Internal Auditors Need More Support from Management

Internal auditors feel they need more visible and vocal support from senior managers within their organizations as changing demands put them under more pressure, according to a new survey.

The survey, by Thomson Reuters, found that the increasing amount of regulation, renewed focus on fraud and corruption and heightened scrutiny around risk management from executives, corporate boards, shareholders and regulators are placing greater emphasis on how the internal audit function can play a role in evaluating and mitigating risk.

Over 57 percent of the survey respondents indicated that increased focus on risk and control was the top challenge for the year ahead. While risk management was seen as a top three priority for organizations and was one area where the internal audit function’s time and resources are primarily applied, only 12 percent of the firms surveyed claimed to have robust and embedded risk management framework and resources in place.

Over 40 percent of the survey respondents indicated that interactions with the compliance and risk management teams were ad-hoc or were unsure of the frequency of these meetings. Many of the poll respondents see room for improvement in audit business processes and the opportunity to move to a more robust operating model.

When asked about what areas the internal audit function’s time and resources were currently applied to, 83 percent of the internal auditors surveyed listed assurance over internal control as a top three activity. IT risk and security was listed as the second priority with 44 percent of respondents. 

However, when asked about what the top priorities should be for the internal audit function, the survey respondents listed a different set of activities. Thirty-eight percent of the respondents listed strategic level risk management as a top three issue and 30 percent indicated corporate governance as a top area where resources needed to be focused. A broadening remit, coupled with the need to adapt to changing business models, has many internal audit departments looking for new processes and tools to help address these challenges.

“Audit committee chairs and executive management alike need to understand and address the increasing scope and strain on internal audit,” said Mark Schlageter, managing director of governance, risk and compliance at Thomson Reuters. “A vital factor in easing the pressure on the internal audit function is the provision of adequately skilled resources and the ability to leverage off technology to meet the growing demands and challenges. The often under-valued task of internal auditing can be made substantially easier where senior managers visibly and vocally demonstrate support for the internal audit function and promote a culture of sound corporate governance.”

The maturity of standard business processes across a number of audit functions varied from firm to firm with more established processes such as reporting and issue tracking having robust programs in place in the majority of firms.

Even the most basic of audit processes however showed that there was room for improvement. In the case of the management of audit workpapers, only 28 percent of respondents described their process as robust or mature and almost half of the respondents (49 percent) indicated that they had a workpaper process in place but that it still needed work.

Of all of the business processes surveyed, respondents indicated that they had the highest level of maturity on reporting. Forty-one percent indicated that they had a robust, mature program in place for reporting while 48 percent indicated that their reporting processes were implemented but still need some work. Only 11 percent of respondents indicated that they had a relatively immature business process around reporting.

Risk management is one of the areas of most significant change for the audit profession and according to the survey is seen as a top three priority for organizations. Despite this, under one fifth of respondents indicated that robust and mature processes for risk assessment were in place at their firm.

When asked about how they interacted with their counterparts in the compliance and risk management function, the practitioners surveyed showed an emerging yet immature connection to these other assurance functions. In the case of interacting with both teams, over 40 percent of the survey respondents indicated that these interactions were ad-hoc or they were not sure on how frequently they met. In the case of internal audit working with risk management teams, only 21 percent of respondents indicated that they met on a weekly basis. The numbers for internal audit working with compliance departments were similar with only 24 percent of respondents responding that they met weekly with their compliance counterparts.

In conjunction with the survey, Thomson Reuters also announced enhancements in its Accelus Enterprise GRC software. The latest version contains improved configuration options to enable firms to more effectively address the requirements of integrating governance, risk and compliance with risk management and compliance and policy management to meet the changing demands of their business.

Smart Forms capabilities have been expanded to enable firms to configure and design forms with specific fields and layout options that will optimize the experience of users within the organization. Panel Editing features have also been introduced to allow users to enter or update information in a grid formatted panel, to allow them to add or update information for a number of records without needing to navigate to each specific record form.

A full copy of the report can be downloaded at: http://accelus.thomsonreuters.com/StateofInternalAudit.

For reprint and licensing requests for this article, click here.
Audit
MORE FROM ACCOUNTING TODAY