Untitled 4

Welcome to the IIA Saudi Arabia!
The Institute of Internal Auditors Saudi Arabia (IIA-KSA) is a non-profit professional organization dedicated to the advancement and promotion of the Internal Auditing profession in the kingdom of Saudi Arabia. As part of an international network representing the Internal Auditors worldwide, we provide support by offering Technical Guidance, Professional Training Programs, Certification Programs, Continuing Education, Conferences and Networking Opportunities.

What has been said about the Internal Auditing!!!

Insert some sort of flashes for quotations related to Internal Auditing said by local Executives.

About the Profession:

Definition of Internal Auditing:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."

Source: International Professional Practices Framework (IPPF), The Institute of Internal Auditors Research Foundation. Florida, USA, January 2011

Professional Standards and Guidance:
The Global IIA organization has published the International Professional Practices Framework (IPPF), which contains the following useful reference for the internal auditing profession:

Mandatory Guidance
Code of Ethics

Strongly Recommended Guidance
Position Papers
Practice Advisories
Practice Guides

General Risk and Control Frameworks

The Committee of the Sponsoring Organizations of the Treadway Commission (COSO – www.coso.org  ) has issued two key risk and control frameworks used by many internal auditors and their organizations throughout the world:

  • The Internal Control – Integrated Framework (1992) - establishes a common definition of internal control that services the needs of different parties for assessing and improving their control systems. Click here for more information.
  • The Enterprise Risk Management (ERM) Framework (2004) – attempts to respond to a need for principles-based guidance to help entities design and implement effective enterprise-wide approaches to risk management. Click here for more information.
  • Guidance on Monitoring Internal Control Systems (2009) - designed to improve the use of monitoring by helping organizations identify and maximize effective monitoring, and identify and improve ineffective or inefficient monitoring. Click here for more information.

Professional Journals:

Many organizations have professional journals with articles of interest to internal auditing, security and control, including:

Publishing Organization or Company Publication Name and Link
Institute of Internal Auditors (IIA) Internal Auditor 
Association of Certified Fraud Examiners Fraud Magazine
Thomson Reuters - RIA Internal Audit Report
Auerbach Publications EDPACS:  EDP Audit, Control and Security

IT Auditing

The Global IIA has published its IT audit practice guide series to assist IT auditors and security professionals understand and evaluate IT risks and controls. This series includes:

  • The Global Technology Audit Guides (GTAG) series click here for more information - was created to provide high-level technology information from a business point of view that can help internal auditors worldwide better understand the different risks, controls, and governance issues surrounding various specific technologies and IT audit concepts.
  •  The Guide to the Assessment of IT Risk (GAIT) seriesclick here for more information - describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each practice guide in the series addresses a specific aspect of IT risk and control assessments.

IIA members can download the GTAG and GAIT series documents for free.

ISACA and The IT Governance Institute have also issued the following documents on IT risk, controls and governance:

  •  Control Objectives for IT (CObIT) click here document and supporting reference materials.
  • The Risk IT framework - click here for more information.
  • The Val IT framework for IT governance to ensure value-added contributions of IT - click here for more information.

 Other frameworks for evaluating IT audit, security and control include:

  • The British Standards Institute’s (BSI) BS ISO/IEC 27011:2008 – click here for more information.
  • ITIL attempts to capture best practices for IT service management – click here for more information.
  • PRINCE2 is a process-based approach for project management – click here for more information.
  • The United States National Institute of Standards and Technology’s (NIST) Computer Security Division’s Computer Security Resource Center – click here for more information.