Chief audit executives and audit committee members view internal audit priorities differently, particularly when prioritizing risks, according to a new survey by Grant Thornton.
When asked about the top three areas for internal audit to deliver value, audit committee members ranked “mitigating risk” first, while CAEs ranked “identifying improvement opportunities” as the area where they believe they can deliver the most value.
“Meeting compliance obligations remains a pain point for companies in a variety of sectors,” said Warren Stippich, partner and Grant Thornton’s national Governance, Risk and Compliance practice leader, in a statrement. “The continued compliance-heavy environment makes it clear that internal audit must keep striving to rebalance priorities without leaving any key area or stakeholder group behind. With finite budgets and resource constraints, internal auditors must look toward optimizing all aspects of the work they do, including financial and compliance activities.”
The survey also found that while internal audit departments seem eager to improve the efficiency of the internal audit function, only 28 percent of CAEs reported their organizations are using governance, risk and compliance-specific technology, down 1 percent from the previous year. While adoption numbers remain low, 32 percent of respondents believe their organizations effectively leverage governance, risk and compliance technology, up from 22 percent in last year’s survey.
In addition, 54 percent of the CAEs polled said they have transitioned or are working on adopting COSO’s updated guidance on internal controls or their existing controls are already in agreement with the new guidance. However, 25 percent of the respondents said they have no plans to transition to the new framework, up 1 percent from last year.
SEC officials have indicated that they expect companies to adopt the new COSO internal control framework and are likely to give extra scrutiny to companies that have not yet adopted, according to a recent story in
Grant Thornton found that 62 percent of the CAEs it polled expect their in-house resources to stay the same, while 32 percent say internal audit’s budget has not risen to allow for increased regulatory compliance efforts; Sixty-nine percent of the audit committee members surveyed cite “requesting regular assessments and reporting from management” as a step their board has taken to oversee data privacy and security risks. Sixty-four percent cite “reviewing policies, procedures and controls related to data security.
Finally, according to the poll, 69 percent of the respondents cited fraud risk as the number one risk assessment being conducted, up 8 percent from last year.
