IIA advocacy, public policy, & corporate governance engagement

The IIA is engaging with policymakers to demonstrate the central role of the internal audit profession in evaluating risk and executing oversight in providing assurance over AI-related organizational risks as companies from all industries and sectors race to harness the potential power of this emerging technology.

Proactive engagement in policy discussion about AI seeks to emphasize internal audit’s capacity to promote responsible innovation, institute processes for effectively identifying and mitigating potential AI-related risks, and establish appropriate internal controls and independent oversight frameworks.

With the emergence of cryptocurrencies and growing discussions on crypto assets, The IIA is advocating for a requirement for all cryptocurrency exchanges to establish and maintain an independent internal audit function and have senior management annually certify that their exchanges’ internal controls are adequate based on an internal audit assessment. Cryptocurrency exchanges currently operate in a largely unregulated environment, which creates several risks for investors, including security risks, market manipulation, fraudulent activity, and money laundering.

As the cryptocurrency market continues to evolve, regulators and policymakers should consider requiring mandatory internal audit functions to safeguard investors and promote confidence in this new asset.

Privacy is a significant risk management issue for businesses, governments, and nonprofit organizations alike. It is therefore imperative for organizations – specifically those involved in collecting and processing consumer data – to possess a clearly defined governance structure.

The IIA is advocating for the passage of strong national and multinational data privacy laws – and corresponding regulations – which include an internal audit function within the organization to minimize the risk of organizational non-compliance and potential internal control failures.

An internal audit function that is independent of management and reports directly to the audit committee of a public company is a reporting relationship that enables the assessments and conclusions of the internal audit function to be objective, credible, and trustworthy. The presence of an internal audit function is widely considered an essential corporate governance practice for promoting organizational transparency and accountability as well as for risk management and protecting the interests of investors and other stakeholders.

The IIA works to promote a strong understanding of the benefits of an internal audit function within organizations and advocates for recognition of internal audit functions as a pillar of good corporate governance.

As companies from all industries and sectors confront a dynamic cybersecurity risk environment, it is evident that a robust legislative/regulatory framework is necessary to institute processes for effectively identifying and mitigating potential organizational cybersecurity risks and to establish appropriate internal controls and independent assurance procedures.

The IIA is working to advance laws and policies that ensure cybersecurity frameworks are robust, maintain appropriate internal controls and independent objective assurance over those controls, and minimize the organizational and operational risks of various threats, including denial-of-service, ransomware social engineering, and corporate software vulnerabilities.