financial report

4 Key Issues Confronting Internal Auditors

Jul 27th 2015
Share this content

Most internal auditors lack adequate flexibility to meet business challenges and unexpected risks, according to a recently released report by the Institute of Internal Auditors (IIA).

The IIA polled more than 14,500 internal auditors in 166 countries for the report, 2015Global Pulse of Internal Audit: Embracing Opportunities in a Dynamic Environment.

“Internal audit is in an unprecedented position to show our stakeholders we are capable of operating and thriving in an emerging-risk landscape,” IIA President and CEO Richard Chambers said in a prepared statement. “This new Global Pulse report, however, suggests that many of our internal audit colleagues must change their approach to audit planning to meet today's fast-moving business challenges.”

The report highlights four issues confronting internal auditors.

1.Rapidly emerging risks make annual risk assessments inadequate. Chief audit executives (CAEs) must understand emerging risks right away, revise audit plans accordingly, and let key stakeholders know about the changes. According to the report, auditors' focus “should be on areas of an organization most likely to be affected by factors that impede the organization's objectives – the highest risk areas. Traditional, routine risks are easily identified, well known, and readily assessed. Emerging risks, those not identified before last month or this year, are the hardest risks to identify and assess. But for this very reason, they may also be the most critical on which internal audit must focus.”

CAE survey respondents said they focus more on areas susceptible to emerging risks – strategic business risks, IT, and corporate governance – but only 23 percent said they do continuous risk assessments. The majority of CAEs said they update their audit plan once or twice a year. In addition, only 16 percent of CAEs believe their audit plan process is flexible enough to respond to emerging risks immediately.

2.Internal audit must have a broad view of risks. Risks must be considered broadly, not in “silos,” and so, too, must internal audits. That requires a team approach to defining and assessing risks, and providing assurance about them.

3.The profession is no longer just about financial reporting. The current movement is toward reporting that combines results from several reports to create “a holistic story about the value of an organization,” according to the IIA. This is known as integrated reporting, which describes how an organization will create value from short to long term. It's new, but growing rapidly. Sustainability reporting, which helps marketing and decision-making, is more common but also growing. Both types of reports can benefit from the expertise and insight from internal auditors, and CAEs can use the opportunity to add value to their organizations, the report states.

4.Political pressures don't have to govern. The majority (72 percent) of CAEs said they report to the audit committee or board of directors. That's ideal because it allows a CAE to get advice or counsel from stakeholders who likely won't be a source of pressure, according to the report. But 19 percent of respondents said they report to the CEO, president, or governmental agency head, and 4 percent said they report to the CFO. “To audit successfully, CAEs should be free from the control of those they need to audit,” the report states. “To this end, reporting lines are critical, but are insufficient, in and of themselves, to ensure freedom from control.”


Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.