IIA Highlights Five Key Strategies for Internal Audit Success

In a challenging and ever-changing business climate, stakeholders are seeking – if not demanding – guidance from the internal audit profession to address strategic and emerging business risks.

But what tactics can internal audit use to make sure it meets those demands and help the profession thrive? That was a main focus of the new Pulse of the Profession report, Enhancing Value Through Collaboration: A Call to Action, from the Audit Executive Center of the Institute of Internal Auditors (IIA).

The report, released during the IIA’s 73rd International Conference in London on Monday, examined changing expectations from key internal audit stakeholders based on the findings of four major industry surveys from the first half of 2014. It also zeroed in on five key strategies to meet those expectations, primarily through communication and collaboration with stakeholders.

“Traditionally, internal audit has been reactionary, but that approach is changing,” IIA President and CEO Richard Chambers said in the report. “Our value to an organization depends on furthering this change in course."

The Pulse report found agreement within industry surveys for expanding internal auditing’s role, but it also identified gaps – sometimes significant – in expectations of and confidence in the profession’s ability to deliver assurances and services in new areas. According to the report, the key to enhancing internal audit services is for chief audit executives (CAEs) and other heads of audit to recognize and address those gaps.

“Every company, situation, and leader is different,” Gina Eubanks, IIA vice president of professional services, said in the report. “Are you ready to sit down with your stakeholders to understand how they define and measure success of internal audit?”

In its new report, the IIA highlighted the following five strategies for internal audit success.

1. Improve upon alignment with expectations of key stakeholders: Setting the tone for alignment by working with stakeholders is imperative. According to KPMG International’s 2014 Global Audit Committee Survey, the first step is to “recognize that internal audit is most effective when it is focused on the critical risks to the business, including key operational risks and related controls – not just compliance and financial reporting risks.”

CAEs should consider presenting strategic plans, spanning three to five years, that lay out changing levels of assurance services and advisory services in accordance to what internal control structures will permit.

2. Assume a leadership role in coordinating the second and third lines of defense: The IIA strongly advocates educating stakeholders on the three lines of defense model – management controls, risk management, and internal auditing – for dealing with risk. The IIA’s study found confusion specifically over just where those lines are drawn, which could create an opportunity for expectation gaps to grow. In the IIA’s Pulse survey, 64 percent of respondents said those lines are not clearly, somewhat, or moderately defined.

“The CAE should assume a leadership role in getting everyone back in their lanes, ensuring that there is no duplication or gaps in coverage,” Chambers said.

3. Enhance internal auditing’s capability to address critical, strategic business risks: As concerns among key stakeholders – chiefly management, audit committees, and boards – shift from traditional controls and finance issues to strategic business risks, internal audit must adapt to meet changing priorities.

For example, in KPMG’s 2014 Global Audit Committee Survey, respondents wanted the audit function to “devote more time and/or sharpen its focus” on areas outside of corporate governance that are typically associated with the internal audit function. Such areas included selected management process (65 percent), IT and data management (58 percent), and operational risks (52 percent).

4. Develop and implement knowledge and talent-acquisition strategies: To expand its responsibilities, the internal audit function must possess the requisite talent in nontraditional areas, such as the risk management process, IT, and operational risks.

The Pulse of the Profession survey found that skills being recruited or built into audit functions were more likely to be general than industry specific. Specifically, CAEs responding to the survey reported they are more likely to recruit based on analytical/critical thinking (75 percent), communications skills (58 percent), risk management assurance (44 percent), and IT (41 percent) versus industry-specific knowledge (36 percent).

Success hinges on not only identifying the skills to meet these changing demands but also in the recruiting strategies to find workers with relevant skills.

“Acquiring the right people is not the end, it’s the means,” Chambers said. “Acquiring the right people is the means toward having the knowledge and capability in the organization to address a full spectrum of risk.”

5. Become a trusted advisor to the audit committee and executive management: Experienced CAEs who succeed in understanding stakeholder expectations, addressing strategic business risk, and nurturing necessary talent can comfortably form advisory relationships with stakeholders. Those relationships will also make it easier to educate these stakeholders about emerging risks and mitigation strategies.

“The world as we know it is changing and so must the role played by internal auditing,” Anton van Wyk, senior vice chairman of the IIA Global Board of Directors, said in the report. “In recognition of the multitude of dependencies and impacts that exist, the concepts of integrated thinking and reporting, formalized stakeholder engagement, and the annual integrated report are ways of ensuring internal auditing views business more holistically.”

Related articles:

Survey: More CAEs Being Recruited From Outside Profession
Compliance Risks Now a Higher Priority for Auditors

You may like these other stories...

Anti Burger Kings: Seven US companies shrinking tax the old-fashioned wayBurger King’s decision to combine with Canadian donut shop Tim Hortons is renewing controversy over the lengths some US companies will go to...
Read more from Larry Perry here and in the Today's World of Audits archive.Since the AICPA's Financial Reporting Framework for Small- to Medium-sized Entities (FRF for SMEs) and some other financial reporting...
The US Securities and Exchange Commission (SEC) has chosen a former partner and vice chairman with Deloitte LLP as its new chief accountant.James Schnurr, who specialized in financial and SEC reporting for public companies...

Already a member? log in here.

Upcoming CPE Webinars

Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 10
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.