Change the Way You View and Understand Risk
OnRisk 2020: A Guide to Understanding, Aligning, and Optimizing Risk offers a clear-eyed, holistic view of risk like no other. This new IIA report is the first to bring together perspectives from the boardroom, C-suite, and internal audit.
Download OnRisk 2020
In Line With Risk
At Covertus, a pet industry service provider, the internal audit team is building a strategic program to facilitate more productive organizational risk discussions. The program also aims to help align business processes around a common purpose.
Auditing at the Speed of Risk
Harold Silverman, managing director of CAE services at The IIA, is joined by IIA President and CEO Richard Chambers, who examines the challenges, opportunities, and emerging issues facing internal auditors, including the top strategic risk for the profession: complacency. Lastly, Harold discusses upcoming content from the Audit Executive Center.
AI and Emerging Risks
How does the audit team determine if it’s ready to start using artificial intelligence (AI)? What kind of expertise does it require? CVS analytics expert Manuel Coello describes what it takes to start using AI technology.
Board Risk, Caremark Duties, and Internal Audit
Directors should seek internal audit’s independent assurance and advice on critical issues, given the current environment of increased exposure. Meanwhile, internal audit should refocus its efforts to bring forth information, and secure more of the board’s time to discuss these risks.
Read more at Internal Auditor magazine.
2019 North American Pulse of Internal Audit
Top CAEs understand that aligning with stakeholders means knowing the issues that keep them up at night. But today’s dynamic risk landscape demands that CAEs also assure that stakeholders recognize and fully understand today’s complex risks and opportunities.
Download your free copy.
COSO ERM Certificate Program
The complexity of enterprise risk has changed; new risks and responsibilities have emerged. Earning the COSO ERM Certificate helps you navigate the unknown. Learn the concepts and principles of the newly updated ERM Framework from the experts and prepare to integrate that framework into your organization’s strategy. The ERM Framework helps management understand their duties for managing risk and drive business performance.
COSO ERM: Getting Risk Management Right
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently published an update to its 2004 COSO ERM framework. The name of the 2017 version says it all: Enterprise Risk Management–Integrating With Strategy and Performance. Risk management is all about strategy and performance.
Special Edition: Artificial Intelligence — Considerations for the Profession of Internal Auditing
This special edition of Global Perspectives and Insights explores the internal audit’s role in Artificial Intelligence by discussing associated risks and opportunities. The paper also introduces an AI Auditing Framework comprised of six components, all set within the context of an organization’s AI strategy.
7 Signs You Might Be a "Jurassic Auditor"
"The best and brightest professionals embrace evolution and leverage new strategies and tactics to enhance their effectiveness," writes IIA President and CEO Richard Chambers. "The same is (or should be) true of internal audit professionals." In his latest blog, Chambers presents seven obsolete characteristics and practices of the "Jurassic auditor."
Access at Internal Auditor online.
Internal Audit’s Role in Assuring Accurate Board Information
For boards of directors to ensure their organizations achieve objectives, they must have good, reliable information on which to base critical decisions involving strategy, finances, and risks, among other things. While internal audit’s role traditionally has been after the fact, it must contribute at the front end of the board process as well, by assessing the risk of the board failing to understand business issues or making inadequate decisions based on the quality of the information available.
Download the new issue and share it with your audit committee.
Help Your Organization Move from Crisis Aware to Crisis Resilient
Are you among the 39 percent of recent survey respondents who said they have no plan to address reputational risks? Find out how to prepare your organization to resist, react to, and recover from a crisis in the latest Global Perspectives and Insights report on Crisis Resilience. Download your copy.
Guidance: Understanding and Auditing Big Data
Big buzz around big data these days means internal audit must wrap its arms around the topic to aid organizations in its proper use, security, and controls. This new GTAG helps you understand big data technologies and define the scope and activities an audit should undertake.
Download this and other new guidance from The IIA now.
Global Perspectives and Insights: Emerging Trends – Powered by the Global Pulse of Internal Audit
The latest issue cites data from a recent global survey of practitioners explores two emerging issues – auditing culture and keeping up with technology (cybersecurity and big data). The report also explores how internal audit can, and arguably must, rise to the level of trusted adviser. Download your copy
IAF, PWC Report: Audit Committees Must Focus on Culture
Audit committees should aggressively assess corporate culture to detect and deter unethical behavior in their organizations, according to a new paper released by the Internal Audit Foundation and PwC US. The report, "Banking on Change: How to Respond to New Expectations for Audit Committees" examines the challenges that audit committees in the banking and capital markets (BCM) sector face in overseeing growing threats to their organizations, including the critical role culture plays in preventing unethical and fraudulent behavior. Download the report.
Internal Audit as Trusted Cyber Adviser
Internal Audit as Trusted Cyber Adviser is the latest release in The IIA’s Global Perspectives and Insights series. Explore how a team effort, support from the top, and enhanced cybersecurity knowledge can position internal audit as the trusted adviser. Download your copy
Voice of the Customer: Stakeholders’ Messages for Internal Audit
This report focuses on the recommendations from stakeholders on the best practices internal auditors should consider in their quest to continually improve performance and bring value to their organizations.
Download your FREE copy of Voice of the Customer: Stakeholders’ Messages for Internal Audit
Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference
This report offers insights on the expectations boards of directors and audit committee members have of internal auditors.
Download FREE copy of Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference.
New Cybersecurity GTAG Released
The IIA’s newest Global Technology Audit Guide: Assessing Cybersecurity Risk: The Three Lines Model offers guidance to internal auditors on how to update their approach to provide assurance over cybersecurity risks. It also empowers CAEs to put forth a clear audit approach to assess cybersecurity risk and management’s response capabilities, with a focus on shortening response time.
IIA Launches New Specialty Center for EHS Auditors
The IIA has launched a new specialty center designed to meet the needs of professionals in one of the fastest-growing audit areas. The Environmental, Health & Safety Audit Center taps into the increasingly important role EHS auditors play in corporate governance as their scope of work expands beyond regulatory compliance to encompass risk mitigation, sustainability and other areas.
For more information, read the news release and visit the Center’s website.
New Global Perspectives and Insights Focuses on Auditing Culture
High-profile business scandals across the globe in 2015, from alleged corruption within FIFA to Volkswagen’s much reported emission’s scheme, have put a spotlight on how wayward corporate cultures can contribute to tangible negative outcomes. The new issue of Global Perspectives and Insights, Auditing Culture — A Hard Look at the Soft Stuff, makes the case that internal audit can enhance its value to an organization by auditing culture and provides a comprehensive look how it can be accomplished.
2016 North American Pulse of Internal Audit Released
The evolution of risk in the marketplace has become as rapid as it is complex, with diverse factors coalescing in varied ways to create new business challenges. As a result, the demands on internal audit are evolving dramatically.
The 2016 North American Pulse of Internal Audit raises serious questions about how practitioners are coping with these new demands. Based on data collected in the annual survey of CAEs and directors, the Pulse focuses on four areas — cybersecurity, data analytics, auditing culture, and developing soft skills —where practitioners must branch out and urges practitioners to step out of their comfort zones.
Download the Pulse.
Who Owns Risk? A Look at Internal Audit’s Changing Role
Who owns risk? The literal answer is “not internal audit.” However, there is no question that internal audit has helped organizations better understand and manage risk in the past and will undoubtedly play a valuable role in the future.
This report provides insights into the status of risk management and the role of internal audit around the world and lays out 13 key actions that can help chief audit executives (CAEs) and internal auditors ensure that their internal audit function is properly positioned to address risk challenges in an ever-changing world.
||Responding to Fraud Risk: Exploring Where Internal Auditing Stands|
Recent high profile cases of fraud have captured media attention and the scrutiny of regulators worldwide. This report offers current global analysis of the importance of fraud risk to internal audit and stakeholders.
||Combined Assurance: One Language, One Voice, One View|
In increasingly complex organizations, where more and more players are involved in providing different measures of assurance, how can we prevent management from being overwhelmed by information and reports and succumbing to “assurance fatigue”? This report assists internal audit functions and their organizations to embark on the combined assurance journey. Internal audit has a key role to play in both the implementation and the coordination of activities as well as ongoing improvement.
||Internal Audit Must Adapt to Tech Risks|
A new report from the Internal Audit Foundation, Staying a Step Ahead, Internal Audit’s Use of Technology, reflects how internal audit is embracing technology. Based on data from the 2015 Common Body of Knowledge Practitioners Survey, the report provides insight for where the profession needs to go to help organizations keep up with ever-evolving technology and the risks it creates.
||Navigating Top 10 Technology Risks|
A new report from the Internal Audit Foundation ranks the biggest tech risks and outlines internal audit’s role in managing them. The authors of Navigating Technology’s Top 10 Risks developed the ranking based on data from the CBOK 2015 Global Internal Audit Practitioners survey as well as interviews with chief audit executives (CAEs) from around the world.
||IIA–South Africa: Corporate Governance Index – An Internal Audit Perspective|
IIA–South Africa has released the third edition of its Corporate Governance Index – An Internal Audit Perspective, a result of a survey completed by Chief Audit Executives (CAEs). It details the current state of corporate governance in South African organizations as perceived by its CAEs.
||Kendallville Bank Case Study from the Anti-Fraud Collaboration|
The latest installment from the Anti-Fraud Collaboration case study series offers insights to help build awareness of financial fraud deterrence and detection.
||Leveraging COSO Across the Three Lines of Defense|
In Leveraging COSO Across the Three Lines of Defense, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.
||Driving Success in a Changing World: 10 Imperatives for Internal Audit |
Driving Success in a Changing World: 10 Imperatives for Internal Audit, developed from data gleaned from The IIA’s Global Internal Audit Common Body of Knowledge (CBOK) practitioners’ survey, offers direction to help internal audit professionals expand their skills and add value to their organizations.
||IIA Introduces Updated Guidance Framework |
The IIA has unveiled enhancements to its International Professional Practices Framework (IPPF)®. Among the most significant enhancements to the IPPF are the introduction of a Mission of Internal Audit and articulation of 10 Core Principles for the Professional Practice of Internal Auditing.
||2015 Global Pulse of Internal Audit|
The IIA’s 2015 Global Pulse of Internal Audit: Embracing Opportunities in a Dynamic Environment urges a broader, more flexible approach to risk.
|IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs|
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.
||2015 North American Pulse of Internal Audit|
The 2015 North American Pulse of Internal Audit showed that CAEs consider emerging risks to be one of their greatest challenges, but it also found that only a third of respondents have a high degree of confidence in their ability to identify such concerns.
|IIA Letter on Audit Committees Published in Wall Street Journal|
The Wall Street Journal published a Letter to the Editor from IIA President and CEO Richard Chambers Feb. 12 about audit committee members being open to expanding their roles.
||Tone at the Top: Cybersecurity: They’re In. Now What?|
Read the November/December 2014 issue of Tone at the Top and learn how organizations can approach cybersecurity breaches.
|Combining Internal Audit and Second Line of Defense Functions? Read this white paper from IIA–Netherlands.|
IIA–Netherlands published a white paper on the pros and cons of combining internal audit and second line of defense functions. The white paper addresses the key question asked by many boards and committees: Can internal audit work independently and objectively if support is provided on risk management, compliance, and internal controls?
|Internal Audit Coverage of Risks to Achieving Strategic Objectives: IIA Practice Advisory 2120-3.|
The IIA outlines six guidelines in assisting internal audit departments in understanding and providing coverage of risks in organizations achieving their strategic objectives.
Internal Audit Foundation Research Report, in partnership with ISACA: Cybersecurity: What the Board of Directors Needs to Ask.
This report helps directors know how they should react to cybersecurity breaches and what to do, understand that cybersecurity is an enterprisewide issue, not just an IT issue, and know what the IT auditor’s role is in helping the Board of Directors address the issue. The report also outlines the NACD’s five principles for the board, and provides a list of top questions every board needs to ask.
|IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs|
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.
IIA South Africa Report: How to Effectively Review Your Organization’s Risk Management Process
This report’s emphasis is on sharing practical risk management advice needed by internal auditors on providing assurance over the risk management process.
Internal Audit Foundation Research Report: Become a Strategic Auditor: Tying Risk to Strategy
Businesses today are spending more time on strategic issues and seeking more help from those with strategic capabilities. This has created a unique opportunity for internal auditors to help their organizations both manage their risks and achieve their strategic goals.
2014 North American Pulse of the Profession Report
In this annual report, The IIA’s Audit Executive Center shares the results from the 2014 Pulse of the Profession survey and provides insight on current trends and emerging issues relevant to the profession.
2014 Global Pulse of the Profession Report
In this report, The IIA’s Audit Executive Center cross-references the Global Pulse of the Profession survey findings with outcomes from similar global reports issued by KPMG International, PwC, and Protiviti. The result is a robust view of challenges facing the profession along with strategies to overcome those challenges.
IIA Practice Guide: Coordinating Risk Management and Assurance
Implementation guidance on coordinating risk management and assurance activities within the organization.
IIA South Africa Report: Issuing an Assessment in Terms of King III
The King III report requires an objective assessment of the effectiveness of risk management and the internal control framework. This report provides practical guidance to fulfill this requirement.
IIA Practice Guide: Auditing Privacy Risks, 2nd Edition
Implementation guidance on auditing privacy risks.
Internal Audit Foundation Research Report: Contrasting GRC and ERM: Perception and Practices among Internal Auditors
This Internal Audit Foundation research report looks at the perceptions and practices among internal auditors on the difference between GRC and ERM.
IIA UK/Ireland Guidance Booklet: An Approach to Implementing Risk-based Auditing
Report documents why risk-based auditing should be introduced, how it can be implemented, and the advantages of a risk-based approach.
IIA Global Technology Audit Guide (GTAG): Information Technology Risk and Controls, 2nd Edition
Implementation guidance on information technology risk and controls.
IIA South Africa Report: Risk-based Auditing
This report looks at the need in the business world today for effective corporate governance and risk management practices.
IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Control
The IIA’s position on the three lines of defense in effective risk management and control.
IIA Spain Research Report: Definition and Implementation of Risk Appetite
Report evaluates the process of defining and implementing risk appetite and what Boards and management should consider.
October 2013 North American Pulse of the Profession Report
The IIA’s Audit Executive Center looks at the trends and insights emerging from the most recent Pulse of the Profession Survey.
April 2013 Global Pulse of the Profession Report
This global report summarizes feedback from the 1,700 internal auditors around the world who participated in the 2013 Pulse of the Profession Survey.
March 2013 North American Pulse of the Profession Report
In this semiannual report, The IIA’s Audit Executive Center looks at the results from the Pulse of the Profession Survey to provide insight into the state of the profession for 2013.
IIA UK/Ireland 2013 Governance and Risk Report
This 2013 report from IIA UK/Ireland documents the results of an annual survey covering important and emerging governance and risk topics.
IIA Practice Advisory 2200-2: Using a Top-down, Risk-based Approach to Identify the Controls to be Assessed in an Internal Audit Engagement
An interpretation on using a top-down, risk-based approach to identify the controls to be assessed in an internal audit engagement.
IIA Practice Advisory 2120-2: Managing the Risk of the Internal Audit Activity
Interpretation on managing the risk of the internal audit activity.
IIA Practice Advisory 2010-1: Linking the Audit Plan to Risk and Exposures
Interpretation on linking the audit plan to risk and exposures.
Internal Audit Foundation Research Report: Internal Auditing’s Role in Risk Management
Increasing economic pressures are moving organizations to increase the effective of risk mitigation efforts and focus on a more holistic approach to risk management. As a result, the role of internal auditing in risk management is focused on ways to identify and assess the organization’s strategic risk.
IIA Position Paper: The Role of Internal Auditing in Enterprise Risk Management
The IIA’s position on the role of internal audit in enterprise risk management.
IIA Practice Advisory 2010-2: Using the Risk Management Process in Internal Auditing
Interpretation on using the risk management process in internal auditing.
IIA Practice Advisory 2110-2: Governance: Relationship with Risk and Control
Interpretation on the relationship between governance and risks and controls.
IIA Practice Advisory 2210.A1-1: Risk Assessment in Engagement Planning
An interpretation on performing risk assessments during the planning phase of an engagement.