Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorStandards and GuidanceBreadcrumb SeparatorTopics and ResourcesBreadcrumb SeparatorRisk Publications and Guidance

The IIA Risk Resource Exchange 

Risk Publications and Guidance

Today’s business environment is characterized by mounting pressures for stronger, more effective risk management. There is a sharp focus on risk oversight, considered by many observers to be the top governance issue facing corporate boards in this continuously evolving world. Audit committees are pushing for holistic risk management, stepped-up risk mitigation, and enterprisewide risk assessments. The IIA has developed the Risk Resource Exchange: a comprehensive resource for professionals around the globe on risk guidance, publications, training, events, and more.

Kendallville Bank Case Study from the Anti-Fraud Collaboration Kendallville Bank Case Study from the Anti-Fraud Collaboration
The latest installment from the Anti-Fraud Collaboration case study series offers insights to help build awareness of financial fraud deterrence and detection.

Leveraging COSO Across the Three Lines of Defense Leveraging COSO Across the Three Lines of Defense
In Leveraging COSO Across the Three Lines of Defense, authors Douglas J. Anderson and Gina Eubanks make a strong case for using the Three Lines of Defense Model, which addresses how specific duties related to risk and control should be assigned and coordinated.

Driving Success in a Changing World: 10 Imperatives for Internal Audit Driving Success in a Changing World: 10 Imperatives for Internal Audit
Driving Success in a Changing World: 10 Imperatives for Internal Audit, developed from data gleaned from The IIA’s Global Internal Audit Common Body of Knowledge (CBOK) practitioners’ survey, offers direction to help internal audit professionals expand their skills and add value to their organizations.

New IPPF IIA Introduces Updated Guidance Framework
The IIA has unveiled enhancements to its International Professional Practices Framework (IPPF)®. Among the most significant enhancements to the IPPF are the introduction of a Mission of Internal Audit and articulation of 10 Core Principles for the Professional Practice of Internal Auditing.

2015 Global Pulse of Internal Audit

2015 Global Pulse of Internal Audit
The IIA’s 2015 Global Pulse of Internal Audit: Embracing Opportunities in a Dynamic Environment urges a broader, more flexible approach to risk.

 
IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs
IIA implementation guidance on auditing anti-bribery and anti-corruption programs.

 
2015 Pulse of Internal Audit release 2015 North American Pulse of Internal Audit
The 2015 North American Pulse of Internal Audit showed that CAEs consider emerging risks to be one of their greatest challenges, but it also found that only a third of respondents have a high degree of confidence in their ability to identify such concerns.
​ ​
 
​​IIA Letter on Audit Committees Published in Wall Street Journal
The Wall Street Journal published a Letter to the Editor from IIA President and CEO Richard Chambers Feb. 12 about audit committee members being open to expanding their roles.
 

  
Tone at the Top: Cybersecurity: They’re In. Now What?
Read the November/December 2014 issue of Tone at the Top and learn how organizations can approach cybersecurity breaches.
​ ​
 
Combining Internal Audit and Second Line of Defense Functions? Read this white paper from IIA–Netherlands.

IIA–Netherlands published a white paper on the pros and cons of combining internal audit and second line of defense functions. The white paper addresses the key question asked by many boards and committees: Can internal audit work independently and objectively if support is provided on risk management, compliance, and internal controls?


​ ​
Internal Audit Coverage of Risks to Achieving Strategic Objectives: IIA Practice Advisory 2120-3.

The IIA outlines six guidelines in assisting internal audit departments in understanding and providing coverage of risks in organizations achieving their strategic objectives.


​ ​

Internal Audit Foundation Research Report, in partnership with ISACA: Cybersecurity: What the Board of Directors Needs to Ask.

This report helps directors know how they should react to cybersecurity breaches and what to do, understand that cybersecurity is an enterprisewide issue, not just an IT issue, and know what the IT auditor’s role is in helping the Board of Directors address the issue. The report also outlines the NACD’s five principles for the board, and provides a list of top questions every board needs to ask.


  ​
IIA Practice Guide: Auditing Anti-bribery and Anti-corruption Programs

IIA implementation guidance on auditing anti-bribery and anti-corruption programs.


 

IIA South Africa Report: How to Effectively Review Your Organization’s Risk Management Process

This report’s emphasis is on sharing practical risk management advice needed by internal auditors on providing assurance over the risk management process.


 

Internal Audit Foundation Research Report: Becoming a Strategic Auditor: Tying Risk to Strategy

Businesses today are spending more time on strategic issues and seeking more help from those with strategic capabilities. This has created a unique opportunity for internal auditors to help their organizations both manage their risks and achieve their strategic goals.


 

2014 North American Pulse of the Profession Report

In this annual report, The IIA’s Audit Executive Center shares the results from the 2014 Pulse of the Profession survey and provides insight on current trends and emerging issues relevant to the profession.


 

2014 Global Pulse of the Profession Report

In this report, The IIA’s Audit Executive Center cross-references the Global Pulse of the Profession survey findings with outcomes from similar global reports issued by KPMG International, PwC, and Protiviti. The result is a robust view of challenges facing the profession along with strategies to overcome those challenges.


 

IIA Practice Guide: Coordinating Risk Management and Assurance

Implementation guidance on coordinating risk management and assurance activities within the organization.


 

IIA South Africa Report: Issuing an Assessment in Terms of King III

The King III report requires an objective assessment of the effectiveness of risk management and the internal control framework. This report provides practical guidance to fulfill this requirement.


 ​ ​

​IIA Practice Guide: Auditing Privacy Risks, 2nd Edition

Implementation guidance on auditing privacy risks.


 ​ ​

​Internal Audit Foundation Research Report: Contrasting GRC and ERM: Perception and Practices among Internal Auditors

This Internal Audit Foundation research report looks at the perceptions and practices among internal auditors on the difference between GRC and ERM.


 ​ ​

​IIA UK/Ireland Guidance Booklet: An Approach to Implementing Risk-based Auditing

Report documents why risk-based auditing should be introduced, how it can be implemented, and the advantages of a risk-based approach.


 ​ ​

​IIA Global Technology Audit Guide (GTAG): Information Technology Risk and Controls, 2nd Edition

Implementation guidance on information technology risk and controls.


 ​ ​

​IIA South Africa Report: Risk-based Auditing

This report looks at the need in the business world today for effective corporate governance and risk management practices.


 ​ ​

IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Control

The IIA’s position on the three lines of defense in effective risk management and control.


 ​ ​

​IIA Spain Research Report: Definition and Implementation of Risk Appetite

Report evaluates the process of defining and implementing risk appetite and what Boards and management should consider.


 ​ ​

​October 2013 North American Pulse of the Profession Report

The IIA’s Audit Executive Center looks at the trends and insights emerging from the most recent Pulse of the Profession Survey.


 ​ ​

​April 2013 Global Pulse of the Profession Report

This global report summarizes feedback from the 1,700 internal auditors around the world who participated in the 2013 Pulse of the Profession Survey.


 ​ ​

​March 2013 North American Pulse of the Profession Report

In this semiannual report, The IIA’s Audit Executive Center looks at the results from the Pulse of the Profession Survey to provide insight into the state of the profession for 2013.


 ​ ​

IIA UK/Ireland 2013 Governance and Risk Report

This 2013 report from IIA UK/Ireland documents the results of an annual survey covering important and emerging governance and risk topics.


 ​ ​

​IIA Practice Advisory 2200-2: Using a Top-down, Risk-based Approach to Identify the Controls to be Assessed in an Internal Audit Engagement

An interpretation on using a top-down, risk-based approach to identify the controls to be assessed in an internal audit engagement.


 ​ ​

​IIA Practice Advisory 2120-2: Managing the Risk of the Internal Audit Activity

Interpretation on managing the risk of the internal audit activity.


 ​ ​

​IIA Practice Advisory 2010-1: Linking the Audit Plan to Risk and Exposures

Interpretation on linking the audit plan to risk and exposures.


 ​ ​

​Internal Audit Foundation Research Report: Internal Auditing’s Role in Risk Management

Increasing economic pressures are moving organizations to increase the effective of risk mitigation efforts and focus on a more holistic approach to risk management. As a result, the role of internal auditing in risk management is focused on ways to identify and assess the organization’s strategic risk.


 ​ ​

​IIA Position Paper: The Role of Internal Auditing in Enterprise Risk Management

The IIA’s position on the role of internal audit in enterprise risk management.


 ​ ​

​IIA Practice Advisory 2010-2: Using the Risk Management Process in Internal Auditing

Interpretation on using the risk management process in internal auditing.


 ​ ​

​IIA Practice Advisory 2110-2: Governance: Relationship with Risk and Control

Interpretation on the relationship between governance and risks and controls.


 ​ ​

​IIA Practice Advisory 2210.A1-1: Risk Assessment in Engagement Planning

An interpretation on performing risk assessments during the planning phase of an engagement.