Internal Auditors Finding New Ways to Add Value in Expanded Role
by Terri Eyden on
By Frank Byrt
Chief audit executives (CAEs) are working to expand their roles within their organizations, moving from their traditional focus on compliance to include suggesting ways to improve processes and providing insights that influence strategy, according to a Grant Thornton LLP survey.
"CAEs, who have a wealth of knowledge about their organizations, are in a really good position to continue down the path of value creation," said Warren Stippich, CPA, partner and National Governance, Risk and Compliance Solution Leader at Grant Thornton, in a March 18 press release summarizing the survey. "But, it's not without its challenges - it requires using technology, being smarter about audit approaches, and getting more involved, both at the business unit or process level and the strategic thinking level."
The 2013 survey of 330 CAEs was aimed at discovering how internal auditors are adjusting to the evolving expectations of their role. "Perhaps one of the biggest challenges for audit executives is the ongoing quest to rebalance traditional internal audit activities and methods, while becoming more strategic in mind-set and strategic in approach," according to the survey report, Today's Chief Audit Executive: Continuing on a Path to Value Creation.
Although CAEs would like to find growing acceptance as strategic partners, CAEs said their departments face challenges in achieving that status. They cited budget constraints (58 percent), talent limitations (51 percent), and image problems (51 percent) as barriers that impede the internal audit department from delivering greater insights and strategic value.
When asked to rank a number of risk areas based on their potential to impact growth, CAEs cited:
- Execution of strategy
- Emerging technologies
- Data privacy and security
- Third parties/vendors
- Supply chain
- Business community
"These are all cutting-edge areas that CAEs should be focused on," Stippich told AccountingWEB in an interview.
Use of Technology and Data Analytics
Internal audit departments remain slow to maximize technology to gain efficiencies:
- More than three-quarters (77 percent) said they're not using governance, risk management, and compliance (GRC) software or an internal audit-specific tool. This is only a slight increase from last year's 79 percent.
Although respondents have yet to fully embrace GRC technology, the use of data analytics and business intelligence tools has more than doubled since last year's survey, with 66 percent of respondents saying they're taking advantage of this tool:
- 38 percent use it for forensic analysis, 32 percent for performance measurement, and 15 percent for predictive analytics.
"Our survey suggests that CAEs believe their departments have the ability to deliver the most value when they're helping to mitigate risks, identify improvement opportunities, and strengthen corporate governance," Grant Thornton said in the report.
According to Stippich, increasing the value of an auditor is even more compelling for small and midsized firms, including those with outside auditors. That's because, with the right suggestions, it's possible to create a greater impact on a small company than a huge one. "The smaller the company, the easier it is for an auditor or tax preparer to contribute value, simply because the level of sophistication of the clients is a little less."
Regardless of organization size, two areas worth focusing on are cybersecurity and fraud risk assessment.
Nevertheless, compliance-related activities remain the primary focus of the audit plan. More than half of respondents (56 percent) said between 1 and 25 percent of their audit plan is focused on regulatory compliance. Nearly one-quarter (24 percent) said 26 to 50 percent of the audit plan is focused on compliance, while 16 percent said compliance activities account for 51 percent or more of their audit plan.
However, 51 percent reported they've yet to adopt a "one-to-many" approach to streamline compliance testing, whereby they test once but comply multiple times with various regulatory standards or other mandates. This statistic highlights that there's substantial room for improvement when it comes to leveraging control testing requirements for maximum benefit.
You may like these other stories...
Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
Boehner addresses GOP priorities ahead of midterm electionsHouse Speaker John Boehner (R-OH) on Thursday delivered what amounted to closing arguments ahead of the November elections, laying out a list of Republican...
Former DOJ Tax Division head Kathryn Keneally joining DLA Piper in New YorkGlobal law firm DLA Piper announced on Thursday that Kathryn Keneally, the former head of the US Justice Department Tax Division, is joining the firm...
Upcoming CPE Webinars
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.