills and add value to their organizations.
||IIA Introduces Updated Guidance Framework |
The IIA has unveiled enhancements to its International Professional Practices Framework (IPPF)®. Among the most significant enhancements to the IPPF are the introduction of a Mission of Internal Audit and articulation of 10 Core Principles for the Professional Practice of Internal Auditing.
||2015 Global Pulse of Internal Audit|
The IIA’s 2015 Global Pulse of Internal Audit: Embracing Opportunities in a Dynamic Environment urges a broader, more flexible approach to risk.
|IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs|
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.
||2015 North American Pulse of Internal Audit|
The 2015 North American Pulse of Internal Audit showed that CAEs consider emerging risks to be one of their greatest challenges, but it also found that only a third of respondents have a high degree of confidence in their ability to identify such concerns.
|IIA Letter on Audit Committees Published in Wall Street Journal|
The Wall Street Journal published a Letter to the Editor from IIA President and CEO Richard Chambers Feb. 12 about audit committee members being open to expanding their roles.
||Tone at the Top: Cybersecurity: They’re In. Now What?|
Read the November/December 2014 issue of Tone at the Top and learn how organizations can approach cybersecurity breaches.
|Combining Internal Audit and Second Line of Defense Functions? Read this white paper from IIA–Netherlands.|
IIA–Netherlands published a white paper on the pros and cons of combining internal audit and second line of defense functions. The white paper addresses the key question asked by many boards and committees: Can internal audit work independently and objectively if support is provided on risk management, compliance, and internal controls?
|Internal Audit Coverage of Risks to Achieving Strategic Objectives: IIA Practice Advisory 2120-3.|
The IIA outlines six guidelines in assisting internal audit departments in understanding and providing coverage of risks in organizations achieving their strategic objectives.
Internal Audit Foundation Research Report, in partnership with ISACA: Cybersecurity: What the Board of Directors Needs to Ask.
This report helps directors know how they should react to cybersecurity breaches and what to do, understand that cybersecurity is an enterprisewide issue, not just an IT issue, and know what the IT auditor’s role is in helping the Board of Directors address the issue. The report also outlines the NACD’s five principles for the board, and provides a list of top questions every board needs to ask.
|IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs|
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.
IIA South Africa Report: How to Effectively Review Your Organization’s Risk Management Process
This report’s emphasis is on sharing practical risk management advice needed by internal auditors on providing assurance over the risk management process.
Internal Audit Foundation Research Report: Become a Strategic Auditor: Tying Risk to Strategy
Businesses today are spending more time on strategic issues and seeking more help from those with strategic capabilities. This has created a unique opportunity for internal auditors to help their organizations both manage their risks and achieve their strategic goals.
2014 North American Pulse of the Profession Report
In this annual report, The IIA’s Audit Executive Center shares the results from the 2014 Pulse of the Profession survey and provides insight on current trends and emerging issues relevant to the profession.
2014 Global Pulse of the Profession Report
In this report, The IIA’s Audit Executive Center cross-references the Global Pulse of the Profession survey findings with outcomes from similar global reports issued by KPMG International, PwC, and Protiviti. The result is a robust view of challenges facing the profession along with strategies to overcome those challenges.
IIA Practice Guide: Coordinating Risk Management and Assurance
Implementation guidance on coordinating risk management and assurance activities within the organization.
IIA South Africa Report: Issuing an Assessment in Terms of King III
The King III report requires an objective assessment of the effectiveness of risk management and the internal control framework. This report provides practical guidance to fulfill this requirement.
IIA Practice Guide: Auditing Privacy Risks, 2nd Edition
Implementation guidance on auditing privacy risks.
Internal Audit Foundation Research Report: Contrasting GRC and ERM: Perception and Practices among Internal Auditors
This Internal Audit Foundation research report looks at the perceptions and practices among internal auditors on the difference between GRC and ERM.
IIA UK/Ireland Guidance Booklet: An Approach to Implementing Risk-based Auditing
Report documents why risk-based auditing should be introduced, how it can be implemented, and the advantages of a risk-based approach.
IIA Global Technology Audit Guide (GTAG): Information Technology Risk and Controls, 2nd Edition
Implementation guidance on information technology risk and controls.
IIA South Africa Report: Risk-based Auditing
This report looks at the need in the business world today for effective corporate governance and risk management practices.
IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Control
The IIA’s position on the three lines of defense in effective risk management and control.
IIA Spain Research Report: Definition and Implementation of Risk Appetite
Report evaluates the process of defining and implementing risk appetite and what Boards and management should consider.
October 2013 North American Pulse of the Profession Report
The IIA’s Audit Executive Center looks at the trends and insights emerging from the most recent Pulse of the Profession Survey.
April 2013 Global Pulse of the Profession Report
This global report summarizes feedback from the 1,700 internal auditors around the world who participated in the 2013 Pulse of the Profession Survey.
March 2013 North American Pulse of the Profession Report
In this semiannual report, The IIA’s Audit Executive Center looks at the results from the Pulse of the Profession Survey to provide insight into the state of the profession for 2013.
IIA UK/Ireland 2013 Governance and Risk Report
This 2013 report from IIA UK/Ireland documents the results of an annual survey covering important and emerging governance and risk topics.
IIA Practice Advisory 2200-2: Using a Top-down, Risk-based Approach to Identify the Controls to be Assessed in an Internal Audit Engagement
An interpretation on using a top-down, risk-based approach to identify the controls to be assessed in an internal audit engagement.
IIA Practice Advisory 2120-2: Managing the Risk of the Internal Audit Activity
Interpretation on managing the risk of the internal audit activity.
IIA Practice Advisory 2010-1: Linking the Audit Plan to Risk and Exposures
Interpretation on linking the audit plan to risk and exposures.
Internal Audit Foundation Research Report: Internal Auditing’s Role in Risk Management
Increasing economic pressures are moving organizations to increase the effective of risk mitigation efforts and focus on a more holistic approach to risk management. As a result, the role of internal auditing in risk management is focused on ways to identify and assess the organization’s strategic risk.
IIA Position Paper: The Role of Internal Auditing in Enterprise Risk Management
The IIA’s position on the role of internal audit in enterprise risk management.
IIA Practice Advisory 2010-2: Using the Risk Management Process in Internal Auditing
Interpretation on using the risk management process in internal auditing.
IIA Practice Advisory 2110-2: Governance: Relationship with Risk and Control
Interpretation on the relationship between governance and risks and controls.
IIA Practice Advisory 2210.A1-1: Risk Assessment in Engagement Planning
An interpretation on performing risk assessments during the planning phase of an engagement.