Internal audit leaders cited technology as the main driver of risk to their organizations, especially when it comes to cybersecurity, according to a new survey by the Institute of Internal Auditors.
The
"We consistently hear from our members that technology is the No. 1 driver of risk in today's increasingly complex business landscape, across organizations of all shapes and sizes," said IIA president and CEO Anthony Pugliese in a statement. "Modern business is more technology-reliant than at any point in history. Along with the opportunities that accompany rapid growth in artificial intelligence, digital data storage and cryptocurrencies, we see similar growth in risks related to data privacy, cybersecurity and biases in artificial intelligence, to name a few. Internal auditors and organizations around the world recognize that technology is both the single largest driver of both opportunity and risk."
The past 12 months revealed positive trends for budgets and staffing, with overall budget increases outpacing decreases by more than three to one (38% vs 12%), the highest ratio in the IIA Pulse of Internal Audit survey's 15-year history.
Internal staffing budgets increased for 45% of audit functions. Professional development budgets grew for 21% of functions, a significant increase compared with 8% last year. Travel budgets rose for 24% of audit functions, compared to only 4% last year, indicating a continued return to on-site visits after the outbreak of the COVID-19 pandemic.
This year, the survey asked chief audit executives about the frequency of their audits. Nearly 70% of audit functions review high-risk areas such as cybersecurity and IT annually or continuously. Also new this year, CAEs were asked to identify which risks they consider when conducting audit engagements in general. The responses revealed that auditors often take a holistic approach and consider a wide range of issues. Fraud (90%) was the most frequently cited consideration, followed by IT (80%), cybersecurity (66%), and governance and culture (65%). The survey found that 22% of respondents considered sustainability risks, reflecting both the increased importance of environmental issues and their potential for extra scrutiny.
The IIA has also been
"Our CIA market study is actually looking at do we need to change our credential?" Pugliese said at the conference Monday. "Are we seeing waning interest in the credential by virtue of its design, or its content or anything? What do we need to do to pick the numbers up, because a lot of professional associations are changing their credentials to be either more tech heavy, to be more suited for things like micro credentialing, to be more option driven. You don't have a one size fits all to take a test and get a certain credential. We need to make sure that we are ahead of the curve on all of that. We've launched a study, and we want to gain greater insight into the current market for IAP and CIA credentials around the world. There are lots of nuances to that. We offer the exam in many languages. But we are getting a lot of feedback. We have to evaluate the alignment of the certification program design and features, with not just the needs of people taking the test right now, but with the next generation to come, looking at the learning trends and training trends of people who have not yet become ready to take the CIA exam."
Protiviti survey
Separately, the consulting firm Protiviti released its own
"In a tight labor market, the internal audit function has not been spared in the war for talent, especially with heightening expectations of internal audit functions related to innovation, transformation and other hot topics," said Andrew Struthers-Kennedy, global leader of Protiviti's internal audit and financial advisory practice, in a statement. "This talent shortage comes as internal audit is expected to take on a greater role in helping companies navigate choppy waters created by changing risks, emerging regulations and shifts in business priorities. It's vital that audit leaders develop strategies to attract, retain and train qualified people while keeping their foot on the gas when it comes to evolving their function and maximizing their relevance for the future."
The Protiviti survey of 573 executives, including CAEs, audit directors and managers across industries globally, found that the most acute talent shortages occur in high-interest areas of machine learning and AI, with only 31% of CAEs and directors of auditing expressing confidence that they have access to enough people with the necessary talent and skills. A majority of the organizations surveyed believe they lack the necessary talent in assurance, dynamic risk assessment, continuous monitoring and process mining. The rapid, continual pursuit of data and technology abilities, across all industries and organization types, has intensified competition for tech-savvy talent, along with the need to upskill or retrain internal auditors.
Apart from recruiting, upskilling and retaining talent, 36% of the surveyed CAEs and directors of auditing pointed to the rising cost of wages as a top concern for internal audit organizations today, and 34% cited the challenges of building and maintaining a culture focused on delivering relevance and value amid hybrid and remote working models.
For the survey respondents, training and developing staff was the most-cited strategy for securing talent and skills. There's a disconnect, though, as the organizations reporting the highest levels of next-generation internal audit maturity have pursued alternative strategies to gain access to talent, including co-sourcing arrangements and rotational and guest auditor programs, as a crucial supplement to their hiring and training activities.
Within many internal audit organizations, the use of co-sourcing is rising in an effort to secure external resources and improve the internal team. That's particularly true for hard-to-find technology skill sets.
