Risk in Focus 2021 - Practical Guidance on cybersecurity
This guidance is developed to help internal auditors address some of the key risks identified in Risk in Focus 2021, with the aim of contributing
to the reduction of their impacts on businesses and stakeholders. Where the Risk in Focus report itself addresses the ‘WHAT-could be important to audit’, this guidance helps you address the
‘HOW-to audit’ this topic.
Cybersecurity and data security has been one of the top three priority risks identified in Risk in Focus over the past five editions. It is documented as the number one priority risk for 2021, and this trend is expected to continue for the next three years. As a result, a number
of resources have been produced within the IIA network to support practitioners navigating this risk.
The Three Lines Model is a fresh look at the familiar Three Lines of Defense, clarifying and strengthening the underpinning principles, broadening the scope, and explaining how key organizational roles work together to facilitate strong governance and risk management.
The model can be applied to all organizations and is optimized by:
Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.
Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.
Clearly understanding the roles and responsibilities represented in the model and the relationships among them.
Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders.
Based on feedback from subject matter experts, globally recognized thought leaders, and over 2,000 individuals and organizations around the world, The IIA’s new Three Lines Model has been fully refreshed and updated to reflect current practices and help guide organizational decisions, behaviors, actions, and outcomes achieve success.
The IIA Releases New Practice Guide on Auditing Conduct Risk
Organizational culture ― and how an organization comports itself with regard to conduct ― drives how business is done. It also underlies the effectiveness of the control environment, which supports the achievement of an organization’s objectives.
The issue of conduct is not easily separated from an organization’s culture; rather, it is a distinct segment of culture as a whole. “Auditing Conduct Risk” provides internal auditors with an understanding of methods to evaluate the management of conduct risk.
Regulatory environment of conduct.
Measurement and reporting.
Consequences of misconduct.
Planning and performing the engagement.
IIA Luxembourg members can download the practice guide here
The comprehensive and concurrent strategy defines and delivers the knowledge and skills necessary to navigate a successful career in internal auditing focused on best practices and practical applications.
The framework also serves as an effective onboarding tool or a multi-year training plan that helps chief audit executives and leaders continuously identify and fill skill gaps within the audit function.
The IIA Releases New Global Technology Audit Guide on IT Essentials for Internal Auditors
The IIA’s IT Guidance Committee is pleased to announce its new GTAG that provides a baseline of IT knowledge for internal auditors.
Written for auditors of all experience levels, “IT Essentials for Internal Auditors” discusses foundational IT topics along with potential challenges, risks, and opportunities within this increasingly growing and intensifying area that affects all organizations.
The guide is divided into sections that cover IT:
Governance and the IT and business relationship.
It is designed to enable internal auditors to grasp technical topics so they can continue to provide valuable organizational assistance through risk-based auditing in a variety of areas that require greater understanding and expertise.
IIA members are invited to download this guidance and all guidance as a benefit of membership.
Non members may purchase Supplemental Guidance by visiting the IIA Bookstore.
April 20, 2020
IIA to Offer Remote, Online Testing For CIA, CRMA Certifications
To support the continued professional development of certification candidates around the world and in response to mass Pearson VUE test center closures, The IIA has adopted online testing to enable candidates to take the Certified Internal Auditor® (CIA®), Certification in Risk Management Assurance®️ (CRMA®️), and CIA Challenge exams from home. We are partnering with Pearson VUE to offer this testing option for a period of 3 months starting 29 April 2020.
Online testing allows candidates to take an IIA certification exam using their own computer in their home, their office, or remotely in other acceptable locations.
For the past five years, Risk in Focus has sought to highlight key risk areas to help internal auditors prepare independent risk assessment work, annual planning and audit scoping.
This year’s Risk in Focus looks at the risks faced by organisations through the lens of the global coronavirus pandemic.
You can download the Risk in Focus 2021 and its practical guidances here
June 08, 2020
Reporting at the Speed of Risk: 4 Strategies for Success
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:
News last week of improvement in the U.S. jobless situation brought a glimmer of hope that, perhaps, the very worst may be behind us. At least for now. But disruption continues to engulf our personal and professional lives, as the twin impacts of the coronavirus COVID-19 — health and economic — reach ever deeper into virtually every organization on the planet. Internal auditors are wrestling with risks that continue to emerge at warp speed and myriad challenges from working remotely, exasperated by a lack of crucial face-to-face communications.
However, by all accounts, the profession is demonstrating agility and proving its resilience.
Much has been said and written about how internal auditors are adapting: how we are using technology, how we are auditing remotely, and even how we are providing assurance and advice related to health and safety risks. But one topic has been conspicuously absent in conversations about how internal auditors are innovating: how we are reporting our audit results.