IIA Nigeria September 4, 2019 No Comments



Audit committee is one of the major operating committees of a company’s board of directors that is in charge of overseeing every aspect of internal process ,reporting and disclosure.


  • The Audit Committee helps to maintain a good communication with the company’ CFO (Chief Financial Official and Controller.
  • The committee can also initiate special investigations in cases where it is determined that accounting practices are problematic or suspect issues arising with employees.
  • The oversight of financial reporting, the monitoring of accounting policies
  • The oversight of any external auditors, regulatory compliance and the discussion of risk management policies with the management.


Chief Audit Executive, director of audit, director of internal audit, auditor general, or controller general is a high level independent corporate executive with overall responsibility for internal audit. The CAE reports  to the board of board of directors with administrative reporting to the CEO.


  • To constitute a third level of control in the organization, which must be independent from the first level control

Note: The first level layer belongs to the management of the organization who is responsible in the first instance for acting in compliance with the organization’s rule and consecutively second level which are the supporting units that is HR, Risk function, financial control, etc.

Engaging with the audit committee is not the same as engaging with other members of the senior management. Fortunately, the profession has come a long way in the past two decades when it comes to reporting relationships; a recent IIA Global Pulse of Internal Audit survey shows that nearly 75 percent of internal audit leader’s worldwide report functionally to a board or its audit committee. From experience, management typically becomes comfortable with internal audit’s dual reporting relationship. Strong audit committees embrace their oversight of internal audit, and management understands that. In the vast majority of organizations, the CEO and other C-suite executives would not interfere with internal audit’s access or reporting relationship with the audit committee. However, this still may create tension as some CAEs feel smothered by their CEO or CFO when it comes to the audit committee relationship and as such report that the CEO wants to review and approve every communication with the audit committee, they also lament that their CEO may frown upon or prohibit communication with the CAE and the audit committee chairman.

This is a complicated dilemma, while it is clearly inappropriate for management to obsessively filter the CAE’s communications with the audit committee; the CAE again is caught between a rock and hard place. Audit committee chairs has to be firm in communicating their expectations on internal audit access, and be the one who initiate contact with the CAE if they believe the management is impeding communication. CAEs have to build productive relationships within their organizations so they are surrounded by advocates and champions for the work of internal audit. CAEs should also try to build a network of peers with whom they can share their frustrations and seek advice. It is never easy to walk alone.



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For conference ?



For CIA preparatory Class?


IIA Nigeria August 22, 2019 No Comments


In 2018, so many companies had data breaches that compromised the personal information of millions of people around the world. I’d recount the ordeal of Facebook.

Facebook dealt with a slew of major breach and incidents that affected more than 100million users of the popular social network, 29 million was lost, highly sensitive data, including locations, contact details, relationship status, recent searches and devices used to log in were affected. It happened from July2017 – September 2018, the most interesting part was that this vulnerability was not known to Facebook until September 2018 when the spotted a spike in unusual activity. That is to say that this vulnerability ran for a period of 13 months without the knowledge of Facebook, in other words the hackers did have a feel of user data for a long time and need I to sure that Facebook wasn’t even sure when this attack started.

Vulnerability is the weaknesses in a computer system, in a set of procedures, or in anything that leaves information exposed or simply put It is a cyber security term that refers to a flaw in a system that can leave it open for attacks.

IT Security refers to securing digital data through computer network security.

Causes of IT Security Vulnerability.

  • Exposure
  • Missing data encryption
  • OS command injection
  • Download of codes without thorough check
  • Weak passwords
  • Ignorance
  • Using an already infected software

Protecting client’s data is an integral part of business for any auditing firm or any organization.

Firstly, users should be blocked from visiting confirmed unsafe sites, stay on top of bandwidth range with alerts when devices exceed thresholds. Another way is to filter internet activity by day, category and URL to reveal trends, spikes and irregularities. Try to complete with detailed reporting tools to let you analyze browsing activity and demonstrate the effectiveness of web security. Identify risk with IIA, Nigeria to help you find it wherever it may be hiding.

Role of IA (Internal Audit) to helping organizations

  • They should understand and be aware of the data security threats that loom over organizations.
  • They should help identify the vulnerabilities.
  • They should examine if all the required security precautions have been taken.
  • They should constantly network with industry counterparts to keep abreast of emerging threats.
  • They are also to help to see that cyber security regulations are being met

Internal audit is a pivotal ally which must join forces with IT to build a truly robust cyber security strategy that focuses on anticipating and mitigating risks and building organizational resilience. As vast as cyber threats are growing, cyber security has also become a more serious and relevant topic for system owners than ever before. The world is entering an era when attackers are trying to find a way to disrupt industries and critical infrastructure, attacks are heard every single day, you can stay on top of your game by having the best tools for intrusion detection network monitoring but without people, they can’t do much. People make decisions on how to respond to these threats and assess these vulnerabilities to choose which one to make priority for remediation

IIA, Nigeria is available to provide all the training you need for an efficient and effective IT Security



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For conference ?



For CIA preparatory Class?

IIA Nigeria August 5, 2019 No Comments

CYBER THREATS(CYBER INTELLIGENCE) – contributing insights for Internal Auditors


Cyber threats are a malicious act that seeks to damage data, steal data and disrupt digital life. Threats like computer viruses, data breaches and denial of service disrupts computer network and paralyze systems making data unavailable. Cyber threats attackers are always after financial gain, disruption and espionage, cyber threats are not static because millions are being created every year.

Cyber/threats are in five categories:

Physical/Digital attacks which is the loss of life or damage of infrastructure. Psychological attacks points to the individuals being left depressed, embarrassed or confused. Economically, there will be a fall in stock price, regulatory fines and reduction of profits. Reputationally, there’s a loss of key staff, damaged relationship with customers and intense media scrutiny. Socially, it stands the risk of disruption of daily life such as impact on key services and a negative perception of technology.

Internal auditors have a role to play in ensuring that advanced cyber threats stays in check to avoid damages. They will ensure the effectiveness of the response actions on IT risk, they will leverage relationships with the audit committee to heighten awareness and knowledge of cyber threats and ensure that they remain aware of the changing nature of cyber threats. Internal audit provides a holistic approach to where an organization may be vulnerable, it is crucial to provide assurance services for all areas of an organization.




Conclusively, internal audits may provide the most value by contributing insights from its extensive scope of work but preparedness assumes the survival of a cyber attack. It serves no purpose if the organization does not evolve and improve the strategies to be better prepared for any type of attack. Cyber threat increase should make organizations see the need to train their employees to know the implications of a security breach and give clear guidance on how to respond to one when it eventually comes since it is inevitable. In cyber intelligence, education is power therefore the need to be educated on the importance of staying free from cyber threats is the great job of IIA, Nigeria, we protect everything.


Source :

Media/IT Unit 

IIA Nigeria




IIA Nigeria June 28, 2019 No Comments

The State of the Internal Audit Profession in Africa



In 2015, The Institute of Internal Auditors (IIA) launched an African Development Plan designed to build capacity of the internal audit profession across Africa. As the global leader of the internal audit profession, The IIA’s intent is to elevate the profession on the continent to meet or exceed the expectations of the profession’s key stakeholders.

 In conjunction with the World Bank, The IIA released The State of the Internal Audit Profession in Africa (Phase I), which assesses the factors that contribute to the current status of the internal audit profession across 11 countries in Africa, including Nigeria. The valuable insights gleaned from extensive in-person interviews and research outlined in the report helped to identify several areas of focus to build capacity of the profession in the region. 

The analysis of the situation in Africa found there is a greater need for effective internal audit in the public and private sectors, awareness of the internal audit and its contribution to governance is limited, and training resources are inadequate. 

Kindly review the entire report and also share with your stakeholders by using any of the links below to download the report.


Download the report for a comprehensive review of the profession by country.








Humphrey Okorie

CEO, IIA Nigeria