Analyzing the Impact of 2020 on Internal Audit Function’s Implementation of Technology
In November 2020, the Internal Audit Foundation, in collaboration with AuditBoard, conducted a survey to understand how internal audit leveraged technology to respond to the year’s challenging and fast-changing conditions, in addition to examining how technology was used prior to the pandemic. The survey was distributed in North America to chief audit executives (CAEs), directors, and managers working in the internal audit profession; 134 responses were received.
- The survey was designed to gather data and provide answers to the following questions:
- How has technology helped internal audit functions adapt to rapidly changing conditions in 2020?
- Have internal audit functions accelerated, decelerated, or otherwise changed their current use or intended adoption of new technology in response to the conditions of 2020?
- What is the most effective type of technology for helping internal audit functions succeed in their response to changing conditions?
- The survey compared and contrasted internal audit’s use of five types of technology to enable collaboration, communication, and productivity:
1) manual (spreadsheets, email, shared drives, and SharePoint)
2) on-premise audit management software
3) cloud-based audit management software
4) on-premise governance, risk management, and compliance (GRC) software
5) cloud based GRC software.
ON INTERNAL AUDITING IN THE INSURANCE INDUSTRY
The Covid-19 pandemic has been the most significant disruptive event for decades, impacting the political, social and economic environment of insurance companies for years to come. It has been a catalyst for several distinct pre-existing macro trends: use of technology, workforce and ESG (sustainability).
This paper is the result of discussions within the ECIIA Insurance Committee, in collaboration with James Fisher, Global Head of Professional Practice at AXA and Antonella Loffredo, Senior Internal Auditor at Assicurazioni Generali
This paper addresses the following topics:
- Impact of macro trends: on insurance and Internal Audit, focusing on those directly resulting from the Covid-19 pandemic
- Reaffirming the Purpose of Internal Audit: Judgement at the Core of Audit Assurance
- Impact of the New Ways of Working: Environment and risks
- Remote Auditing: Opportunities, Audit needs and limits
- Future of Audit Work in the light of process automation and remote working
As conclusion, it is not easy to predict the degree of remote working in the future but it is likely that a balanced model (hybrid) between physical and remote working will apply. It is important for internal audit to be flexible and adapt its way of working to remain closely associated with stakeholders and follow the model of the management. It is a key condition to provide effective assurance and added value.
Systematisk, effektiv og hensiktsmessig styring av virksomheten er avgjørende for at den skal kunne nå sine mål. I denne veilederen identifiseres komponenter som er sentrale for at virksomheten skal kunne ha god styring, overlevelsesevne og suksess over tid. Det gis også forslag til praktisk tilnærming til hver komponent. Tanken bak komponentene er at de bidrar til å bygge og opprettholde en robust og varig virksomhet med evne til å tilpasse seg ulike og skiftende rammebetingelser.
Veilederen er ingen lærebok, og den er heller ikke utformet for å dekke alle detaljkrav i bransje- og sektorspesifikk lovgivning og regulering. Komponentene vil dekke mange av disse kravene, men ikke nødvendigvis alle. Brukere av veilederen vil derfor måtte tilpasse de ulike komponentene til detaljkrav i egen bransje og sektor, og til virksomhetens størrelse, kompleksitet, organisasjonskultur m.m. Veilederen gir rom for fleksibilitet i anvendelsen.
The IIA has launched a new tool created specifically to provide boards and audit committees with the instrument they need to assess the quality of their internal audit activity. Don’t just guess, assess your organization’s internal audit activity with the new Internal Audit Assessment Tool.
This assessment tool offers suggestions for issues to be addressed in an evaluation based on established best practices. It is not intended as mandatory guidance, but rather as a resource that boards and audit committees can use in whole or in part to explore:
- The quality of the services the company is receiving from IA and the sufficiency of resources at its disposal.
- The level of communication and interaction with the IA team.
- The independence, objectivity, and skepticism of the IA team.
Each section includes a series of questions in fundamental areas that boards, audit committees, and others can ask to better understand the IA activity and to develop their own plans for enhancing the input and value of this important area.
How to tackle associated risks and harness opportunities?
This Practical Guidance is part of the Risk in Focus 2021 publication.
Environmental challenges are of a growing importance for all organisations. It is undeniable that this is now a strategic preoccupation for all organisations, encouraged by their internal and external stakeholders – to become more resilient to environmental risks and to directly contribute to the environmental sustainability of our society. In fact, the risk is already proven, the consequences on businesses are measurable. Sustainable Development Goals (SDGs) are increasingly being adopted.
There is growing attention amongst all stakeholders (from investors to clients) on how ESG (Environment, Social and Governance) matters are integrated into business activities. Non-financial and financial information is now considered as an integrated component to measure what is called the multi-capital performance of organisations. Internal auditors have measured the importance of climate change and environmental risks. In Risk in Focus 2021, 22% of CAEs cited climate change and environmental sustainability as one of their organisation’s top five risks, a more than 50% increase on the 14% who said the same in last year’s Risk in Focus survey. Moreover, 41% of CAEs are anticipating it being a top five risk in three years’ time. No other risk area is expected to gain more in priority over this period.
The guidance explains to internal auditors how they can assist organisations in this area.
Global Perspectives and Insights: An Important Tool for the Success of Every Organization
The IIA’s report, “The Three Lines Model – An Important Tool for the Success of Every Organization,” outlines essential governance elements and answers questions about implementing The Three Lines Model in different industries, with a focus on accountability, actions, and assurance and advice. Any organization, anywhere can succeed when applying the core elements essential for good governance.
An IIA Global Brief: IT must adapt to new threats and challenges
IT departments within organizations face a constant challenge in dealing with an ever-evolving threat landscape involving the technology used by its employees. The COVID-19 pandemic forced enormous changes in the modern workplace that made this challenge substantially more complex.
Even before this radical change, the stakes and potential losses were huge. According to the FBI, organizations in 2019 lost $1.7 billion to email phishing scams alone. On an enterprise level, the risks were underscored in news reports that hackers stole the usernames and passwords, along with the IP addresses, of more than 900 VPN enterprise servers. According to ZDNet, the information was shared on a hacker forum frequented by ransomware gangs.
Indeed, the threat landscape has grown greatly because of the work-from-home (WFH) scramble that ensued from the COVID-19 pandemic. Workers were suddenly displaced from their offices to their homes as organizations struggled to stay in operation. These employees, some of whom were not tech savvy, suddenly found they needed to become their own IT support desk, setting up their home office. At the same time, they were increasing their organizations’ exposure to potential risk in the process.
In this knowledge brief, Frank Vukovits, CIA, CISA, director of strategic partnerships at Fastpath; and Alex Meyer, director of dynamics AX/365FO development at Fastpath, discuss solutions and suggest free resources to help manage the IT security challenges a WFH environment presents.
Hvordan ta grep på IT-revisjoner, en introduksjon 28. januar 2021
This practical guidance is part of the Risk in Focus 2021 publication and addresses the key topic: macroeconomic and geopolitical uncertainty.
Its aim is to help practitioners learn from experienced professionals (experts, operational teams or internal audit) and, to offer practitioners useful reflections that we believe are of particular interest when auditing this topic.
About the guidance
33 % of the CAEs surveyed in Risk in Focus 2021 cited macroeconomic and geopolitical uncertainty as a top five risk, and 8 % say that this is the biggest single risk their company is currently exposed to. However, only 3 % say that this is an area where internal audit currently spends most time and effort.
Through this guidance, we have taken the opportunity to explore in greater detail how internal audit should approach macroeconomic and geopolitical uncertainty risks. Question is: what can internal audit do to ensure that the organisations they serve are prepared for these risks?
Practice Guide – Recommended Guidance
Market risk has always been considered a key risk for financial services organizations. Regulators and supervisors are focused on this risk, emphasizing the need for accurate models that can measure the capital impact of market activities on the financial viability of the institution.
These requirements and supervisors’ expanded expectations are giving internal audit a more relevant and active role in the assessment of market risk.
This guidance will enable internal auditors to understand:
- The importance of market risk in a financial services context.
- The regulatory environment and requirements related to market risk.
- The risk governance and risk management processes surrounding market risk.
- How to articulate the key components of market risk, including interest rate risk, equity risk, and foreign exchange risk.
- How to apply the IPPF and risk-based internal audit techniques to assess and audit market risk in their organizations.
APPLYING THE COSO ERM FRAMEWORK
Why this publication is needed?
Compliance risks are common and frequently material risks to achieving an organization’s objectives. For many years, compliance professionals have used a widely accepted framework for compliance and ethics (C&E) programs to prevent and timely detect noncompliance and other acts of wrongdoing. The COSO Enterprise Risk Management (ERM) Framework, meanwhile, has been used by risk and other professionals to identify and mitigate a variety of organizational risks, including compliance risks.
Compliance risks are those risks relating to possible violations of applicable laws, regulations, contractual terms, standards, or internal policies where such violation could result in direct or indirect financial liability, civil or criminal penalties, regulatory sanctions, or other negative effects for the organization or its personnel. Throughout this publication, “events” associated with compliance risks will be referred to as “noncompliance” or “compliance violations.”
