Denne malen er utarbeidet for internrevisjonens obligatoriske årlige egenevaluering. Den er utarbeidet av IIA Norge ved sekretariatet, med bistand fra foreningens Komite for eksterne evalueringer. Malen skal legge til rette for en forenklet gjennomgang av internrevisjonens samsvar med standardene, og bygger på den norske oversettelsen. Målet er at verktøyet skal bidra til en effektiv og målrettet gjennomgang.
For en mer dyptpløyende gjennomgang vil vi anbefale IIAs Quality Assessment Manual (2024 edition), som inneholder et noe mer omfattende verktøy for samme formål. Der internrevisjonen i arbeidshverdagen i hovedsak benytter standardene på engelsk, anbefaler vi at man heller bruker dette.
Fra og med 2025 vil en fullstendig gjennomført egenevaluering etter IIA Norges mal (eller etter QAM 2024) også utgjøre en obligatorisk del av grunnlaget for ekstern evaluering av internrevisjonen.
Om du har spørsmål til eller tilbakemeldinger på denne malen, ta kontakt med sekretariatet på epost: post@iia.no
This guide is written for members of boards in Norwegian organizations, to help them fulfill their own role in the risk management. The guide contains a set of simple questions that the board can ask, which will help strengthen the organization’s ability to achieve its goals.
The guide is a completely new product, which replaces the previous guide with the same purpose.
IIAs Globale standarder for internrevisjon veileder den profesjonelle utførelsen av internrevisjon over hele verden, og brukes som et grunnlag for å evaluere og heve kvaliteten på internrevisjonens arbeid. Standardene bygger på 15 veiledende prinsipper som fremmer målrettet og virkningsfull internrevisjon. Hvert prinsipp understøttes av standarder som inneholder krav, vurderinger ved implementering og eksempler på samsvar. Til sammen hjelper de internrevisorer med å oppfylle prinsippene og oppnå formålet med internrevisjon.
Om oversettelsen
Dette er IIA Norges oversettelse av Global Internal Audit Standards (2024) til norsk, fastsatt av styret etter åpen høring. Oversettelsen er utført av byrået Samtext AS på oppdrag fra IIA Norge, med kvalitetssikring fra utvalgte medlemmer i foreningen. Alt av ansvar for oversettelsen tilligger foreningen.
Ved alle tolkningsspørsmål er den engelske originale utgaven gjeldende. Vi anbefaler derfor å sjekke med ordlyden i den engelske, der lesningen av standardene inngår i grunnlaget for viktige beslutninger. Den norske oversettelsen har vært gjennom omfattende kvalitetssikring, men feil kan likevel forekomme. Spørsmål eller innspill til oversettelsen bes oversendt foreningens sekretariat per e-post til post@iia.no.
This paper aims to set out baseline standards and best practices for internal and external auditors to consider when determining the appropriate scope and extent of testing in the conduct of AML/CFT audits for banks.
This paper brings together the practices of AAPG members, as well as inputs from banks and audit firms that contributed to the AAPG’s benchmarking survey in 2023. The survey solicited inputs on several aspects of audit practice, including:
AML/CFT audit coverage
AML/CFT audit approach
use of data analytics (“DA”) and new techniques to strengthen AML/CFT audit effectiveness.
The Internal Audit Foundation and Wolters Kluwer TeamMate conducted a study to examine the use of generative AI within organizations and internal audit functions. The survey’s findings provide valuable insights into who is using this groundbreaking technology, how it is being used, and if it is governed. While the ultimate solution to the AI riddle remains somewhat clouded, clues are emerging as to how it can be applied to improve internal audit efficiency, productivity, and quality.
Key takeaways include:
Generative AI proves beneficial throughout all four phases of an audit engagement—planning, fieldwork, reporting, and follow-up—and can assist internal auditors with learning, brainstorming, creating, writing, and performing.
Human involvement is crucial. Internal audit teams should critically evaluate GenAI capabilities and limitations to understand where it can be effectively applied and where it may fall short.
Seventy-six percent of respondents classified themselves as a “Novice” or “Beginner” in generative AI, indicating that a substantial number of internal auditors perceive their familiarity and skill with GenAI as relatively low.
Most respondents report using GenAI “Extensively” or “Often” for the planning or reporting phases of an audit.
The European Union’s Digital Operational Resilience Act (DORA) affects Internal Audit in insurance companies, as it sets direct and indirect standards for the internal audit function. The deadline for meeting DORA requirements is 17 January 2025, and both financial institutions and service providers across the industry are feeling the pressure.
The aim of this paper is to provide internal audit functions with an overview of the status approximately six months before the regulation’s due date, what activities from internal audit functions are required by DORA directly, as well as what practices companies are adopting to comply with DORA and how internal audit can give assurance.
The views and opinions expressed do not necessarily reflect the official policy or position of any agency or organization on DORA. The information contained in this paper reflects a general informative view on DORA and its potential impact on Internal Audit.
The Standards apply to any individual or function that provides internal audit services, whether an organization employs internal auditors directly, contracts them through an external service provider, or both. Organizations receiving internal audit services vary in sector and industry affiliation, purpose, size, complexity, and structure.
The Standards apply to the internal audit function and individual internal auditors including the chief audit executive. While the chief audit executive is accountable for the internal audit function’s implementation of and conformance with all principles and standards, all internal auditors are responsible for conforming with the principles and standards relevant to performing their job responsibilities, which are presented primarily in Domain II: Ethics and Professionalism and Domain V: Performing Internal Audit Services.
The Standards are organized into five domains
Domain I: Purpose of Internal Auditing.
Domain II: Ethics and Professionalism.
Domain III: Governing the Internal Audit Function.
Domain IV: Managing the Internal Audit Function.
Domain V: Performing Internal Audit Services.
Domains II through V contain the following elements
Principles: broad descriptions of a related group of requirements and considerations.
Standards, which include: o Requirements: mandatory practices for internal auditing. o Considerations for Implementation: common and preferred practices to consider when implementing the requirements. o Examples of Evidence of Conformance: ways to demonstrate that the requirements of the Standards have been implemented.
The Standards use the word “must” in the Requirements sections and the words “should” and “may” to specify common and preferred practices in the Considerations for Implementation sections. Each standard ends with a list of examples of evidence. The examples are neither requirements nor the only ways to demonstrate conformance; rather, they are provided to help internal audit functions prepare for quality assessments, which rely on demonstrative evidence. The Standards use certain terms as defined in the accompanying glossary. To understand and implement the Standards correctly, it is necessary to understand and adopt the specific meanings and usage of the terms as described in the glossary.
Use cases, sample prompts, and key considerations when using Natural Language Processing tools.
By November 2023, over 100 million people globally were regularly using ChatGPT. Businesses and individuals have praised the AI tool for its ability to save time spent on manual, time-consuming activities, using it for everything from writing emails and summarizing documents to developing code, Excel shortcuts, and PowerPoint presentations.
Because of these and other benefits, organizations across all professions and industries are using chatGPT and other Natural Language Processing (NLP) tools — and so can internal auditors. This guide will provide novice AI users with use cases and recommendations for how they can incorporate ChatGPT-style tools into their practice.
However, as with any technology, there are both risks and rewards — and the potential risks associated with publicly available tools cannot be overlooked. As always, internal auditors should remain vigilant about the inherent risks and diligent about the controls in place to avoid, share, accept, or mitigate those risks.
Global Knowledge Brief – Part 3: Internal Audit’s Role in AI Ethics
Amid rapid advancements in artificial intelligence (AI), concerns about ethics and related issues have prompted some to recommend a hiatus or slowdown in further development. But despite calls for temporary halts, many organizations are ramping up AI use or planning to do so. Internal auditors will clearly have an important assurance and advisory role as organizations wrestle with AI choices and their implications.
This brief, the final in a three-part AI series, addresses the ethical issues surrounding this multifaceted technology and what those issues mean to organizations and internal auditors. This brief also includes recommendations and insights from management and internal auditors already working on the frontlines of AI use.
Cybersecurity is the top risk consideration for internal auditors, and that will remain the case for the foreseeable future. Indeed, it is the singular risk consuming their greatest time and effort, according to Risk In Focus 2024.
This brief, the second in a three-part series on cybersecurity sponsored by AuditBoard, examines how artificial intelligence (AI) contributes to cybersecurity challenges and opportunities, and what internal auditors need to know about this emerging and evolving risk area as a cybersecurity consideration.
Vi bruker informasjonskapsler for å forbedre din opplevelse på nettstedet vårt. For mer informasjon om hvordan vi håndterer dataene dine, vennligst se vår personvernerklæring.
