Whether you call it chutzpah, moxie, or just plain guts, internal auditors need to show more of it.
That’s the overarching message of the 2017 North American Pulse of Internal Audit report, Courageous Leadership: Instilling Confidence from Within, from the Institute of Internal Auditors (IIA).
“It takes courageous leadership to enhance and protect organizational value,” the report states. “Chief audit executives [CAEs] must have the courage to look both outward at the organization, and inward at the internal audit function. We must consider risks that likely have been given little attention, and make changes.”
So, with that gauntlet laid down, the IIA cited four often-overlooked risk areas that need more attention:
- Communications not traditionally subject to independent assurance, such as analyst presentations, sustainability reporting, and some operational reporting.
- Environmental, health, and safety (EHS) risks.
- Internal audit’s use of data analytics.
- Interpersonal dynamics between internal audit and others in the organization.
Here are the key takeaways regarding each risk category:
1. Communication risks. Everyone in the corporate chain – managers, investors, and other stakeholders – makes strategic decisions according to the information they receive outside of financial statements, the report states.
The majority (66 percent) of Pulse survey respondents who receive such information said inaccurate, incomplete, misleading, or confusing communication poses a significant concern about risk to their organization’s reputation.
“While external audit provides assurance over formal financial statements, this does not include all the communications important to the organization, nor the related processes and controls,” the report states. “Independent assurance can come from internal audit, external audit, or an independent third party.”