Chief audit executives are increasingly using strategies to drive up efficiency in the internal audit process, including a “one-to-many approach.”
A new survey by Grant Thornton of chief audit executives found that 54 percent of the respondents indicated they have found ways to implement a one-to-many approach, an increase from 49 percent last year. Under a one-to-many approach, auditors test only once but manage to comply multiple times with various regulatory standards and other mandates, since the same or nearly the same questions are often asked of the same people.
As chief audit executives face a greater compliance burden but have limited internal audit resources, they are forced to make difficult decisions. They need to maximize their internal audit efficiency and impact, while adhering to a compliance-heavy environment and fully utilize their existing resources.
The survey found that 92 percent of respondents believe they can potentially apply one-to-many principles to approximately 50 percent of their control testing. This leaves a large group (38 percent) of potential one-to-many users that have not yet embraced the practice.
Another strategy is to leverage technology better. However, the survey found that only 29 percent of the survey respondents report their companies are using governance, risk and compliance technology, though that’s up from 23 percent in last year’s survey. While adoption numbers for GRC technology have increased, only 22 percent of respondents believe their organizations effectively leverage such technology.
Data analytics is another technology relied on by chief audit executives, with 60 percent of the survey respondents saying they use data analytics to enhance the internal audit function. The top reason cited for using analytics is the ability to quickly identify patterns, trends and relationships. CAEs also use analytics for other tasks such as forensic analysis (26 percent), performance measurement (18 percent) and predictive analytics (28 percent).
“The dilemma many CAEs face is how to continue adding strategic value through the internal audit function, given the current compliance-heavy environment,” said Grant Thornton’s national governance, risk and compliance practice leader, Warren Stippich, a Chicago-based partner. “The solution is not to leave compliance behind as an un-chosen option in the place of focusing on strategic and/or operational areas—but instead to understand how CAEs can leverage compliance activities to add value.”
If internal audit departments are using a disproportionate amount of resources on compliance activities, there could be significant lost opportunities, Grant Thornton noted. Determining the right mix of resources for an organization is an important job function for CAEs.
In other findings, 69 percent of the survey respondents cited increased cost as the top impact of regulation on their organizations, while 45 percent of the respondents said they feel that regulation improved their governance and rigor of testing. A 69 percent majority of the respondents see increased cost as the biggest impact of regulation, while another 36 percent feel that regulation has left them unable to devote resources to higher-value activities.
A relatively low proportion (18 percent) of respondents said they have already started transitioning to COSO’s updated internal control framework, while 35 percent say they will start the transition in the next 12 months, and 24 percent of the respondents have no plans to transition to the new framework.
For a copy of the survey findings,
