Internal Auditors Finding New Ways to Add Value in Expanded Role
by Terri Eyden on
By Frank Byrt
Chief audit executives (CAEs) are working to expand their roles within their organizations, moving from their traditional focus on compliance to include suggesting ways to improve processes and providing insights that influence strategy, according to a Grant Thornton LLP survey.
"CAEs, who have a wealth of knowledge about their organizations, are in a really good position to continue down the path of value creation," said Warren Stippich, CPA, partner and National Governance, Risk and Compliance Solution Leader at Grant Thornton, in a March 18 press release summarizing the survey. "But, it's not without its challenges - it requires using technology, being smarter about audit approaches, and getting more involved, both at the business unit or process level and the strategic thinking level."
The 2013 survey of 330 CAEs was aimed at discovering how internal auditors are adjusting to the evolving expectations of their role. "Perhaps one of the biggest challenges for audit executives is the ongoing quest to rebalance traditional internal audit activities and methods, while becoming more strategic in mind-set and strategic in approach," according to the survey report, Today's Chief Audit Executive: Continuing on a Path to Value Creation.
Although CAEs would like to find growing acceptance as strategic partners, CAEs said their departments face challenges in achieving that status. They cited budget constraints (58 percent), talent limitations (51 percent), and image problems (51 percent) as barriers that impede the internal audit department from delivering greater insights and strategic value.
When asked to rank a number of risk areas based on their potential to impact growth, CAEs cited:
- Execution of strategy
- Emerging technologies
- Data privacy and security
- Third parties/vendors
- Supply chain
- Business community
"These are all cutting-edge areas that CAEs should be focused on," Stippich told AccountingWEB in an interview.
Use of Technology and Data Analytics
Internal audit departments remain slow to maximize technology to gain efficiencies:
- More than three-quarters (77 percent) said they're not using governance, risk management, and compliance (GRC) software or an internal audit-specific tool. This is only a slight increase from last year's 79 percent.
Although respondents have yet to fully embrace GRC technology, the use of data analytics and business intelligence tools has more than doubled since last year's survey, with 66 percent of respondents saying they're taking advantage of this tool:
- 38 percent use it for forensic analysis, 32 percent for performance measurement, and 15 percent for predictive analytics.
"Our survey suggests that CAEs believe their departments have the ability to deliver the most value when they're helping to mitigate risks, identify improvement opportunities, and strengthen corporate governance," Grant Thornton said in the report.
According to Stippich, increasing the value of an auditor is even more compelling for small and midsized firms, including those with outside auditors. That's because, with the right suggestions, it's possible to create a greater impact on a small company than a huge one. "The smaller the company, the easier it is for an auditor or tax preparer to contribute value, simply because the level of sophistication of the clients is a little less."
Regardless of organization size, two areas worth focusing on are cybersecurity and fraud risk assessment.
Nevertheless, compliance-related activities remain the primary focus of the audit plan. More than half of respondents (56 percent) said between 1 and 25 percent of their audit plan is focused on regulatory compliance. Nearly one-quarter (24 percent) said 26 to 50 percent of the audit plan is focused on compliance, while 16 percent said compliance activities account for 51 percent or more of their audit plan.
However, 51 percent reported they've yet to adopt a "one-to-many" approach to streamline compliance testing, whereby they test once but comply multiple times with various regulatory standards or other mandates. This statistic highlights that there's substantial room for improvement when it comes to leveraging control testing requirements for maximum benefit.
You may like these other stories...
Individuals interested in reviewing the proposed 2015 US Generally Accepted Accounting Principles (GAAP) taxonomy from the Financial Accounting Standards Board (FASB) have until October 31 to submit their written comments....
Ernst & Young 2013 audit deficiency rate 49%, regulators sayMichael Rapoport of the Wall Street Journal reported on Thursday that the Public Company Accounting Oversight Board (PCAOB) found deficiencies in 28 of the...
PwC must face $1 billion lawsuit over MF Global adviceA federal judge on Wednesday ordered PricewaterhouseCoopers (PwC) to face a $1 billion lawsuit claiming that its bad accounting advice was a substantial cause of the...
Upcoming CPE Webinars
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.