The Three Lines Model is a fresh look at the familiar Three Lines of Defense, clarifying and strengthening the underpinning principles, broadening the scope, and explaining how key organizational roles work together to facilitate strong governance and risk management.
The model can be applied to all organizations and is optimized by:
Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.
Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.
Clearly understanding the roles and responsibilities represented in the model and the relationships among them.
Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders.
Based on feedback from subject matter experts, globally recognized thought leaders, and over 2,000 individuals and organizations around the world, The IIA’s new Three Lines Model has been fully refreshed and updated to reflect current practices and help guide organizational decisions, behaviors, actions, and outcomes achieve success.
The IIA Releases New Practice Guide on Auditing Conduct Risk
Organizational culture ― and how an organization comports itself with regard to conduct ― drives how business is done. It also underlies the effectiveness of the control environment, which supports the achievement of an organization’s objectives.
The issue of conduct is not easily separated from an organization’s culture; rather, it is a distinct segment of culture as a whole. “Auditing Conduct Risk” provides internal auditors with an understanding of methods to evaluate the management of conduct risk.
Regulatory environment of conduct.
Measurement and reporting.
Consequences of misconduct.
Planning and performing the engagement.
IIA Luxembourg members can download the practice guide here
June 18, 2020
The IIA Releases New Global Technology Audit Guide on IT Essentials for Internal Auditors
The IIA’s IT Guidance Committee is pleased to announce its new GTAG that provides a baseline of IT knowledge for internal auditors.
Written for auditors of all experience levels, “IT Essentials for Internal Auditors” discusses foundational IT topics along with potential challenges, risks, and opportunities within this increasingly growing and intensifying area that affects all organizations.
The guide is divided into sections that cover IT:
Governance and the IT and business relationship.
It is designed to enable internal auditors to grasp technical topics so they can continue to provide valuable organizational assistance through risk-based auditing in a variety of areas that require greater understanding and expertise.
Non members may purchase Supplemental Guidance by visiting the IIA Bookstore.
April 20, 2020
IIA to Offer Remote, Online Testing For CIA, CRMA Certifications
To support the continued professional development of certification candidates around the world and in response to mass Pearson VUE test center closures, The IIA has adopted online testing to enable candidates to take the Certified Internal Auditor® (CIA®), Certification in Risk Management Assurance®️ (CRMA®️), and CIA Challenge exams from home. We are partnering with Pearson VUE to offer this testing option for a period of 3 months starting 29 April 2020.
Online testing allows candidates to take an IIA certification exam using their own computer in their home, their office, or remotely in other acceptable locations.
Reporting at the Speed of Risk: 4 Strategies for Success
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:
News last week of improvement in the U.S. jobless situation brought a glimmer of hope that, perhaps, the very worst may be behind us. At least for now. But disruption continues to engulf our personal and professional lives, as the twin impacts of the coronavirus COVID-19 — health and economic — reach ever deeper into virtually every organization on the planet. Internal auditors are wrestling with risks that continue to emerge at warp speed and myriad challenges from working remotely, exasperated by a lack of crucial face-to-face communications.
However, by all accounts, the profession is demonstrating agility and proving its resilience.
Much has been said and written about how internal auditors are adapting: how we are using technology, how we are auditing remotely, and even how we are providing assurance and advice related to health and safety risks. But one topic has been conspicuously absent in conversations about how internal auditors are innovating: how we are reporting our audit results.