عرض العناصر حسب علامة : التدقيق الداخلي
الثلاثاء, 24 مايو 2022 08:24
إثبات المصداقية والكفاءة
يريد أرباب العمل موظفين يعتمدون على المهارات. هل تمتلك معرفة حالية بإطار الممارسات المهنية الدولية؟ CIA تمنحك ذلك. اختبار المدقق الداخلي المعتمد (CIA) عبر الإنترنت لفترة محدودة في عام 2021
معلومات إضافية
-
المحتوى بالإنجليزية
Prove Credibility & Proficiency
As the only globally recognized internal audit certification, becoming a Certified Internal Auditor® (CIA®) is the optimum way to communicate knowledge, skills, and competencies to effectively carry out professional responsibilities for any internal audit, anywhere in the world.
The CIA exam was updated in 2019 and is now available in 13 languages. With additional languages to be released in 2021, this is the perfect time to take a fresh look at CIA.
As a matter of fact, earning a professional internal audit credential is a critical step to being distinguished from your peers and will:
Enhance credibility and respect.
Sharpen skills and proficiencies.
Increase advancement and earning potential.
Demonstrate understanding and commitment.
Wherever your journey takes you, the CIA accelerates your success as a credible and proficient internal auditor. Join the over 170,000 CIAs in 170+ countries awarded the designation that adds immeasurable distinction with only three letters.
Get started now.
نشر في
شهادات مهنية
موسومة تحت
الأربعاء, 11 أغسطس 2021 15:01
ندوة عبر الإنترنت للمحترفين الشباب -الجزء 2: استراتيجيات لتكون أكثر استعدادًا وملاءمة واستجابة
معلومات إضافية
- البلد عالمي
- نوع الفعالية مجانا
- بداية الفعالية الخميس, 19 أغسطس 2021
- نهاية الفعالية الخميس, 19 أغسطس 2021
- التخصص مراجعة داخلية
- مكان الفعالية أونلاين
نشر في
فعاليات مهنية
موسومة تحت
الخميس, 05 أغسطس 2021 14:09
تقييم ممارسات التدقيق الداخلي عالميًا
تجري مؤسسة التدقيق الداخلي دراسة بحثية عالمية حول ممارسات التدقيق الداخلي.
معلومات إضافية
-
المحتوى بالإنجليزية
Assessing Internal Audit Practices Globally
Thank you for your interest and willingness to participate in this survey. It will take approximately 20 minutes to complete.
The purpose of this research is to establish a global snapshot of the practices of the internal audit profession, which will help The IIA review the current usage of the International Standards for the Professional Practice of Internal Auditing and plan for future development.
Please note that your responses are anonymous. In addition, information will only be reported in aggregate and we will only disclose general information about respondents. The outcome of this research will be shared with practitioners, academics, and stakeholders.
نشر في
موضوعات متنوعة
موسومة تحت
الإثنين, 28 مارس 2022 12:27
ما هو دور التدقيق الداخلي في "كبح جماح المخاطر الإلكترونية"؟
عامًا بعد عام، احتل الأمن السيبراني مكانة بارزة في سجلات المخاطر بالمنظمات. الأسباب بسيطة بما يكفي: تتطور المخاطر السيبرانية باستمرار، في حين أن مستوى الضرر الذي يمكن أن تتسبب فيه قد ازداد إلى حد أنها يمكن أن تشكل تهديدًا وجوديًا للشركات.
معلومات إضافية
-
المحتوى بالإنجليزية
Year on year, cybersecurity has featured prominently on organizations' risk registers. The reasons why are simple enough: Cyber risks are constantly evolving, while the level of harm they are capable of has grown to such an extent that they can pose an existential threat to businesses.
Unfortunately, rapid changes in technological risks are not necessarily being matched with increased IT awareness among executives, potentially fueling an unrealistic (and unjustified) belief that organizations are adequately prepared to meet emerging cyber and IT threats. During The IIA's General Audit Management conference held in March, Nathan Anderson, senior director of internal audit at fast food chain McDonald's, warned that more times than not, management will have an overly confident take on the company's coverage of cybersecurity risks. "That's the kind of reassuring message you often want to give to a board, but in many cases … the level of confidence might be above what is justified," Anderson said.
Now more than ever, internal auditors need to understand and continually stay abreast of cyber threats. They must also understand what those charged with cybersecurity are doing to manage risks, what measures business unit leaders are taking, how well employees are complying with established procedures, and where vulnerabilities may lie in the extended enterprise.
Securing the Supply Chain
The recent hack on U.S. tech firm SolarWinds has shown just how vulnerable companies and their supply chains can be. The cyberattack — believed to have been conducted by Russian hackers and which went undetected for months — spread to the company's clients and allowed the attackers to spy on their activities: a serious problem when the client list includes the elite cybersecurity firm FireEye and the upper echelons of the U.S. government, including the Department of Homeland Security and Treasury Department. The high-profile hack prompted U.S. President Biden to issue an executive order for federal agencies to address supply chain security throughout the life cycle of software procured and used by the government. The message is clear: Software security vulnerabilities in one organization can open doors to others if preventive measures aren't taken.
Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center in Mountain View, Calif., says over the past year software supply chain attacks have become "one of the most significant cyberthreats" organizations face. As such, he says, internal auditors should be pushing for the risk to be part of their cybersecurity reviews, if it isn't already included. In particular, internal auditors should check how much of an IT application or program is based on open-source software, he says. These are freely downloadable software components that account for the majority of code in commercial applications because they don't cost any money. Unfortunately, Mackey says, these components can easily bypass the normal vetting processes that an IT vendor would use if it were developing its own software, which means vulnerabilities are likely.
The best way to gain assurance, he says, is to attain a full inventory of software assets "to identify if there are any unpatched open source vulnerabilities, but more importantly to also identify if there are missing updates or patches" to keep the organization's IT infrastructure and data safe. Indeed, ineffective patch management policies are often cited as one of the key IT threats to organizations as IT departments either forget to check for patches, or employees ignore calls to download and install them.
Experts agree that third-party IT security flaws pose serious risks to organizations and therefore require a robust preventive response — with internal audit providing strong input. Shawn Chaput, strategy consultant at cybersecurity management and strategy consulting business Privity in Vancouver, British Columbia, says there are several key risks that should be on internal audit's radar, particularly around the use of cloud services and other third-party IT service providers.
Identity and Access Management Chaput says organizations' increasing reliance on identity and access management programs has become the most important risk since cloud computing came to prominence. "As everyone moved to the cloud or started working from home, organizations had to adapt to this new 'zero trust' architecture where identity is the new perimeter," Chaput says. Though unfortunately, he says, these measures often fall short. "Even with authenticating individuals and hardware, phishing and spear-phishing appears to be highly effective in exploiting this decentralization of cybersecurity and granting nefarious actors unauthorized access to company funds or administrative access to cloud infrastructure," Chaput says.
Supplier Management Supplier or third-party management program deficiencies is another key risk area. According to Chaput, with the transition to cloud services, organizations are more reliant on third parties to do the tasks they're supposed to, including handling data security. However, auditors should read the small print first. "The fact that clients may expect a cloud service provider (CSP) to do something and they don't is where due diligence prior to contract signing is important," he says. "The other relevant part of supplier management is the portability of the data you send to the CSP and whether you can actually get it back in some reasonable and useful format. Additionally, there is an increasing possibility that your CSP will be subject to a data breach of some sort — how you handle that needs to be determined well before it happens. The importance of this risk has increased, specifically since the SolarWinds hack."
Chaput says the risk of a service provider having a breach — and what the organization should do if that happens — should also be on every internal auditor's cybersecurity risk agenda. "If you're not expecting to have a breach or for one of your major service providers to have a breach, you haven't been paying attention," Chaput explains. To mitigate the risk, he says, organizations need to consider how they should respond to the incident, how they should communicate the news internally and externally, and whether they need to switch providers immediately.
Data Classification Internal auditors also should question the levels of security their organizations give to certain kinds of data they store in the cloud, Chaput says. "Many of our clients who use cloud service providers say 'we protect all of our data as though it is the highest sensitivity' instead of classifying and labeling the data to allow it to have different levels of security controls," he says. "If you don't classify your data, you're either underprotecting some of your data or overprotecting most of your data — and paying significantly more to the CSP than you need to."
Talent Deficiencies Ultimately, Chaput says, the fact that the cloud encompasses so many different technologies and services lends itself to another difficult risk for organizations to manage — finding and retaining IT staff familiar with constantly evolving technology. "It used to be that you'd hire an individual based on their experience with a specific enterprise resource planning package, like SAP, or with some deep technical knowledge in a vendor platform like Cisco routing and switching," he says. "Now, it's different: You're hiring someone today to use something that may not actually exist yet but will become a dominant feature of your environment in less than a year." Chaput adds that the impact of such skills shortages "has been increasing substantially over the last few years as technology changes accelerate."
Get to Know the Technology Team
The ever-changing nature of cybersecurity threats means that internal audit needs to understand not only technology, but also the people in charge of implementing, overseeing, and using it. "If internal audit is to understand technological risks, it has to understand technology," says Kamal Dua, senior vice president and chief audit executive at U.S. defense, aviation, IT, and biomedical research company Leidos in Reston, Va. Likewise, he says, if the profession is to help mitigate cybersecurity risks, it needs to know how the chief information officer (CIO) and the chief information security officer (CISO) identify and mitigate these challenges and the approach they take to cyber risk management.
"Internal audit needs to talk with and get to know the CIO and the CISO," Dua says. "Internal auditors need to understand how these functions work, and they need to form a deep and trusting relationship with them to provide the appropriate level of assurance to the company that cybersecurity risks are being properly identified, prioritized, and mitigated."
He also says internal audit has a strong role to play in establishing a solid response to cybersecurity risks. Working alongside other assurance functions such as enterprise risk management (ERM) and, in his organization, the cyber counsel, Dua says organizations should establish — and regularly review and update — a cybersecurity risk framework, as well as examine the governance around the organization's IT architecture and cybersecurity risks. Moreover, he says, internal audit should review the cybersecurity policies and standards in place to see if they are appropriately aligned to the corporation's risk tolerance and whether they are understood and circulated internally. After reviewing the organization's risk registers, internal audit also should develop a heat map to see where critical cyber risks may appear, what impact they could have on operations, and how the risks are being mitigated.
"It is important for internal audit to understand the company's ERM program, as well as understand where cybersecurity appears in the organization's risk heat map," Dua says. "You also need to develop a cyber risk assessment plan to assess what actions management is taking to mitigate cybersecurity risks and whether these need to be improved. At times internal audit functions can struggle to do this because they don't have the necessary level of in-house talent."
Dua adds that audit functions often presume IT auditors have the knowledge and skills required to audit cybersecurity, even when those skills are lacking. "It is important for IT auditors to continuously upgrade their skills by obtaining academic qualifications or professional certifications that are focused on identifying and managing cybersecurity risks," he says.
Some believe organizations should adopt a mix of low-tech and high-tech approaches to combat cybersecurity risks. In terms of low-tech, Jane Loginova, CEO of Radar Payments in London, says internal auditors should first focus on the "basics" — namely, ensuring that security policies are enforced internally and across channels and distributed networks, including core and cloud networks. "A lot of risk can be minimized by conducting regular checks and plugging security holes, settling on a unified security framework based on interoperability, centralizing visibility and control, segmenting the network to restrict the fluidity of malware, and deep integration," she says.
In terms of high-tech, she advises organizations to invest in artificial intelligence (AI) capabilities. "Investing in AI-based security systems can significantly reduce digital attacks and spot suspicious activity," she says. "The best ones are integrated with artificial neural networks, which combined with deep-learning models can speed up data analysis and decision-making. The technology also enables the network to nimbly adapt to new information it encounters in the network."
Faults on the Front Line
Still, not all cybersecurity risks are technologically complicated. Indeed, the most often cited cybersecurity threat is from people — usually employees — ignoring protocols or using the technology incorrectly.
Mark Guntrip, senior director, cybersecurity strategy, at cloud security firm Menlo Security in Mountain View, Calif., says one of the biggest cybersecurity challenges is end users circumventing security. "Companies put in place the security policies that they consider necessary to manage risk," he says. "However, if end users perceive policies as impacting their ability to get their job done, it's highly likely that they will attempt to work around the controls — not in a way to try and steal data or with any bad intention, but in fact to help the company, which puts security teams at a disadvantage." To address this problem, Guntrip says organizations should look to implement solutions that are "invisible" to end users. "Security that cannot be seen or felt cannot be circumvented," he says.
Simon Hodgkinson, senior development director at IT security management specialist Reliance acsn in London, says internal audit must push for effective leadership from the top. "It should be clear everyone is accountable for cybersecurity, much like safety, and this should not be viewed as a problem the security team owns alone," he says. "The leadership team should sponsor behavioral awareness campaigns, and the board and executive team should regularly undertake crisis exercising for a cyber event."
Hodgkinson adds that CAEs should work more closely with CISOs to jointly develop the internal audit plan and target resources to areas of the most concern and risk to the company. "Having the CAE and the CISO articulating a consistent and coherent view of the risk to the executive team and audit committee is a powerful way of balancing cyber and operational risk," he says.
Other experts agree that effective cybersecurity requires a strong "human touch." George Finney, chief security officer at Southern Methodist University in Dallas, says forming strong relationships more widely is vital if internal audit is going to play a key role in improving cybersecurity risk management and resilience. "Relationships are our most important currency when it comes to effective change," he says. "Employees are the biggest threat surface in an organization — but they are also the ones on the front lines that are in the best position to understand the business and what controls will work in the real world."
Partnering With Business Units
Finney says it is also important for internal audit to develop relationships with department heads. "While talking to the IT department is obviously a good start, it is also important to talk to other department heads," he says. "What IT risks have they identified and prioritized? What methodologies were used to assess these risks? And are they the same as those that the IT department has identified? If other department heads invite internal audit in to help with project reviews and to test risk controls, it sends a signal throughout the rest of the organization that the audit function is one to call in a crisis — and that is a huge win."
In fact, Finney says one of the cornerstones to any successful cybersecurity risk management policy is to get enterprisewide buy-in. "I don't go out with a checklist and tell people where they are going wrong — I see every meeting/review as an opportunity to plan more effectively and to improve," he says. "It is more important to understand the thinking behind why people have taken the actions and decisions they have. If you approach audits from a positive perspective — rather than from the 'internal policeman' approach — you get fuller engagement."
Finney says that since cybersecurity is such a key risk to every organization, it "should be used as an opportunity by internal audit to push for executive support for initiatives that you know need to happen." And he adds that when internal audit assesses cybersecurity policies and controls in different areas of the organization, it presents an opportunity to build relationships with clients. "We don't want people to be afraid of internal audit: We want them to partner with us and collaborate to improve."
An Ongoing Threat
Cybersecurity risks are here to stay — and they will continue to evolve, constantly calling into question controls and procedures put in place to minimize and mitigate the dangers. Recent high-profile hacks and other IT security disasters should remind internal audit to widen its focus away from just the technology to other equally dangerous aspects of cybersecurity risk, such as policy noncompliance among employees or lack of third-party cyber-resiliency. They should also be a reminder of vulnerabilities that could appear anywhere in the organization and the importance of collaborative effort. Internal audit can help bind together different parts of the enterprise to form a unified front against cyber threats and help keep the organization protected from would-be attackers.
نشر في
تكنولوجيا المعلومات
الإثنين, 26 يوليو 2021 14:21
تحديد عائد الاستثمار للتدقيق الداخلي
يمكن أن يساعد تحليل التكلفة والعائد على مستوى الأقسام في قياس التدقيق الداخلي وإيصال قيمته.
معلومات إضافية
-
المحتوى بالإنجليزية
Like all departments in an organization, internal audit is an investment expected to yield a meaningful return. But unlike departments where return on investment (ROI) is easily calculated and traceable to the bottom line, internal audit is challenged to assess the inherently qualitative benefits of its work — such as compliance with laws, risk mitigation, process improvements, or providing management with peace of mind via assurance — against the quantitative costs it incurs, such as payroll, travel, software, and training expenses.
While each internal audit function faces different perceptions and unique expectations of value, internal audit teams can use a cost-benefit analysis to measure, drive, and communicate their value, and, ultimately, their ROI.
COST-BENEFIT ANALYSIS
Completing a departmental cost-benefit analysis is a way to address stakeholder misconceptions and skepticism over internal audit’s value, and in some instances, help make the case against cosourcing or outsourcing the function altogether. Similar to the divisional profit and loss statements seen throughout an organization, a cost-benefit analysis can provide tangible, quantitative evidence of internal audit’s value and overall ROI.
While each internal audit function’s cost structures, value streams, goals, and key performance indicators (KPIs) will vary, the cost-benefit analysis should incorporate current and planned monetary and nonmonetary benefits and controllable costs.
Monetary Benefits These benefits can take various forms — including cost savings and revenue recoveries — and are most likely to garner stakeholder interest and promote further usage of, and investment in, the internal audit function.
Cost savings can be divided into two categories: savings realized directly by internal audit and savings realized by the business as the result of internal audit’s work. The first category can include external audit fee reductions achieved through reliance on internal audit’s work. Cost reductions implemented within the internal audit department, itself, such as for travel or audit cosourcing fees, will be reflected as reductions to the controllable costs section of the analysis as opposed to increased monetary benefits. The second category may include data analyses and subsequent recommendations. For example, an internal audit team at a global manufacturing firm performed analytics on the company’s accounts payable data, which resulted in the discovery of $500,000 in various duplicate payments and unclaimed vendor credits. Through internal audit’s research and communications with the accounts payable team, the company subsequently realized $400,000 of those credits, which internal audit would then factor into its monetary benefit calculation.
Internal audit also can perform engagements that lead to funds recovery, most commonly through contract compliance audits. For example, if a company has licensing agreements with various international partners to distribute and sell its branded product, the licensor may receive royalties, which are typically based on a percentage of sales. Additionally, the licensing agreement may have minimum payment or performance requirements that stipulate additional compensation to the licensor if not met. In this instance, if the agreement contains an appropriate right-to-audit clause, internal audit can review the licensing agreement, compare it to historical schedules and payments received, request additional detail from the licensee to validate reported numbers, and, in the event of discrepancies, work with the business to ensure the collection of additional amounts owed.
Nonmonetary Benefits The inability to measure a benefit’s monetary impact should not preclude it from being tracked and reported to interested stakeholders, especially if it can be quantified in other ways. For instance, if internal audit conducts training on data gathering and analytical techniques that results in future time savings for the participants, then the cost-benefit analysis should include the training hours and resulting time savings as nonmonetary benefits.
While nonmonetary benefits will not alter the net monetary surplus or deficit, they should be included in a companion schedule. Tracking and reporting nonmonetary benefits will not only raise stakeholder awareness of internal audit’s many value streams, but it will also provide important context that the department’s value is not limited to the list of monetary benefits reported.
Planned Benefits As is common in investing, an ROI goal may not be achievable in the short term. Similarly, an internal audit function, particularly a new and growing one, should not limit its cost-benefit analysis or ROI goals to a single year. Rather, a growing team may expect to incur additional costs and further invest in personnel and tools over multiple years and use them to deliver greater value in the long run.
In these cases, a cost-benefit analysis with only a one-year view may reveal a far bleaker picture than reality. While conventional budgetary reporting uses quarterly and annual views, a longer term cost-benefit analysis may paint a more accurate picture of the internal audit function and its trajectory. In “Cost-Benefit and ROI of a Global Manufacturing Firm’s Internal Audit Department: 2020–2022” (at right), the internal audit function appears to be operating at a deficit, or at least from a monetary cost-benefit perspective. However, due to investments in personnel and technology that continue to expand the department’s value-added service offerings and improve the depth and quality of work, a positive and sustainable ROI is expected to begin the following year.
While it may not be possible to fully anticipate and quantify the future benefits an internal audit team will provide, the cost-benefit analysis provides an opportunity to outline its planned benefits, which can be estimated based on a combination of goals, extrapolation of current or forecasted benefit run rates, and opportunities identified during pre-engagement risk assessments. As in any forecast, the cost-benefit analysis should document the rationale for key assumptions that support future estimates.
Not only can a long-term outlook on internal audit’s value positively impact stakeholder perceptions and increase use of the function, it also can lead to further investment in internal audit to ensure realization or an increase of anticipated returns.
Controllable Costs Every internal audit function incurs costs. Some are direct and under its control, such as payroll, travel, professional memberships, training, software, and consulting, while others are indirect and outside its control, such as the department’s allocation of rent, utilities, insurance, and shared services. To avoid unnecessary dilution of the department’s true net benefit and ROI, the analysis should focus on direct and controllable costs. The rationale is that the chief audit executive (CAE) can budget and manage controllable costs, whereas indirect, fixed-cost allocations are likely to be incurred by the company, regardless of internal audit. As a caveat, the analysis should not disregard shared costs that are variably tied to internal audit’s resource consumption. For instance, if the company uses a cloud-based enterprise resource planning system, and pays per license (vs. fixed fee), then those costs would be considered direct and controllable and should be a part of internal audit’s costs in the analysis.
EVALUATE RESULTS
First and foremost, the cost-benefit analysis should be used as an internal benchmarking and planning tool. After the initial analysis, an internal audit team may discover that its costs currently exceed its benefits. The results, either surprising or expected, present a valuable opportunity for root-cause analysis and subsequent goal setting.
The deficit may be caused by cost management, limitations on the extent of value-added projects the team can perform, quality of execution, or the inability to adequately quantify the monetary impact of its value. Regardless of the cause, CAEs can refocus their team’s efforts on addressing these shortfalls and taking steps to improve them. The CAE can use the initial 2020 cost-benefit analysis results in the chart above to further manage costs and establish goals and KPIs on the benefits side. Additionally, if the department determines that its total benefits are falling short, it can revisit its current project plan and ascertain whether different, higher value projects are necessary, provided they continue to align with key risks and board expectations, or consider expanding the scopes of current projects with higher value potential.
The cost-benefit should be an ongoing measurement of internal audit’s progress. If the team notes a deficit in its initial analysis, subsequent analyses may reveal encouraging signs of improvement. However, in the event of stalled progress, ongoing analysis can provide opportunities for further change and improvement.
As a caveat, internal audit’s cost-benefit and ROI analysis should not be tied to team member compensation or incentives, which could lead to conflicts of interest, impaired independence, and failure to objectively measure and report benefits. Additionally, to avoid inflation of internal audit’s reported benefits, the quantitative benefit values reported should be fully validated with the appropriate business stakeholders before finalizing.
Nonetheless, if the team remains committed to improvement and continues to measure progress and adjust as needed, the assessment results will continue to improve. Ultimately, these results can be shared with stakeholders as evidence of the department’s progress and increasing value to the organization.
COMMUNICATE VALUE
While every internal audit function faces unique perceptions and expectations of value, each one has a customized strategy for communicating value to stakeholders. Nonetheless, each strategy should consider three elements.
Target Audience Once internal audit has completed its cost-benefit analysis and has collectively agreed to share it with stakeholders, the target audience should be considered. The audience should include stakeholders that internal audit reports to directly, such as the CEO, chief financial officer, and audit committee. However, a broader audience, including various business unit leads, may be necessary, especially if those individuals are skeptical about internal audit’s value. That may include departments where internal audit would like to establish or expand its value-added services. Sharing these analyses with internal stakeholders and clients first can further validate results and assumptions, and lead to further revisions before sharing it with executive leadership, the audit committee, and the board.
Degree of Detail The degree of detail in a cost-benefit analysis will vary based on the stakeholder. For instance, executive leadership and the audit committee may be interested in just the total costs and monetary benefits along with a summary of key items and trends. Conversely, business unit leads may be more interested in the item-level detail of the projects impacting their areas along with past and planned benefits.
Basis for Assumptions Like other data models, a cost-benefit analysis of internal audit is both art and science. Some inputs are clear and easily measurable — such as payroll and travel expenses on the cost side or realized savings confirmed by the business on the benefits side — while others are more subjective and require assumptions.
Limiting the analysis to easily measurable elements may represent only a subset of internal audit’s actual value. Instead, the analysis should consider other nonmonetary, quantitative benefits, such as engagements completed, recommendations implemented, and time savings, or qualitative benefits, such as prevention of noncompliance with specific laws. In situations where it is possible to reasonably estimate the monetary impact of a benefit using consistent, logical, and documented assumptions, such items should be reflected in the analysis. For instance, if during an operational audit, internal audit identifies and provides training on automated reporting that saves the accounts receivable manager five hours a week, then those weekly time savings should be considered as reportable nonmonetary benefits. However, if the time savings achieved were applicable to part-time, hourly associates whose total workload was reduced as the result of the efficiencies realized, then the potential payroll savings could be classified as a monetary benefit.
A MEANINGFUL RETURN
Internal auditors are well aware of their function’s capabilities and potential to further drive organizational value, but many stakeholders remain skeptical due to a general lack of understanding about the function’s overall impact, particularly on the organization’s bottom line. While each audit function faces different stakeholder perceptions and challenges, each is an organizational investment expected to yield a meaningful return. Internal auditors can measure their controllable costs and benefits, set goals, and revisit their project mix to provide more value and, ultimately, report on these items to stakeholders to ensure common awareness of internal audit’s value and potential. Like any other investment, an internal audit function with a clear, meaningful, and sustainable ROI will garner widespread appreciation and merit continued investment.
نشر في
محاسبة و مراجعة
موسومة تحت
الأربعاء, 21 سبتمبر 2022 13:58
توسيع برنامج منحة التدقيق الداخلي
اعلان عن توسيع برنامج Elevate للمنح الدراسية ليشمل منح CIA الدراسية الجديدة القائمة على الجدارة والتي تغطي تكاليف التقديم والتدريب والاختبار! إذا كنت أنت أو أي شخص تعرفه قد يستفيد، تقدم بطلب اليوم!
معلومات إضافية
-
المحتوى بالإنجليزية
Elevate Internal Audit Scholarship Program
The IIA and AuditBoard are proud to support the internal audit community through the Elevate Internal Audit Scholarship.
Supporting The Internal Audit Community
Supporting The Internal Audit Community
Elevate is a scholarship program that provides access to training for internal auditors through need-based and merit-based application criteria.
نشر في
موضوعات متنوعة
الإثنين, 28 يونيو 2021 10:40
برنامج الدراسة الذاتية للمناهج الأساسية لمعهد المدققين الداخليين (IIA)
سيساعد برنامج الدراسة الذاتية للمناهج الأساسية التابع لمعهد المدققين الداخليين (IIA) المدققين الداخليين على تحقيق الكفاءات المطلوبة لتخطيط وتنفيذ مهام التدقيق الداخلي وإظهار السلطة والمصداقية والسلوك الأخلاقي الضروري لنشاط تدقيق داخلي قيم.
معلومات إضافية
-
المحتوى بالإنجليزية
*Sign in before adding bundle to cart*
Description
Understanding the value in the profession of internal auditing is the first step to becoming an effective internal auditor. The latest release of The IIA’s Competency Framework outlines competencies for professionalism, performance, environment, and leadership and communication. The IIA’s Core Curriculum Self-Study Program will help internal auditors achieve the competencies required to plan and perform internal audit engagements and demonstrate the authority, credibility and ethical conduct essential for a valuable internal audit activity.
This comprehensive program offers internal auditors the tools to successfully carry out the Mission of Internal audit. It provides a general understanding of the International Professional Practices Framework (IPPF) and the International Standards for the Professional Practice of Internal Auditing (Standards). The program provides guidance on contributing to the improvement of organizational governance, risk management, and control; promoting ethics and values to mitigate fraud; and applying The IIA’s Code of Ethics and rules of conduct. Further, this program provides guidance critical to engagement planning, considerations, objectives, and scope; engagement fieldwork; and engagement outcomes, and is in alignment with The IIA’s Implementation Guides, which thoroughly address internal auditing’s approaches, methodologies, and considerations.
Program Information
This 16.5 CPE program includes access to the following for 180 days:
Professionalism Competency:
Understanding the IPPF (1.0 CPE)
Mission of Internal Audit and the Internal Audit Charter (1.5 CPE)
Independence and Objectivity (1.0 CPE)
Proficiency and Due Professional Care (1.2 CPE)
Ethical Scenarios for Internal Auditors (1.2 CPE)
Ethical Behavior (1.6 CPE)
Performance Competency:
Organizational Governance (1.2 CPE).
Risk Management (1.4 CPE).
Internal Control (1.2 CPE).
Fraud (1.6 CPE).
Engagement Planning (1.2 CPE).
Engagement Fieldwork (1.2 CPE).
Engagement Outcomes (1.2 CPE)
نشر في
موضوعات متنوعة
الإثنين, 15 مارس 2021 13:45
دعم مهنة التدقيق الداخلي ونشر الوعي
مايو هو الشهر الدولي للتوعية حول التدقيق الداخلي
معلومات إضافية
-
المحتوى بالإنجليزية
Promoting the Profession and Building Awareness
Promoting the Profession and Building Awareness
May is International Internal Audit Awareness Month
The IIA offers customizable tools, planning resources, and thought-provoking content to help advocate for and build awareness of the internal audit profession. Access our outstanding awareness toolkit, position papers, and thought leadership during May, International Internal Audit Awareness Month, and all year. Read more about those successes.
Building AwarenessAwareness Month Toolkit
Access creative ideas, tips, and easy-to-use tools and templates to promote the value of internal audit!
Download now.
Download the Building Awareness Champion form.
Remember to also promote the profession on your favorite social media channels. Check out our Facebook page to see photos of what others are doing to celebrate International Internal Audit Awareness Month, and join in the conversation on Twitter at #IIAMay.
2020 Building Awareness Champions
Congratulations to our 2020 Building Awareness Champions!
Rising to the challenges presented by a global pandemic, these Affiliates and Chapters promoted the internal audit profession beginning in May during International Internal Audit Awareness Month and continuing in the months following. Through a variety of virtual events and awareness campaigns designed to inform and engage, they shared their passion for internal auditing, raising awareness of the profession and helping stakeholders understand the value of internal audit in their organizations. Read more about those successes.
IIA–Guatemala
IIA–Haiti
IIA–Korea
IIA–Lebanon
IIA–Nicaragua
IIA–Palm Beach County Chapter
IIA–Panama
IIA–Paraguay
IIA–Philippines
IIA–Singapore
IIA–Sweden
IIA–Turkey
UAE IAA
IIA–Uganda
IIA–Uruguay
IIA–Vancouver Chapter
IIA–Venezuela
IIA–Argentina
IIA–Bahamas Chapter
IIA–Bangladesh
IIA–Belgium
IIA–Brazil
IIA–Calgary Chapter
IIA–Chile
IIA–Chinese Taiwan
IIA–Colombia
IIA–Costa Rica
IIA–Cyprus
IIA–Dominican Republic
IIA–Ecuador
IIA–El Salvador
IIA–Finland
FLAI
IIA–Greece
Promoting the Profession and Building Awareness Resources
Advocacy Resources
Position Papers
Position Papers
Share thought-provoking content to inform and educate stakeholders on issues of importance.
Download now.
Thought Leadership
Thought Leadership
Get a complimentary subscription to Tone at the Top, a newsletter covering all governance-related topics.
Subscribe today.
Informational Resources
20 Ideas for Getting the Word to Students About Internal Auditing
Adding Value Across the Board Brochure
This brochure addresses how internal auditing contributes to strong corporate governance.
All in a Day's Work Brochure
This brochure addresses the varied roles of internal auditors.
Getting to Know Internal Auditing
This PowerPoint presentation provides and overview of the internal audit profession. It compares internal audits to financial statement audits and identifies internal audit stakeholders, ideal reporting relationships, and more.
Global Fact Sheet
Internal Audit Legislative and Regulatory Guidelines
US Fact Sheet
Value of Internal Auditing: Assurance, Insight, Objectivity
This PowerPoint presentation describes the value of internal auditing to stakeholders.
Actionable Resources
An Elected Official at Your Event
This document offers tips on how to get an elected official to attend your IIA event.
Awareness Month Poster
You can display this Awareness Month poster in your office during May to remind everyone to "Shout It Out!"
Building Internal Audit Awareness Poster
International Internal Audit Awareness Month banner image
This graphic serves as a reminder to celebrate International Internal Audit Awareness Month during May.
International Internal Audit Awareness Month Logo (Optimized for the Web)
This 750 pixel PNG image has been optimized for the web.
International Internal Audit Awareness Month Logo (Print Quality)
This 750 pixel JPG image is suitable for printing.
International Internal Audit Awareness Month Reminder Message
Media Relations Primer
This document provides guidance for working with the media and includes tips for establishing spokespersons, suggested topics to pitch to the media, tips for publicity, steps for making a media pitch, and additional guidance for spokespersons.
News Release Tips and Sample News Release Template
This document features tips on how to prepare a news release and includes a sample template for a news release.
Proclamation Guidelines and Procedures
This document outlines the recommended guidelines and procedures for requesting a proclamation.
Sample Lesson Plan
Sample Letter to the Editor
This is an example of an opinion editorial (op-ed) article that promotes internal auditing. It was published in a local newspaper in Orlando, Fla.
Stakeholders' Panel Discussion
This document includes steps for holding a stakeholder panel discussion during an IIA chapter meeting.
Suggested Wording for the Proclamation
This template offers suggested wording for a special proclamation recognizing May as International Internal Audit Awareness Month from your state governor, city major, head of state, or other well-known official.
Your Internal Audit Team
This PowerPoint presentation helps you explain to others in your organization what they can expect from your internal audit team.
نشر في
محاسبة و مراجعة
الأربعاء, 21 سبتمبر 2022 12:58
قم بتدريب فريق التدقيق الداخلي الخاص بك!
قم بتدريب فريق التدقيق الداخلي الخاص بك عن طريق تجميع أي مجموعة من الخيارات عبر الإنترنت مع مجموعة تدريب IIA
معلومات إضافية
-
المحتوى بالإنجليزية
IIA Group Training: Get on Board
Refocus on Your Team in 2021 With IIA Group Training
Train your team by bundling any combination of online options with IIA Group Training. We’ll even bring IIA Training to your location. No matter what your team development needs, The IIA will tailor our training to meet your goals with the latest talent assessment tools and professional development techniques — all based on The IIA’s Internal Audit Competency Framework©.
Our process is proven. Your results will be renowned.
01 Assess 02 Identify 03 Create
Quality Assurance and Improvement Program (QAIP) Training Needs Based on Competency Framework Tailored and Flexible Team Development Plan
Evaluate your internal audit department’s Quality Assurance and Improvement Program (QAIP) every five years to:
Meet requirements of the Standards
Adhere to the Code of Ethics
Identify areas for improvement
Build a QAIP
Sustain an existing QAIP
Receive a tailored talent development plan based on individual and team needs – all aligned with the Competency Framework to:
Maintain a consistent learning pathway
Operate from the same “playbook”
Strengthen competencies
Hit your goals
Get tailored delivery options — livestreaming, on-demand, or a combination — for the latest courses, including:
NEW! Examining Cybersecurity Concepts
NEW! Assessing Ethics in Your Organization
CIA Exam Preparation Instructor-led Course Part 1: Essentials of Internal Auditing
CIA Exam Preparation Instructor-led Course Part 2: Practice of Internal Auditing
CIA Exam Preparation Instructor-led Course Part 3: Business Knowledge for Internal Auditing
Learn More Group Training Inquiry Group Trainng Inquiry
blue gradient rule
Get on board.
Discover all the benefits of group training
Internal Audit Competency FrameworkFill Skill Gaps With Competencies
NEW! The IIA’s Internal Audit Competency Framework© provides clear and concise professional development pathways, tools, and techniques that evolve with current risk environment and career level. Audit leaders and CAEs can use it as an onboarding resource and multi-year training plan to fill skill gaps.
We’ve mapped it out. You can make it work.
نشر في
موضوعات متنوعة
الأربعاء, 10 فبراير 2021 15:24
برامج جوائز معهد المدققين الداخليين IIA
تعرف برامج الجوائز العديدة بالمساهمات في مهنة التدقيق الداخلي ومعهد المدققين الداخليين في مجالات مثل الخدمة والبحث والشهادة والكتابة لمنشورات معهد المدققين الداخليين
معلومات إضافية
-
المحتوى بالإنجليزية
IIA Awards Programs
Numerous awards programs recognize contributions to the internal audit profession and The IIA in areas such as service, research, certification, and writing for IIA publications.
Service/Recognition Awards
2021 Call for Global Service Award Nominations is now open through 12 February 2021.
Call for Award Nominations
Nomination Form
William G. Bishop III, CIA Lifetime Achievement Award
The William G. Bishop III, CIA Lifetime Achievement Award was established to recognize individual members who, through a lifetime of accomplishments and dedication to The IIA, have impacted the practice of internal auditing, advanced the awareness of The IIA, and inspired professionals around the world to make a difference in our profession and in the organizations we serve.
Victor Z. Brink Award for Distinguished Service
The Victor Z. Brink Award for Distinguished Service was established to recognize individuals who, over time, have given extraordinary service to the profession of internal auditing through participation in the activities of The IIA.
Bradford Cadmus Memorial Award
The Bradford Cadmus Memorial Award is a tribute to the memory of Bradford Cadmus — author, educator, researcher, and the first managing director of The Institute.
Research Awards
Michael J. Barrett Doctoral Dissertation Grant
To encourage internal audit studies by doctoral candidates, The Internal Audit Foundation offers the Michael J. Barrett Doctoral Dissertation Grant.
Esther R. Sawyer Research Award
The annual Esther R. Sawyer Research Award from the Internal Audit Foundation is granted to an individual entering or currently enrolled at the undergraduate or graduate level or who has completed a program in internal auditing at a participating Internal Auditing Education Partnership (IAEP) program school. The award is based on submission of an original manuscript on a specific topic related to modern internal auditing.
Larry Sawyer Research Foundation Project of the Year Award
The annual Larry Sawyer Research Foundation Project of the Year Award recognizes a published research or educational project that most closely aligns with Larry Sawyer’s vision of moving the profession forward by addressing an emerging issue relevant to internal audit. A committee made up of members of the Research Foundation Board of Trustees and the Committee of Research and Education Advisors makes its selection from all the projects completed in the previous year.
Certification Awards
William S. Smith Award
The William S. Smith Award is named in honor of The IIA's first chairman of the Board of Regents, a former IIA chairman of the board, and a driving force behind the development of the Certified Internal Auditor® (CIA®) program. Awards are based on individual performance on the core exam parts (parts 1, 2, and 3). With year-round testing, award recipients must pass each exam part on their first attempt within one year of taking the first exam part.
Writing Awards
Ted Keys Award
The Ted Keys Award — named in honor of the late Elmer Theodore Keys, Jr., a long-time regular writer for an Internal Auditor magazine department — is presented each year for the most outstanding article submitted to one of the magazine’s departments. Winning articles are selected for outstanding quality, clear presentation of ideas, practicality, and relevance to the continuing practice of internal auditing.
John B. Thurston Award
The Board of Directors of The Institute established the John B. Thurston Award in March 1952 as a tribute to the memory of its first international president and an eminent authority in the field of internal auditing. The award is made annually to the author of that article published in Internal Auditor that is voted to be the outstanding paper in the field of internal auditing.
نشر في
موضوعات متنوعة