Governance & ESG - Sostenibilità

Climate Change and Environmental Sustainability: How to tackle associated Risks and harness Opportunities?

INTERNATIONAL ON-LINE WEBINARWhy should climate change and environmental sustainability be on your radar?

CLIMATE CHANGE FROM THE PERSPECTIVE OF THE THIRD LINE OF DEFENSE

Document presented during the international webinar Climate Change from the perspective of the third line of defense organized in collaboration with IFACI, DIIR and IIA The Nederland. 

Human capital, diversity and talent management

INTRODUCTION:Human capital, diversity and talent managementThe world may have gone digital, but it grinds to a halt when real people are absent. We saw this last year when a lack of lorry drivers caused international supply delays and soaring prices. As Covid restrictions ease, organisations across the world are realising that the people they need to grow and develop their businesses are simply not there.

Evaluating Corporate Social Responsibility

Corporate Social Responsibility (CSR) presents significant risks and opportunities for many organizations. Stakeholders expect boards and management to accept responsibility and implement strategies and controls to manage their impact on society and the environment, to engage stakeholders in their endeavors, and to inform the public about their results. The proliferation of regulation and voluntary standards has made CSR management a complex endeavor.

Internal auditors should understand the risks and controls related to CSR objectives. Where appropriate, the Chief Audit Executive (CAE) should plan to audit, facilitate control self-assessments, verify results, and/or consult on the various subjects. Internal auditors should maintain the skills and knowledge necessary to understand and evaluate the governance, risks, and controls of CSR strategies.

This guide will assist internal auditors in understanding:

• The risks (operational, reputational, etc.) associated with CSR activities and how to use such knowledge in audit planning.
• The approaches to evaluating CSR activities, including auditing, facilitating, and consulting.
• Audit considerations such as use of the audit opinion, independence and objectivity, and types of resources.
• Considerations in developing the internal audit program, including whether CSR information is consistent with standards and how management communicates and sets priorities for CSR strategies.

The guide also explains detailed approaches to auditing in the following appendices:

• Auditing by Element
• Auditing by Stakeholder Group
• Stakeholder Theory
• Additional Resources (includes references to additional Practice Guides)

GAIT Methodology

What is GAIT Methodology?
GAIT Methodology is a guide to assessing the scope of IT general controls using a top-down and risk-based approach.

Who is it for?
Management and external auditors can use this guide in their identification of key controls within IT general controls as part of and a continuation of their top-down and risk-based scoping of key controls for internal control over financial reporting.

How Can it Help You?
The IIA developed this guidance to help organizations identify key IT general controls where a failure might indirectly result in a material error in a financial statement. More specifically, this methodology enables management and auditors to identify key IT general controls as part of and as a continuation of the company's top-down, risk-based scoping efforts for Section 404 compliance.

If a failure is likely, the methodology identifies the IT general control process risks in detail and the related IT general control objectives that, when achieved, mitigate these risks. CobiT and other methodologies then can be used to identify the key controls that address these IT general control objectives.

The Principles
The four principles that form the basis for the methodology are consistent with the methodology described in the Public Company Accounting Oversight Board's Auditing Standard No. 5. They are:

• The identification of risks and related controls in IT general control processes (e.g., in change management, deployment, access security, and operations) should be a continuation of the top-down and risk-based approach used to identify significant accounts, risks to those accounts, and key controls in the business processes.
• The IT general control process risks that need to be identified are those that affect critical IT functionality in financially significant applications and related data.
• The IT general control process risks that need to be identified exist in processes and at various IT layers: application program code, databases, operating systems, and networks.
• Risks in IT general control processes are mitigated by the achievement of IT control objectives, not individual controls.

GAIT Methodology enables organizations to implement the principles and gives management and auditors guidance around scoping IT general controls and the tools to defend these decisions.

N° 68 della newsletter "Tone at the Top" dell'IIA

Adottare un codice di condotta: elemento essenziale per un buon governo sia all'interno dell'organizzazione che con le terze parti conivolte.

Corporate Governance Paper - Approccio integrato al Sistema di Controllo Interno ai fini di un’efficace ed efficiente governo d’impresa

La Corporate Governance costituisce un tema ricorrente sia per l'esigenza di affrontare l'argomento a seguito delle patologie aziendali che hanno animato l'opinione pubblica sia per le novità che il legislatore introduce ed i molteplici aggiustamenti che ne conseguono. Nuove figure sono comparse e nuove funzioni si sono delineate in un panorama che conseguentemente occorre ridefinire in maniera completa.Il Sistema di Controllo Interno, perno su cui la Corporate Governance ruota, costituisce l'elemento catalizzatore di soggetti e funzioni che, ognuna per la propria parte, contribuiscono alla conduzione dell'impresa in modo sano, corretto e coerente con gli obiettivi di risk management.Si avverte la necessità di delineare con chiarezza i punti cardine del sistema di governo d'impresa che garantiscono il conseguimento delle finalità del governo complessivo dell'azienda in ottica di efficienza e di aderenza ai principi normativi. Maggior evidenza inoltre è richiesta su quali ruoli siano riservati alle funzioni che tradizionalmente operano nel sistema di controllo interno aziendale e su quali siano riservati alle funzioni di nuova istituzione.Obiettivo del documento è quindi fornire alcuni elementi chiave per la governance delle aziende italiane alla luce delle recenti evoluzioni normative in tema di controllo interno e compliance normativa, in linea con le posizioni assunte dai diversi organismi di regolamentazione. Il documento, scaricabile gratuitamente per tutti i soci AIIA, è acquistabile in formato elettronico per tutti i non soci >>