IIA Nigeria November 5, 2019 No Comments

Big Data and the Internal Auditor

Big data and analytics are widely predicted to transform the way internal audits are conducted, especially in the areas of risk assessment. For instance, analytics enable the access to the entire database and mining the data to obtain key elements. This allows deeper and more relevant insights, making it easier for them as professionals to focus on the main areas of concern, and to point out the high-risk areas with strong evidence.

By integrating analytics into internal auditing, internal auditors are now expected to deliver more enhanced quality and coverage, as well as provide more business value to their organisation. The managements and stakeholders seek improvements in business analytics and quality of data for better forecasting and decision-making. This actually helps to create more opportunities for internal auditors because they can now perform with greater assurance.

Every day, organizations are introducing creative and innovative ways to use big data. Practical applications of big data can be found in retail, public, private and nonprofit organizations, for example.

Analyzing data to create business value is not a new concept; however, it is becoming increasingly important to interpret data more quickly and base business decisions on the resulting insights. Organizations that effectively acquire and leverage big data are able to capitalize more quickly on emerging business trends, shifts in customer demands, and operational efficiency opportunities. This ultimately enhances the opportunity to improve customer satisfaction and maximize the organization’s success.

As big data programs are implemented and modified over time, internal auditors should remain engaged and monitor these efforts, in accordance with Standard 2010 – Planning and Standard 2030 – Resource Management. In doing so, internal auditors must maintain requisite knowledge and skills, and dynamically alter their risk assessment and audit coverage model to account for any changes (see Standard 1210 – Proficiency).

Big data is evolving rapidly and will continue to present risks and opportunities for organizations and internal auditors for the foreseeable future.


Shared by;

IIA Nigeria Media/IT Coordinator



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For CIA preparatory Class?

IIA Nigeria September 10, 2019 No Comments

Educating clients and stakeholders about internal audit’s roles and objectives in risk management

Everyone agrees that internal audit has an important part to play in risk management, but just where to draw the line is always a controversial topic. Some think internal audit should play a lead role in risk management, setting the risk management agenda and advising management on risk issues. Others take a more purist position, stating that internal audit should only be there to audit the risk management function.

 It’s not surprising. There are widely divergent views on the job of internal audit in general. As an internal auditor, clients and stakeholders are often ask what they believe to be their role. The answers tend to vary widely depending on the maturity level of the client’s internal controls environment. Some see internal audit mainly as the function in charge of Sarbanes-Oxley (SOX) compliance, while others say that it is to uncover fraud or malfeasance. The one common reply, however, that internal auditors are the “controls experts,” rarely changes. 

 If stakeholders have a narrow and incorrect idea of the problems we solve as internal auditors, what are we doing collectively to change that perception? This well-known quote by psychologist Abraham Maslow illustrates how easy it can be to incorrectly define a problem: “If the only tool you have is a hammer, then every problem looks like a nail.” If stakeholders view internal auditors as only “control experts,” then I can correctly rephrase Maslow’s quote to say: “If our only tools as internal auditors are controls, then every problem looks like a potential risk.”

 If we want to think more broadly and completely about the role of internal audit in risk management, we need to think beyond controls.



 Internal auditors simply must have a strong understanding of the macro and micro risks impacting their respective organizations. Given the increasing threats and dynamic nature of risks confronting many organizations, an inflexible or static “annual audit plan” approach might not provide the responsiveness needed for internal audit to quickly change course and address evolving risks. The use of Risk and Control Self-Assessments (RCSA’s) in theory seems a practical approach. However, the output from using RCSA’s and the skills of the risks’ owners might highlight inefficiencies in identifying and mitigating evolving risks.


 Consistent failures stemming from poor tone-at-the-top, sub-culture clashes across different LOB’s within an organization, lack of skills to identify and mitigate key risks, and inability to implement continuous monitoring and oversight of key functions are a few examples that could expose an organization to significant risks. Internal audit will see these dynamics at varying levels in the course of executing our missions. Failures to accept the reality and risks associated with these problems can be directly linked with the inability of the internal audit function to navigate volatile risks environments to create value.



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership








For CIA preparatory Class?


IIA Nigeria August 5, 2019 No Comments

CYBER THREATS(CYBER INTELLIGENCE) – contributing insights for Internal Auditors


Cyber threats are a malicious act that seeks to damage data, steal data and disrupt digital life. Threats like computer viruses, data breaches and denial of service disrupts computer network and paralyze systems making data unavailable. Cyber threats attackers are always after financial gain, disruption and espionage, cyber threats are not static because millions are being created every year.

Cyber/threats are in five categories:

Physical/Digital attacks which is the loss of life or damage of infrastructure. Psychological attacks points to the individuals being left depressed, embarrassed or confused. Economically, there will be a fall in stock price, regulatory fines and reduction of profits. Reputationally, there’s a loss of key staff, damaged relationship with customers and intense media scrutiny. Socially, it stands the risk of disruption of daily life such as impact on key services and a negative perception of technology.

Internal auditors have a role to play in ensuring that advanced cyber threats stays in check to avoid damages. They will ensure the effectiveness of the response actions on IT risk, they will leverage relationships with the audit committee to heighten awareness and knowledge of cyber threats and ensure that they remain aware of the changing nature of cyber threats. Internal audit provides a holistic approach to where an organization may be vulnerable, it is crucial to provide assurance services for all areas of an organization.




Conclusively, internal audits may provide the most value by contributing insights from its extensive scope of work but preparedness assumes the survival of a cyber attack. It serves no purpose if the organization does not evolve and improve the strategies to be better prepared for any type of attack. Cyber threat increase should make organizations see the need to train their employees to know the implications of a security breach and give clear guidance on how to respond to one when it eventually comes since it is inevitable. In cyber intelligence, education is power therefore the need to be educated on the importance of staying free from cyber threats is the great job of IIA, Nigeria, we protect everything.


Source :

Media/IT Unit 

IIA Nigeria




IIA Nigeria July 25, 2019 No Comments


Internal audits performance can be enhanced for both operations and compliance, to strengthen their impact, we look at The Process (How), The Product (What) and The System (Where).

The Process type of audit helps to know that processes are working within established limits. It helps to evaluate a method against predetermined instructions or, standards to measure the conformance to these standards as well as the effectiveness of the instructions.

The Product type of audit is the examination of a particular product or service such as hardware, processed materials or software to evaluate whether it conforms to customers’ requirements. The Big 4(Deloitte, EY, KPMG, PWC) in conjunction with IIA, Nigeria has been able to help in strengthening internal audit’s impact and influence in all organizations.

The System type of audit explains the conduct on the management system.

It is a documented activity performed to verify by evaluation and examination of objective evidence that applicable elements of the system are appropriate and effective and have been developed, documented and implemented in accordance with specified requirements or as part of the IPPF global internal audit framework.
Internal audit has a critical role to play as the third line of defence in risk management and helping organizations in the ongoing battle of managing cyber threats, providing an independent assessment of existing and needed controls and helping the audit committee and board to understand and address the diverse risk of the digital world. And, until we realise the role that internal audit is playing and pay full attention to it, internal audits impact and influence won’t be felt much and as such cannot be strengthened.


Internal audits performance can only be heightened or strengthened if they adopt analytics, contemporize reporting, enhance skills and capabilities and try to increase personal impact for all operations and compliance.



Join IIA Nigeria today to advance your internal audit professional career.

For further details, see below.

Please click to register;

For membership

New membership




For conference 



IIA Nigeria June 28, 2019 No Comments

The State of the Internal Audit Profession in Africa



In 2015, The Institute of Internal Auditors (IIA) launched an African Development Plan designed to build capacity of the internal audit profession across Africa. As the global leader of the internal audit profession, The IIA’s intent is to elevate the profession on the continent to meet or exceed the expectations of the profession’s key stakeholders.

 In conjunction with the World Bank, The IIA released The State of the Internal Audit Profession in Africa (Phase I), which assesses the factors that contribute to the current status of the internal audit profession across 11 countries in Africa, including Nigeria. The valuable insights gleaned from extensive in-person interviews and research outlined in the report helped to identify several areas of focus to build capacity of the profession in the region. 

The analysis of the situation in Africa found there is a greater need for effective internal audit in the public and private sectors, awareness of the internal audit and its contribution to governance is limited, and training resources are inadequate. 

Kindly review the entire report and also share with your stakeholders by using any of the links below to download the report.


Download the report for a comprehensive review of the profession by country.








Humphrey Okorie

CEO, IIA Nigeria

Ebrahim September 9, 2016 No Comments

Welcome to IIA Nigeria


Welcome to  IIA Nigeria.

Our goal is to ensure that you get every support that you need to continuously  offer unparalleled value to your organisation.

Kindly explore the website for the various resources available, you could also reach me directly through my email address Humphrey.okorie@iia-nigeria.org for further clarification or guidance.