Internal audit and external audit could strengthen assurance by building on each other's work, though the relationship must not become codependent, experts say. "Each side knowing and understanding that control environment and what new and emerging risks are being mitigated would help them both do their job that much better," says Liz Sandwith, chief professional practices adviser at the Chartered Institute of Internal Auditors.
Executives must prioritise reporting of environmental, social and governance factors, and "these metrics will always need to be assured independently for their accuracy, reliability and the trust we can place on them", writes Jeffrey Ridley, past president of the Chartered Institute of Internal Auditors. "Who better to do this than trained auditors -- internal and external with today and tomorrow's technology -- but, only if the quality of their work is also measured and assured," Ridley writes.
A review aimed at setting a more climate-focused mandate for Norway's $1.4 trillion sovereign wealth fund, the largest in the world, has revealed a number of ways the financial sector as a whole tends to misunderstand and misprice climate risk in investments.
New Your Voices Blogs Available
Do you have the curiosity our Your Voices blogs call for? Internal Auditor magazine's Your Voices blogs provide insightful, practical information for our readers — from staff level to CAE. Both contributors and readers alike say this platform is the perfect place to share unique insights and practices. Read the latest blog posts now.
WhatsApp faces a €225 million fine imposed by the Irish Data Protection Commission over accusations that the Facebook property has violated the EU General Data Protection Regulation. The regulator alleges WhatsApp has made inadequate disclosures about use of EU citizens' personal data.
The Chinese Personal Information Protection Law, effective on 1 November, will change how the world shares data, experts say. "The new law will push data recipients located outside of the country to comply with Chinese laws more seriously, establishing long-arm jurisdiction," DeBund Law Offices partner You Yunting says, citing the strictness of the legislation.
Hiroto Imai and Mizue Kakiuchi of law firm Hogan Lovells dissect the meaning of new amendments to Japan's personal privacy law that take effect next year. Companies that do business in Japan should take note of the provisions, which include mandatory breach reporting, Imai and Kakiuchi write.
German prosecutors investigating the government's anti-money-laundering agency have raided the Finance Ministry and the Justice and Consumer Protection Ministry. Investigators want to know whether the Financial Intelligence Unit, part of the Finance Ministry, has been instructed to disregard warnings about questionable payments to Africa.
South Africa's Department of Justice and Constitutional Development recently experienced a security breach that shut down a number of its services. Other government entities also were hit, including the space agency and Transnet, which oversees operations for railroads, ports and pipelines.
A mandatory governance standard for cybersecurity in Australia would be a bad idea, write Rosemary Teele Langford and Andrew Godwin, who are affiliated with the University of Melbourne. Another possibility could be a voluntary standard, which "wouldn't be without legal significance for directors", they note.
The UK "has an incredible opportunity to shape the future of data regulation" post-Brexit, writes Michael Queenan, CEO of Nephos Technologies. "There are huge challenges facing our society and we need the government to focus on how to create the digital infrastructure that will enable the country to flourish in 10 years time," Queenan notes.
The IIA is seeking nominations for the 2022-23 volunteer leadership roles
Volunteers impact the day-to-day functions of internal audit and help shape the future of the profession. But how do we discover the very best candidates for volunteer leadership roles? We rely on you, our members, to nominate the leaders of tomorrow. Nominations are due by 15 October.
IIA releases guidance on auditing business applications
The IIA has released a new Global Technology Audit Guide, "Auditing Business Applications," to help internal auditors provide assurance and consulting services related to business applications. The GTAG describes how to identify and assess the risks and standardised and system-specific controls relevant to business applications. This and all practice guides are available at no cost to IIA members.