Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorStandards and GuidanceBreadcrumb SeparatorTopics and ResourcesBreadcrumb SeparatorRisk Publications and Guidance

The IIA Risk Resource Exchange

Risk Publications and Guidance

Today’s business environment is characterized by mounting pressures for stronger, more effective risk management. There is a sharp focus on risk oversight, considered by many observers to be the top governance issue facing corporate boards in this continuously evolving world. Audit committees are pushing for holistic risk management, stepped-up risk mitigation, and enterprisewide risk assessments. The IIA has developed the Risk Resource Exchange: a comprehensive resource for professionals around the globe on risk guidance, publications, training, events, and more.

Emerging Trends – Powered by the Global Pulse of Internal Audit

Global Perspectives and Insights: Emerging Trends – Powered by the Global Pulse of Internal Audit

The latest issue cites data from a recent global survey of practitioners explores two emerging issues – auditing culture and keeping up with technology (cybersecurity and big data). The report also explores how internal audit can, and arguably must, rise to the level of trusted adviser. Download your copy


IAF, PWC Report: Audit Committees Must Focus on Culture

IAF, PWC Report: Audit Committees Must Focus on Culture

Audit committees should aggressively assess corporate culture to detect and deter unethical behavior in their organizations, according to a new paper released by the Internal Audit Foundation and PwC US. The report, "Banking on Change: How to Respond to New Expectations for Audit Committees" examines the challenges that audit committees in the banking and capital markets (BCM) sector face in overseeing growing threats to their organizations, including the critical role culture plays in preventing unethical and fraudulent behavior. Download the report.


Internal Audit as Trusted Cyber Adviser

Internal Audit as Trusted Cyber Adviser

Internal Audit as Trusted Cyber Adviser is the latest release in The IIA’s Global Perspectives and Insights series. Explore how a team effort, support from the top, and enhanced cybersecurity knowledge can position internal audit as the trusted adviser. Download your copy


Voice of the Customer: Stakeholders’ Messages for Internal Audit

Voice of the Customer: Stakeholders’ Messages for Internal Audit

This report focuses on the recommendations from stakeholders on the best practices internal auditors should consider in their quest to continually improve performance and bring value to their organizations.

Download your FREE copy of Voice of the Customer: Stakeholders’ Messages for Internal Audit

Internal Audit as Trusted Cyber Adviser

Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference

This report offers insights on the expectations boards of directors and audit committee members have of internal auditors.

Download FREE copy of Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference.


Voice of the Customer: Stakeholders’ Messages for Internal Audit

New Cybersecurity GTAG Released

The IIA’s newest Global Technology Audit Guide: Assessing Cybersecurity Risk: Roles of the Three Lines of Defense offers guidance to internal auditors on how to update their approach to provide assurance over cybersecurity risks. It also empowers CAEs to put forth a clear audit approach to assess cybersecurity risk and management’s response capabilities, with a focus on shortening response time.


Environmental, Health & Safety Audit Center

IIA Launches New Specialty Center for EHS Auditors

The IIA has launched a new specialty center designed to meet the needs of professionals in one of the fastest-growing audit areas. The Environmental, Health & Safety Audit Center taps into the increasingly important role EHS auditors play in corporate governance as their scope of work expands beyond regulatory compliance to encompass risk mitigation, sustainability and other areas.

For more information, read the news release and visit the Center’s website.


Global Perspectives and Insights: Auditing Culture

New Global Perspectives and Insights Focuses on Auditing Culture

High-profile business scandals across the globe in 2015, from alleged corruption within FIFA to Volkswagen’s much reported emission’s scheme, have put a spotlight on how wayward corporate cultures can contribute to tangible negative outcomes. The new issue of Global Perspectives and Insights, Auditing Culture — A Hard Look at the Soft Stuff, makes the case that internal audit can enhance its value to an organization by auditing culture and provides a comprehensive look how it can be accomplished.


2016 North American Pulse of Internal Audit

2016 North American Pulse of Internal Audit Released

The evolution of risk in the marketplace has become as rapid as it is complex, with diverse factors coalescing in varied ways to create new business challenges. As a result, the demands on internal audit are evolving dramatically.

The 2016 North American Pulse of Internal Audit raises serious questions about how practitioners are coping with these new demands. Based on data collected in the annual survey of CAEs and directors, the Pulse focuses on four areas — cybersecurity, data analytics, auditing culture, and developing soft skills —where practitioners must branch out and urges practitioners to step out of their comfort zones.

Download the Pulse.


Internal Audit and the Second Line of Defense

Practice Guide: Internal Audit and the Second Line of Defense

Many organizations are restructuring responsibilities, ensuring governance and monitoring functions collaborate more closely to avoid duplication. With this change comes an additional weight for the chief audit executive; they may be asked to assume responsibilities for risk management, compliance, and other governance functions. Navigating through this process can be challenging; as a result, this guidance was developed to assist practitioners in making effective decisions regarding roles and responsibilities to assume related governance of risk management and controls. Learn more and download.


CBOK 2015: Who Owns Risk? A Look at Internal Audit’s Changing Role

Who Owns Risk? A Look at Internal Audit’s Changing Role
Who owns risk? The literal answer is “not internal audit.” However, there is no question that internal audit has helped organizations better understand and manage risk in the past and will undoubtedly play a valuable role in the future.

This report provides insights into the status of risk management and the role of internal audit around the world and lays out 13 key actions that can help chief audit executives (CAEs) and internal auditors ensure that their internal audit function is properly positioned to address risk challenges in an ever-changing world.


Responding to Fraud Risk: Exploring Where Internal Auditing Stands Responding to Fraud Risk: Exploring Where Internal Auditing Stands
Recent high profile cases of fraud have captured media attention and the scrutiny of regulators worldwide. This report offers current global analysis of the importance of fraud risk to internal audit and stakeholders.

CBOK 2015: Combined Assurance: One Language, One Voice, One View Combined Assurance: One Language, One Voice, One View
In increasingly complex organizations, where more and more players are involved in providing different measures of assurance, how can we prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue”? This report assists internal audit functions and their organizations to embark on the combined assurance journey. Internal audit has a key role to play in both the implementation and the coordination of activities as well as ongoing improvement.

2015 CBOK: Staying a Step Ahead Internal Audit Must Adapt to Tech Risks
A new report from the Internal Audit Foundation, Staying a Step Ahead, Internal Audit’s Use of Technology, reflects how internal audit is embracing technology. Based on data from the 2015 Common Body of Knowledge Practitioners Survey, the report provides insight for where the profession needs to go to help organizations keep up with ever-evolving technology and the risks it creates.

2015 CBOK: Navigating Technology's Top 10 Risks Navigating Top 10 Technology Risks
A new report from the Internal Audit Foundation ranks the biggest tech risks and outlines internal audit’s role in managing them. The authors of Navigating Technology’s Top 10 Risks developed the ranking based on data from the CBOK 2015 Global Internal Audit Practitioners survey as well as interviews with chief audit executives (CAEs) from around the world.

IIA–South Africa: Corporate Governance Index – An Internal Audit Perspective IIA–South Africa: Corporate Governance Index – An Internal Audit Perspective
IIA–South Africa has released the third edition of its Corporate Governance Index – An Internal Audit Perspective, a result of a survey completed by Chief Audit Executives (CAEs). It details the current state of corporate governance in South African organizations as perceived by its CAEs.

Kendallville Bank Case Study from the Anti-Fraud Collaboration Kendallville Bank Case Study from the Anti-Fraud Collaboration
The latest installment from the Anti-Fraud Collaboration case study series offers insights to help build awareness of financial fraud deterrence and detection.

Leveraging COSO Across the Three Lines of Defense Leveraging COSO Across the Three Lines of Defense
In Leveraging COSO Across the Three Lines of Defense, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

Driving Success in a Changing World: 10 Imperatives for Internal Audit Driving Success in a Changing World: 10 Imperatives for Internal Audit
Driving Success in a Changing World: 10 Imperatives for Internal Audit, developed from data gleaned from The IIA’s Global Internal Audit Common Body of Knowledge (CBOK) practitioners’ survey, offers direction to help internal audit professionals expand their skills and add value to their organizations.

New IPPF IIA Introduces Updated Guidance Framework
The IIA has unveiled enhancements to its International Professional Practices Framework (IPPF)®. Among the most significant enhancements to the IPPF are the introduction of a Mission of Internal Audit and articulation of 10 Core Principles for the Professional Practice of Internal Auditing.

2015 Global Pulse of Internal Audit

2015 Global Pulse of Internal Audit
The IIA’s 2015 Global Pulse of Internal Audit: Embracing Opportunities in a Dynamic Environment urges a broader, more flexible approach to risk.

 
IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.

 
2015 Pulse of Internal Audit release 2015 North American Pulse of Internal Audit
The 2015 North American Pulse of Internal Audit showed that CAEs consider emerging risks to be one of their greatest challenges, but it also found that only a third of respondents have a high degree of confidence in their ability to identify such concerns.
​ ​
 
​​IIA Letter on Audit Committees Published in Wall Street Journal
The Wall Street Journal published a Letter to the Editor from IIA President and CEO Richard Chambers Feb. 12 about audit committee members being open to expanding their roles.

 
Tone at the Top: Cybersecurity: They’re In. Now What?
Read the November/December 2014 issue of Tone at the Top and learn how organizations can approach cybersecurity breaches.
​ ​
 
Combining Internal Audit and Second Line of Defense Functions? Read this white paper from IIA–Netherlands.

IIA–Netherlands published a white paper on the pros and cons of combining internal audit and second line of defense functions. The white paper addresses the key question asked by many boards and committees: Can internal audit work independently and objectively if support is provided on risk management, compliance, and internal controls?


​ ​
Internal Audit Coverage of Risks to Achieving Strategic Objectives: IIA Practice Advisory 2120-3.

The IIA outlines six guidelines in assisting internal audit departments in understanding and providing coverage of risks in organizations achieving their strategic objectives.


​ ​

Internal Audit Foundation Research Report, in partnership with ISACA: Cybersecurity: What the Board of Directors Needs to Ask.

This report helps directors know how they should react to cybersecurity breaches and what to do, understand that cybersecurity is an enterprisewide issue, not just an IT issue, and know what the IT auditor’s role is in helping the Board of Directors address the issue. The report also outlines the NACD’s five principles for the board, and provides a list of top questions every board needs to ask.


  ​
IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs

IIA implementation guidance on auditing anti-bribery and anti-corruption programs.


 

IIA South Africa Report: How to Effectively Review Your Organization’s Risk Management Process

This report’s emphasis is on sharing practical risk management advice needed by internal auditors on providing assurance over the risk management process.


 

Internal Audit Foundation Research Report: Become a Strategic Auditor: Tying Risk to Strategy

Businesses today are spending more time on strategic issues and seeking more help from those with strategic capabilities. This has created a unique opportunity for internal auditors to help their organizations both manage their risks and achieve their strategic goals.


 

2014 North American Pulse of the Profession Report

In this annual report, The IIA’s Audit Executive Center shares the results from the 2014 Pulse of the Profession survey and provides insight on current trends and emerging issues relevant to the profession.


 

2014 Global Pulse of the Profession Report

In this report, The IIA’s Audit Executive Center cross-references the Global Pulse of the Profession survey findings with outcomes from similar global reports issued by KPMG International, PwC, and Protiviti. The result is a robust view of challenges facing the profession along with strategies to overcome those challenges.


 

IIA Practice Guide: Coordinating Risk Management and Assurance

Implementation guidance on coordinating risk management and assurance activities within the organization.


 

IIA South Africa Report: Issuing an Assessment in Terms of King III

The King III report requires an objective assessment of the effectiveness of risk management and the internal control framework. This report provides practical guidance to fulfill this requirement.


 ​ ​

​IIA Practice Guide: Auditing Privacy Risks, 2nd Edition

Implementation guidance on auditing privacy risks.


 ​ ​

Internal Audit Foundation Research Report: Contrasting GRC and ERM: Perception and Practices among Internal Auditors

This Internal Audit Foundation research report looks at the perceptions and practices among internal auditors on the difference between GRC and ERM.


 ​ ​

​IIA UK/Ireland Guidance Booklet: An Approach to Implementing Risk-based Auditing

Report documents why risk-based auditing should be introduced, how it can be implemented, and the advantages of a risk-based approach.


 ​ ​

​IIA Global Technology Audit Guide (GTAG): Information Technology Risk and Controls, 2nd Edition

Implementation guidance on information technology risk and controls.


 ​ ​

​IIA South Africa Report: Risk-based Auditing

This report looks at the need in the business world today for effective corporate governance and risk management practices.


 ​ ​

IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Control

The IIA’s position on the three lines of defense in effective risk management and control.


 ​ ​

​IIA Spain Research Report: Definition and Implementation of Risk Appetite

Report evaluates the process of defining and implementing risk appetite and what Boards and management should consider.


 ​ ​

​October 2013 North American Pulse of the Profession Report

The IIA’s Audit Executive Center looks at the trends and insights emerging from the most recent Pulse of the Profession Survey.


 ​ ​

​April 2013 Global Pulse of the Profession Report

This global report summarizes feedback from the 1,700 internal auditors around the world who participated in the 2013 Pulse of the Profession Survey.


 ​ ​

​March 2013 North American Pulse of the Profession Report

In this semiannual report, The IIA’s Audit Executive Center looks at the results from the Pulse of the Profession Survey to provide insight into the state of the profession for 2013.


 ​ ​

IIA UK/Ireland 2013 Governance and Risk Report

This 2013 report from IIA UK/Ireland documents the results of an annual survey covering important and emerging governance and risk topics.


 ​ ​

​IIA Practice Advisory 2200-2: Using a Top-down, Risk-based Approach to Identify the Controls to be Assessed in an Internal Audit Engagement

An interpretation on using a top-down, risk-based approach to identify the controls to be assessed in an internal audit engagement.


 ​ ​

​IIA Practice Advisory 2120-2: Managing the Risk of the Internal Audit Activity

Interpretation on managing the risk of the internal audit activity.


 ​ ​

​IIA Practice Advisory 2010-1: Linking the Audit Plan to Risk and Exposures

Interpretation on linking the audit plan to risk and exposures.


 ​ ​

Internal Audit Foundation Research Report: Internal Auditing’s Role in Risk Management

Increasing economic pressures are moving organizations to increase the effective of risk mitigation efforts and focus on a more holistic approach to risk management. As a result, the role of internal auditing in risk management is focused on ways to identify and assess the organization’s strategic risk.


 ​ ​

​IIA Position Paper: The Role of Internal Auditing in Enterprise Risk Management

The IIA’s position on the role of internal audit in enterprise risk management.


 ​ ​

​IIA Practice Advisory 2010-2: Using the Risk Management Process in Internal Auditing

Interpretation on using the risk management process in internal auditing.


 ​ ​

​IIA Practice Advisory 2110-2: Governance: Relationship with Risk and Control

Interpretation on the relationship between governance and risks and controls.


 ​ ​

​IIA Practice Advisory 2210.A1-1: Risk Assessment in Engagement Planning

An interpretation on performing risk assessments during the planning phase of an engagement.