IIA Position Papers
Position Papers assist a wide range of interested parties, but are primarily designed to inform and educate internal audit stakeholders on issues of importance to The IIA and the profession. Their focus is generally related to significant governance, risk, or control issues, and delineating the associated roles and responsibilities of internal auditing.
The IIA’s Three Lines Model: An update of the Three Lines of Defense, July 2020
The Three Lines Model is a fresh look at the familiar Three Lines of Defense, clarifying and strengthening the underpinning principles, broadening the scope, and explaining how key organizational roles work together to facilitate strong governance and risk management.
English AlbanianArabic Bulgarian Chinese Simplified Chinese TraditionalCroatian Czech DutchFrench French Canadian German Greek Hungarian IcelandicIndonesian
Japanese LatvianKorean Polish Portuguese Russian SerbianSlovenianSpanishThai Turkish
Internal Auditing’s Role in Governing Body/Executive Committees, November 2019
Whether internal audit participates on an organization’s governing body and executive committees depends largely on what leadership defines as internal audit’s scope of work. For organizations that expand internal audit’s role beyond assurance on financial reporting to include operational and strategic issues, there is a great opportunity for internal audit to add value by participating on various governing body and executive committees. This paper provides examples of where internal audit can add value, offers questions leadership should ask before extending an invitation, and outlines precautions that should be taken while participating to ensure internal audit’s objectivity remains intact.
English Arabic French German Indonesian Japanese Portuguese SerbianSpanish Turkish
The Internal Audit Charter: A Blueprint to Assurance Success, August 2019
For internal audit to operate at the highest levels, it must have clearly defined and articulated marching orders from the governing body and management. This is most easily achieved with a well-designed internal audit charter that serves as a blueprint for how internal audit will operate and helps the governing body to clearly signal the value it places on internal audit’s independence.
The paper identifies seven key areas that support the overall strength and effectiveness of the activity and should be covered in the internal audit charter. It also outlines five key takeaways and five questions stakeholders need to ask to develop a charter that sends a clear, unambiguous message about internal audit’s role in the organization.
English Arabic Bahasa Indonesia Simplified Chinese Croatian Deutsche French
Japanese Korean Portuguese Spanish Turkish
Relationships of Trust — Building Better Connections Between the Audit Committee and Internal Audit, June 2019
The best relationships are partnerships, and the CAE must be equally open and clear with the audit committee about ways to enhance or improve its support of internal audit activities. Building the right relationship between the audit committee and internal audit can make a significant difference in internal audit’s ability to provide the best assurance and advisory services.
The paper identifies five key takeaways that begin with a clear understanding of reporting and alignment responsibilities, including what should be expected and demanded, as well as five key questions the governing body should be asking.
English Arabic Chinese Simplified Croatian French German Indonesian Japanese
Korean Portuguese Serbian SlovenianSpanish Turkish
Fraud and Internal Audit: Assurance Over Fraud Controls Fundamental to Success, April 2019
Fraud is not unique to any organization type and no organization is immune. Since the opportunity to commit fraud exists everywhere, it is important for organizations to effectively leverage various resources to develop strong anti-fraud programs. This position papers outlines when and where internal audit’s skill sets can most effectively be used and at what point other resources should be tapped. It also provides key takeaways regarding internal control procedures, prevention and response planning, risk exposure assessment, and fraud investigation, as well as five questions all organizations should pose to strengthen their program.
English Arabic Bahasa Indonesia Croatian French Deutsche Japanese
Portuguese SlovenianSpanish Turkish Ukrainian
Why Conformance Matters, May 2018
Conformance to the IPPF is essential in meeting the responsibilities of internal auditors and the internal audit activity (IAA). It provides a measure of confidence that the IAA is operating to a strict code of ethics and defined professional standards, and that its staff is trained to specified standards of education and continued professional development.
English Croatian French Japanese Korean Spanish Turkish Ukrainian
Internal Auditing's Role in Corporate Governance, May 2018
Internal audit’s role in governance is vital. Internal audit provides objective assurance and insight on the effectiveness and efficiency of risk management, internal control, and governance processes.
English Croatian French Japanese Korean Polish Slovenian Spanish
Staffing Considerations for Internal Audit Activity, May 2018
Knowledgeable and competent resources within internal audit are needed to ensure assurance and advisory work are performed in alignment with the organization’s expectations and in conformance with widely accepted principles and standards. Careful and thoughtful consideration should be given to partially or fully outsourcing the internal audit activity.
English Croatian French Japanese Korean Spanish
The Role of Internal Auditing in Enterprise-wide Risk Management, January 2009
ERM is a structured, consistent, and continuous process applied across the organization that identifies and assesses risks, as well as decides on responses to and reports on opportunities and threats that affect the achievement of objectives. The principles presented in this paper can be used to guide the involvement of internal auditing in all forms of risk management, but it is primarily intended to address ERM, as this is most likely to improve an organization’s governance processes.
English French Portuguese Serbian Spanish Turkish