A Practice Guide from the IIA – 2. Edition
Stability within the banking sector is crucial to preserve the trust that underpins a well-functioning economy. Government legislators and regulators globally have incorporated the Basel Framework, a composite of recommendations created after the 2007–09 financial crisis, into regulations for financial institutions.
Internal auditors working in financial services should understand the international standards and principles of capital adequacy that apply to their jurisdictions. This guide, updated from the original version released in 2018, explores internal audit’s role in evaluating the capital planning and management process.
Senior management is responsible for strategic management in the implementation of ESG
objectives: it defines the actions to be taken and designates those responsible for carrying them out.
The Board of Directors and its supporting committees (Audit Committee and/or Sustainability
Committee) must guide, oversee and control the organization’s approach to sustainability.
It is key to ensure that ESG risks are integrated into the strategy, culture, risk appetite framework,
models and Internal Audit reviews. Policies for variable compensation (e.g., bonuses) are increasingly linked to the achievement of ESG objectives.
This document has been split into two parts. The first will develop the definitions and identify the fundamental aspects of each of the E, S and G factors in terms of strategy and governance, risk management and establishing the reporting framework.
The second part will focus on the process of Internal Audit work on ESG criteria by considering the approaches, tests and indicators that can be used as reference.
Our proposed model will be very useful as a guide to managing the supervision of the ESG aspects, although each Internal Audit team will have to adapt, develop, and complete it with reference to the nature, circumstances and context of their organization. In short, this is an essential publication prepared by a Technical Committee of experts who have put their experience and knowledge at the service of the whole profession and we would like to
express our gratitude for their work and dedication.
This document outlines key questions to understanding why the cyber security perimeter has expanded, its connection with other risks, the greatest threats, the costs of a cyberattack and what can help to mitigate it.
The question is not whether there will be attacks, but when. We need to be prepared.
Stakeholders must be able to rely on internal audit’s independent, objective, and competent assurance services to verify whether organizational cybersecurity operations controls are well-designed and effectively and efficiently implemented.
The internal audit activity adds value when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT and IS functions.
Denne modenhetsmodellen for virksomhetsstyring (Modenhetsmodellen) er ment som et verktøy og hjelpemiddel for å kartlegge hvilket nivå man ligger på i styringen av virksomheten, altså modenhet i virksomhetsstyringen. Bruk av modellen kan gi innsikt i virksomhetens nåsituasjon og skape grunnlag for forbedring, og dermed bidra til virksomhetens måloppnåelse.
Part 3 of this series addresses how internal auditors can better identify and evaluate ESG risks within their own organizations, as well as provides real-world strategies employed by internal audit functions currently in the field.
Michelle Uwasomba, Principal, Consulting Enterprise Risk Practice, and Shannon Roberts, Principal, Climate Change and Sustainability Services Practice, of Ernst & Young LLP (EY US) share some of their experiences in supporting companies in the development and execution of management programs to identify, assess, and respond to ESG risks (both upside and downside).
See also The ESG Landscape part 1: Understanding ESG Reporting Standards in 2022 and Beyond
Read The ESG Landscaper Part 2: Implementation, reporting, and internal audit’s role
Internal Auditors’ Views on Risks, Responsibilities, and Opportunities.
The Internal Audit Foundation and Crowe conducted a survey among chief audit executives (CAEs) and audit directors to develop a better understanding of organizations’ data protection policies and practices. And the results? Riveting! Download the second in a three-part series to sharpen your POV.
As the second part of a three-part series of research activities, this report builds on a foundation laid in early 2020 with the publication of “Privacy and Data Protection Part 1: Internal Audit’s Role in Establishing a Resilient Framework.” Where the stated purpose of that report was to assist internal auditors in assessing their current level of preparedness regarding privacy and data protection issues, the purpose of this report is to present the findings of an Internal Audit Foundation (Foundation) survey and field interviews to examine how internal audit as a profession is responding to these issues.
Implementation, reporting, and internal audit’s role
The need for independent assurance on the design and efficacy of ESG-related processes and controls will soon be essential to the work of internal audit. As such, internal auditors should be prepared to act confidently and authoritatively in support of their organizations’ ESG efforts. In Part 2 of this series we examine implementation, reporting and internal audit’s role.
See also The ESG Landscape part 1: Understanding ESG Reporting Standards in 2022 and Beyond
Understanding ESG Reporting Standards in 2022 and Beyond.
This knowledge brief discusses the major frameworks being used to manage ESG risk, along with regulatory concerns and reporting initiatives. The intent is to offer practitioners perspective on the eSG landscape and provide a roadmap for internal auditors as they solidify their role in their organizations’ ESG journeys.
Read The ESG Landscaper Part 2: Implementation, reporting, and internal audit’s role
