Pressures are growing quickly around the world for internal auditors who work in the financial services industry, according to a new report.
The
“This latest report in the Common Body of Knowledge series provides a provocative and in-depth look at modern financial services internal auditing,” said Institute of Internal Auditors global chairman Larry Harrington in a statement. “Its analysis provides real insight into some of the most vexing challenges the profession will face as it meets growing demands for services.”
The authors of the report, "A Global View of Financial Services Auditing: Challenges, Opportunities and the Future," Jennifer F. Burke and Steven E. Jameson, suggest regulatory compliance has become a top issue because the ever-evolving nature of regulations strains resources. Spending on additional staff, new technologies, and revised processes combined with regulations that reduce fees and revenues can have significant impacts on financial institutions.
The new challenges not only include new regulations, but new regulatory bodies. The Financial Services Authority of Indonesia, the Financial Conduct Authority and the Prudential Regulation Authority in the United Kingdom, and the Consumer Financial Protection Bureau in the United States are some of the examples of new governing bodies with regulatory sway over financial institutions.
Worldwide, compliance and regulatory risk topped the list for financial services chief audit executives, according to the IIARF’s Global Internal Audit Common Body of Knowledge practitioners’ survey. The survey found that compliance and regulatory risks were listed as a top risk by 83 percent of respondents. Despite this, financial services chief audit executives indicated that operational risks comprised the highest percentage of 2015 audit plans.
Meanwhile, the profession, which has pushed for elevated stature and recognition to facilitate independence and add weight to internal audit recommendations, is straining under the growing burden of heightened expectations.
“It appears the caveat about ‘being careful what you ask for’ has become reality for many, bringing with it both opportunities and challenges,” said the report. “CAEs are finding themselves in the middle of almost every problem imaginable.”
With growing demands from management, directors, regulators and external auditors, internal audit is increasingly in a difficult position of serving multiple, sometimes inconsistent, masters with differing agendas.
Beyond the potential for increased conflicts, these new overseers are demanding more time and resources from the financial service auditors. For example, when compared to other industries, the financial and insurance sectors are mostly likely to provide support to external auditors.
The survey found that financial services auditors spent the most time supporting external auditors, with 34 percent reporting spending more than 4 weeks annually.
The work of the internal audit function has grown in importance to regulators. “Internal auditors have been asked to circumvent normal or traditional resolution process in challenging management, reporting to the board, and even reporting issues directly to regulators,” according to the report. “Many internal auditors worry that the results of their work will be used by regulators to cite additional deficiencies in regulatory examination reports.”
Technology continues to be a big source of risk for organizations and their internal audit functions, and the financial sector ranked the highest when it comes to time spent providing security for IT-related risks. According to the survey, 47 percent of financial sector chief audit executives described the amount of time spent as extensive. The next highest, at 27 percent, were chief audit executives from publicly traded enterprises (excluding financial sector).
Similarly, financial services internal auditors see the risk of a data breach as more extensive than their counterparts in other sectors, with 43 percent describing the risk as extensive compared to an average of 34 percent.
The report also explores two other areas: the growing demands related to managing audit and risk committee agendas, and the practicality of the Three Lines of Defense model in small and midsize financial institutions.
